[cisco-bba] [QUAR] RE: stranded sessions

Bryan Campbell bbc at misn.com
Mon Feb 11 17:00:19 EST 2008


The keepalive fixed it.

ac(config-if)#keepalive ?
  <0-32767>  Keepalive period (default 10 seconds)
  <cr>

And, I set the sessions per-mac limit to "1". 

But, one of the things that kind of caught us off-guard was the sessions 
per-vlan limit.  If sessions per-vlan is left unset, it defaults to a 
value of 100.  In our environment, that doesn't work.  We have 150-250 
sessions per vlan.  So, you must set sessions per-vlan to something 
arbitrarily high so that you will not run afoul of the default limit.

Now, we are happily running 800 plus sessions on the new access 
concentrator running a load of 6-8.  FYI - We are running 
c7200p-advipservicesk9-mz.124-11.T2 on a 7206 VXR with an NPE-G2.

ac#show pppoe summary
    PTA  : Locally terminated sessions
    FWDED: Forwarded sessions
    TRANS: All other sessions (in transient state)

                      TOTAL     PTA   FWDED   TRANS
TOTAL                   829     829       0       0
GigabitEthernet0/2      829     829       0       0

Bryan -
bbc at misn.com



Frank Bulk wrote:
> What's the recommended keepalive value?  I set it for 30 minutes right now.
>
> What I'm seeing from a handful of PPPoE clients are reconnects for no
> apparently physical reason.  Could that be related in any kind of way to the
> lack of a keepalive value?
>
> Frank
>
> -----Original Message-----
> From: cisco-bba-bounces at puck.nether.net
> [mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Tassos
> Chatzithomaoglou
> Sent: Monday, February 11, 2008 2:26 AM
> To: Bryan Campbell
> Cc: akiramot at cisco.com; cisco-bba at puck.nether.net
> Subject: Re: [cisco-bba] stranded sessions
>
> You must enable keepalives under the vtemplate, otherwise the router won't
> know it has lost the
> PPPoE session.
>
> Also, some dsl modems send a PADT packet (using their last session id)
> before any PADI, which causes
> the old session to be disconnected.
>
> --
> Tassos
>
>
> Bryan Campbell wrote on 11/2/2008 6:04 πμ:
>   
>> The following PPPOE configuration works fine, except for one detail.
>>
>> If a customer unplugs their router, it strands a session and IP address.
>>   If I add the mac address session limit, it will limit the number of
>> sessions and then not allow any additional connections.  But, the
>> sessions are still stuck.  If they do not time out (which required a
>> timeout be set), or the sessions are not cleared, the customer will not
>> be able to log back on.
>>
>> The work around was to not limit connections per mac.  But, that won't
>> do for long.  The IP pools will be exhausted fairly quickly.
>>
>> I cannot imagine that Cisco doesn't have a knob that can be set which
>> will clear stranded PPPoE sessions, or at least disconnect the previous
>> session to the same MAC.  But, I am unaware of how this is accomplished
>> with BBA on a Cisco.
>>
>> Any ideas?
>>
>> bbc at misn.com
>>
>>
>> aaa new-model
>> !
>> aaa authentication ppp default local group radius
>> aaa authorization network default local group radius none
>> aaa accounting delay-start
>> aaa accounting network default start-stop group radius
>> !
>> aaa session-id common
>> . . .
>> bba-group pppoe global
>>   virtual-template 1
>>   ac name DSL
>>   sessions per-mac throttle 100 30 3600
>>   sessions auto cleanup
>> !
>> bba-group pppoe DSL
>>   virtual-template 1
>>   sessions per-mac throttle 100 30 3600
>>   sessions auto cleanup
>> . . .
>> interface GigabitEthernet0/2
>>   no ip address
>>   duplex auto
>>   speed auto
>>   media-type rj45
>>   negotiation auto
>> !
>> interface GigabitEthernet0/2.2
>>   encapsulation dot1Q 2
>>   pppoe enable group DSL
>> . . .
>> interface Virtual-Template1
>>   ip unnumbered Loopback1
>>   no logging event link-status
>>   peer default ip address pool pool1-1 default
>>   no keepalive
>>   ppp authentication pap
>>   ppp ipcp dns Y.Y.Y.Y Z.Z.Z.Z
>>   ppp ipcp address required
>>   ppp ipcp address unique
>> !
>> ip local pool default X.X.X.49 X.X.X.62
>> ip local pool default X.X.Y.1 X.X.Y.250
>> ip local pool default X.X.Z.1 X.X.Z.250
>> !
>> ip radius source-interface Loopback1
>> !
>> radius-server attribute 8 include-in-access-req
>> radius-server attribute nas-port format d
>> radius-server host X.X.X.X auth-port 1645 acct-port 1646
>> radius-server key 7 XXXXXXXXXXXX
>> radius-server vsa send accounting
>> radius-server vsa send authentication
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
>>
>>     
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
>
>   


More information about the cisco-bba mailing list