[cisco-bba] [QUAR] RE: stranded sessions
Bryan Campbell
bbc at misn.com
Mon Feb 11 17:00:19 EST 2008
The keepalive fixed it.
ac(config-if)#keepalive ?
<0-32767> Keepalive period (default 10 seconds)
<cr>
And, I set the sessions per-mac limit to "1".
But, one of the things that kind of caught us off-guard was the sessions
per-vlan limit. If sessions per-vlan is left unset, it defaults to a
value of 100. In our environment, that doesn't work. We have 150-250
sessions per vlan. So, you must set sessions per-vlan to something
arbitrarily high so that you will not run afoul of the default limit.
Now, we are happily running 800 plus sessions on the new access
concentrator running a load of 6-8. FYI - We are running
c7200p-advipservicesk9-mz.124-11.T2 on a 7206 VXR with an NPE-G2.
ac#show pppoe summary
PTA : Locally terminated sessions
FWDED: Forwarded sessions
TRANS: All other sessions (in transient state)
TOTAL PTA FWDED TRANS
TOTAL 829 829 0 0
GigabitEthernet0/2 829 829 0 0
Bryan -
bbc at misn.com
Frank Bulk wrote:
> What's the recommended keepalive value? I set it for 30 minutes right now.
>
> What I'm seeing from a handful of PPPoE clients are reconnects for no
> apparently physical reason. Could that be related in any kind of way to the
> lack of a keepalive value?
>
> Frank
>
> -----Original Message-----
> From: cisco-bba-bounces at puck.nether.net
> [mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Tassos
> Chatzithomaoglou
> Sent: Monday, February 11, 2008 2:26 AM
> To: Bryan Campbell
> Cc: akiramot at cisco.com; cisco-bba at puck.nether.net
> Subject: Re: [cisco-bba] stranded sessions
>
> You must enable keepalives under the vtemplate, otherwise the router won't
> know it has lost the
> PPPoE session.
>
> Also, some dsl modems send a PADT packet (using their last session id)
> before any PADI, which causes
> the old session to be disconnected.
>
> --
> Tassos
>
>
> Bryan Campbell wrote on 11/2/2008 6:04 πμ:
>
>> The following PPPOE configuration works fine, except for one detail.
>>
>> If a customer unplugs their router, it strands a session and IP address.
>> If I add the mac address session limit, it will limit the number of
>> sessions and then not allow any additional connections. But, the
>> sessions are still stuck. If they do not time out (which required a
>> timeout be set), or the sessions are not cleared, the customer will not
>> be able to log back on.
>>
>> The work around was to not limit connections per mac. But, that won't
>> do for long. The IP pools will be exhausted fairly quickly.
>>
>> I cannot imagine that Cisco doesn't have a knob that can be set which
>> will clear stranded PPPoE sessions, or at least disconnect the previous
>> session to the same MAC. But, I am unaware of how this is accomplished
>> with BBA on a Cisco.
>>
>> Any ideas?
>>
>> bbc at misn.com
>>
>>
>> aaa new-model
>> !
>> aaa authentication ppp default local group radius
>> aaa authorization network default local group radius none
>> aaa accounting delay-start
>> aaa accounting network default start-stop group radius
>> !
>> aaa session-id common
>> . . .
>> bba-group pppoe global
>> virtual-template 1
>> ac name DSL
>> sessions per-mac throttle 100 30 3600
>> sessions auto cleanup
>> !
>> bba-group pppoe DSL
>> virtual-template 1
>> sessions per-mac throttle 100 30 3600
>> sessions auto cleanup
>> . . .
>> interface GigabitEthernet0/2
>> no ip address
>> duplex auto
>> speed auto
>> media-type rj45
>> negotiation auto
>> !
>> interface GigabitEthernet0/2.2
>> encapsulation dot1Q 2
>> pppoe enable group DSL
>> . . .
>> interface Virtual-Template1
>> ip unnumbered Loopback1
>> no logging event link-status
>> peer default ip address pool pool1-1 default
>> no keepalive
>> ppp authentication pap
>> ppp ipcp dns Y.Y.Y.Y Z.Z.Z.Z
>> ppp ipcp address required
>> ppp ipcp address unique
>> !
>> ip local pool default X.X.X.49 X.X.X.62
>> ip local pool default X.X.Y.1 X.X.Y.250
>> ip local pool default X.X.Z.1 X.X.Z.250
>> !
>> ip radius source-interface Loopback1
>> !
>> radius-server attribute 8 include-in-access-req
>> radius-server attribute nas-port format d
>> radius-server host X.X.X.X auth-port 1645 acct-port 1646
>> radius-server key 7 XXXXXXXXXXXX
>> radius-server vsa send accounting
>> radius-server vsa send authentication
>> _______________________________________________
>> cisco-bba mailing list
>> cisco-bba at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-bba
>>
>>
> _______________________________________________
> cisco-bba mailing list
> cisco-bba at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-bba
>
>
>
More information about the cisco-bba
mailing list