[cisco-bba] trouble when a lot of users try and log on

Wayne Lee linkconnect at googlemail.com
Mon Oct 6 08:07:56 EDT 2008


HI

Whenever our L2TP provider has any problems and they drop our link and
the 1500 or so L2TP / ADSL connections we have trouble when they all
try and log on again, so far the only way we have managed to get
through this is to restart the radius daemon on rad 1 after 200 logins
or so.

We are running a 7206vxr (g1) with 1gig of mem, pre-clone is set for
1500 sessions and we get the below error in the radius logs on rad 2

Error: Dropping duplicate authentication packet from client Cisco-LNS

We are currently running a old version of ICradius (on both) but we
are in the process of migrating to Freeradius, both radius servers are
using a MySQL backend. We don't see any load on the sql DB or radius
servers but the CPU is high on the router. Would this be a radius
problem or a LNS problem?.

The setup looks like this

Provider ------> Rad1 -----------> Provider --------> LNS ---------> Rad2

Rad 1 allows all users and only sends back Tunnel Server endpoint IP
Rad 2 does final auth and any other attributes like static IP and accounting


Thanks in advance for any help or pointers in debugging this.

Wayne


More information about the cisco-bba mailing list