[cisco-bba] trouble when a lot of users try and log on

Frank Bulk frnkblk at iname.com
Mon Oct 6 17:01:02 EDT 2008


We had a something similar problem a few months ago with 12.2(26) where when
an OC-3 dropped only 75% of our 2400 connections came back in.  

I wrote it up here:
http://www.gossamer-threads.com/lists/cisco/bba/91052

Frank

-----Original Message-----
From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Wayne Lee
Sent: Monday, October 06, 2008 7:08 AM
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] trouble when a lot of users try and log on

HI

Whenever our L2TP provider has any problems and they drop our link and
the 1500 or so L2TP / ADSL connections we have trouble when they all
try and log on again, so far the only way we have managed to get
through this is to restart the radius daemon on rad 1 after 200 logins
or so.

We are running a 7206vxr (g1) with 1gig of mem, pre-clone is set for
1500 sessions and we get the below error in the radius logs on rad 2

Error: Dropping duplicate authentication packet from client Cisco-LNS

We are currently running a old version of ICradius (on both) but we
are in the process of migrating to Freeradius, both radius servers are
using a MySQL backend. We don't see any load on the sql DB or radius
servers but the CPU is high on the router. Would this be a radius
problem or a LNS problem?.

The setup looks like this

Provider ------> Rad1 -----------> Provider --------> LNS ---------> Rad2

Rad 1 allows all users and only sends back Tunnel Server endpoint IP
Rad 2 does final auth and any other attributes like static IP and accounting


Thanks in advance for any help or pointers in debugging this.

Wayne
_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba



More information about the cisco-bba mailing list