[cisco-bba] cisco-bba] duplicate Vi interfaces on 12.4T(22)]

Mauritz Lewies mauritz at three6five.com
Wed Jun 17 10:15:41 EDT 2009 

 Hi
 
 We're having some weird issues with L2TP terminated links.
 L2TP sessions are being terminated and built correctly from Radius sent
config but in some cases the router allocates a Virtual-Access interface
that is already active.
 
 ----------------------------------------------
 L2TP-DSL-PE2#SHOW VPDn SESS
 
  
 L2TP Session Information Total tunnels 9 sessions 9
 
 
 LocID      RemID      TunID      Username, Intf/      State  Last Chg
Uniq ID   
 
                                 Vcid,
Circuit                                  
 
 4012       49         14211      550-nti-mabo-ad, Vi4 est    00:35:44
38        
 
 4009       33         17734      1-mint-rf at bcs-m, Vi3 est    04:24:19
30        
 
 3987       2355       27602      554-nti-pret-no, Vi6 est    16:38:52
6         
 
 1552       11         30424      1-meib-adsl at bcs, Vi6 est    1d17h
576       
 
 3989       894        31125      551-nti-walt-ad, Vi7 est    09:14:24
13        
 
 4008       11193      48740      553-nti-pret-we, Vi2 est    04:58:10
31        
 
 3986       12         58608      552-nti-baba-ad, Vi4 est    18:02:09
9         
 
 3988       936        62131      1-nap-joha-nel-, Vi2 est    12:42:23
11        
 
 1553       11         64953      1-mark-adsl at bcs, Vi8 est    1d17h
577
 
  
 
 L2TP-DSL-PE2#SHOW INT VIRTual-Access 6
 
 Virtual-Access6 is up, line protocol is up 
 
   Hardware is Virtual Access interface
 
   Description: 554-nti-pret-nort-adsl
 
   Internet address is 172.16.150.154/30
 
   MTU 1452 bytes, BW 1024 Kbit/sec, RxBW 256 Kbit/sec, DLY 100000
usec, 
 
      reliability 255/255, txload 1/255, rxload 1/255
 
   Encapsulation PPP, LCP Open
 
   Open: IPCP
 
   PPPoVPDN vaccess, cloned from AAA, Virtual-Template1
 
   Vaccess status 0x44
 
   Protocol l2tp, tunnel id 27602, session id 3987, loopback not set
 
   Keepalive set (10 sec)
 
   DTR is pulsed for 5 seconds on reset
 
   Last input 00:00:01, output never, output hang never
 
   Last clearing of "show interface" counters 17:49:11
 
   Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
 
   Queueing strategy: fifo
 
   Output queue: 0/40 (size/max)
 
   30 second input rate 0 bits/sec, 0 packets/sec
 
   30 second output rate 0 bits/sec, 0 packets/sec
 
      177636 packets input, 12441878 bytes, 0 no buffer
 
      Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
 
      0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
 
      194012 packets output, 91814604 bytes, 0 underruns
 
      0 output errors, 0 collisions, 0 interface resets
 
      0 unknown protocol drops
 
      0 output buffer failures, 0 output buffers swapped out
 
      0 carrier transitions
 
  
 
  
 
  
 
 L2TP-DSL-PE2#sh l2tun | in Vi6
 
 3987       2355       27602      554-nti-pret-no, Vi6 est    16:45:18
6         
 
 1552       11         30424      1-meib-adsl at bcs, Vi6 est    1d17h
576  
 
  
 
  
 
  
 
  
 
 LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP
Class/
 
                                                            Count VPDN
Group 
 
 27602      17646      554-nti-pret- est    10.205.17.62    1
L2TP           
 
  
 
 LocID      RemID      TunID      Username, Intf/      State  Last Chg
Uniq ID   
 
                                 Vcid,
Circuit                                  
 
 3987       2355       27602      554-nti-pret-no, Vi6 est    16:46:08
6         
 
  
 
 LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP
Class/
 
                                                            Count VPDN
Group 
 
 30424      57600      1-meib        est    10.205.20.23    1
L2TP    

-------------------------------------------------------------------------------
 
 The only way to resolve this is to clear the VPDN session ID.
 
 The router is a 7206 VXR NPE-400 running 12.4T(22) IP base.
 
 ------------------------
 vpdn enable
 vpdn multihop
 vpdn authen-before-forward
 vpdn search-order domain  
 !
 vpdn-group L2TP
 ! Default L2TP VPDN group
 accept-dialin
   protocol l2tp
   virtual-template 1
 lcp renegotiation always
 no l2tp tunnel authentication
 l2tp tunnel timeout no-session 1800
 l2tp tunnel retransmit retries 7
 l2tp tunnel retransmit timeout min 2
 l2tp tunnel retransmit timeout max 5
 !
 interface Virtual-Template1
 description L2TP-TEMPLATE
 mtu 1452
 bandwidth 512
 bandwidth receive 256
 no ip address
 ip tcp adjust-mss 1460
 load-interval 30
 no peer default ip address
 keepalive 10 3
 traffic-shape rate 512000 12800 12800 1000
 ppp mtu adaptive
 ppp authentication chap callin
 !
 radius-server host zzz.zzz.zzz.zzz auth-port 1812 acct-port 1813
 radius-server source-ports extended
 !
 ----------------------------------
 
 Radius example:
 
 ------------------------------------
 test1-l2tp-adsl at test.co.za Auth-Type := Local, Cleartext-Password :=
"testing123"
         Service-Type = Framed-User,
         Framed-IP-Address = 10.250.0.2,
         Cisco-AVPair += "interface-config#1=ip vrf forwarding CustA
",
         Cisco-AVPair += "lcp:interface-config#2=ip address 10.250.0.1
255.255.255.252",
         Cisco-AVPair += "lcp:interface-config#3=decription TEST1 ADSL
Primary",
         Cisco-AVPair += "lcp:interface-config#4=bandwidth 1024",
         Cisco-AVPair += "ip:route=172.16.28.0 255.255.255.0 10.250.0.2"
 --------------------------------------
 
 Has anyone seen similar issues or potential resolutions?
 
 Mauritz Lewies
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20090617/1d21c54d/attachment.html>

More information about the cisco-bba mailing list