[cisco-bba] LNS Error on Cisco ASR 1004

Christoph Loibl cl at sil.at
Thu Jan 3 02:40:26 EST 2013

Hi Dominic,

On Jan 3, 2013, at 1:21 AM, "Dominic" <dominic at broadconnect.ca> wrote:

> "%FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb=
> 0x7FEDB5942B98, ifnum= 37"
> The funny thing is, if the CPE is a Cisco 1841, the pppoe negotiation is successfully negotiated, and everything works great. If some other CPE however, we end up with the above error. 
> Any idea what we are doing wrong?      

Some features you use may require a Full Virtual-Access to be created on the ASR which is, as far as I know, not supported on the ASR1k. Additionally some attributes sent by the radius may force the ASR to create a full Va. (Cisco-AVPair Interface-config is my first guess)

Is radius authentication performed and does the error appear _after_ the authentication during setup of the channel? If yes, try removing the following attribute from your tunnel configuration:

| 123 | telco1-pppoe-static | Cisco-Avpair           | += | interface-config=ppp ipcp dns xx.xx.xx.234 xx.xx.xx.235 |

^^^^ (By the way: Does this attribute really make sense/matter at all? When you forward the session to a remote LAC IPCP is performed by the remote LAC not the LNS itself)

You may also try to add the following configuration line on the LNS:

aaa policy interface-config allow-subinterface

And/or add the following to the response attributes of that particular user on the radius:

Cisco-Avpair += lcp:interface-config=allow-subinterface=yes

Best regards


SILVER SERVER \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\ \\ \
Ing Christoph Loibl, MSc <cl at sil.at>           Senior Network Engineer
CL8-RIPE                                             http://www.sil.at

More information about the cisco-bba mailing list