[cisco-bba] LNS Error on Cisco ASR 1004
Christoph Loibl
cl at sil.at
Thu Jan 3 02:40:26 EST 2013
Hi Dominic,
On Jan 3, 2013, at 1:21 AM, "Dominic" <dominic at broadconnect.ca> wrote:
> "%FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb=
>
> 0x7FEDB5942B98, ifnum= 37"
>
>
> The funny thing is, if the CPE is a Cisco 1841, the pppoe negotiation is successfully negotiated, and everything works great. If some other CPE however, we end up with the above error.
>
> Any idea what we are doing wrong?
Some features you use may require a Full Virtual-Access to be created on the ASR which is, as far as I know, not supported on the ASR1k. Additionally some attributes sent by the radius may force the ASR to create a full Va. (Cisco-AVPair Interface-config is my first guess)
Is radius authentication performed and does the error appear _after_ the authentication during setup of the channel? If yes, try removing the following attribute from your tunnel configuration:
| 123 | telco1-pppoe-static | Cisco-Avpair | += | interface-config=ppp ipcp dns xx.xx.xx.234 xx.xx.xx.235 |
^^^^ (By the way: Does this attribute really make sense/matter at all? When you forward the session to a remote LAC IPCP is performed by the remote LAC not the LNS itself)
You may also try to add the following configuration line on the LNS:
aaa policy interface-config allow-subinterface
And/or add the following to the response attributes of that particular user on the radius:
Cisco-Avpair += lcp:interface-config=allow-subinterface=yes
Best regards
Christoph
--
SILVER SERVER \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ \\\\\\ \\ \
Ing Christoph Loibl, MSc <cl at sil.at> Senior Network Engineer
CL8-RIPE http://www.sil.at
More information about the cisco-bba
mailing list