[cisco-bba] LNS Error on Cisco ASR 1004
Tony
td_miles at yahoo.com
Thu Jan 3 21:06:02 EST 2013
Hi Dominic,
You say that it works if you connect different CPE (eg. 1841) up, but not some others. Perhaps you should look at it from the other end and do a "debug ppp negotiation" (or similar) from a CPE that works and one that doesn't work. This might give you some more insight into what the problem is. Perhaps it is something that the CPE is trying to negotiate that is forcing the ASR's hand.
I saw this thread in a quick search:
https://supportforums.cisco.com/thread/2146819
where the problem was this attribute "Framed-Compression := Van-Jacobsen-TCP-IP", so it can really be any attribute that the ASR doesn't like, you just need to narrow down to what it is.
regards,
Tony.
>________________________________
> From: Dominic <dominic at broadconnect.ca>
>To: cisco-bba at puck.nether.net
>Sent: Thursday, 3 January 2013 10:21 AM
>Subject: [cisco-bba] LNS Error on Cisco ASR 1004
>
>
>LNS Error on Cisco ASR 1004
>Happy New Year everyone!
>We currently use Cisco 7206 LNS(es). Everything works great. But we are now looking to migrate LNS functions from the 7206 to an ASR 1004. Thought it would be a straightforward thing, but for some reason, the ASR keeps barking up this error:
>"%FMANRP_ESS-4-FULLVAI: Session creation failed due to Full Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and RADIUS features support Virtual-Access sub-interfaces. swidb=
>0x7FEDB5942B98, ifnum= 37"
>The funny thing is, if the CPE is a Cisco 1841, the pppoe negotiation is successfully negotiated, and everything works great. If some other CPE however, we end up with the above error.
>Any idea what we are doing wrong?
>1. Here is the relevant cisco config on the ASR -
>aaa new-model
>aaa group server radius adslRADIUS
> server x.x.xx.60 auth-port 1812 acct-port 1813
> server x.x.50.xx auth-port 1812 acct-port 1813
> deadtime 15
>!
>aaa authentication login default local
>aaa authentication ppp hawVPDN group adslRADIUS
>aaa authorization network hawVPDN group adslRADIUS
>aaa authorization auth-proxy default group adslRADIUS
>aaa accounting delay-start
>aaa accounting update periodic 5
>!
>sgbp group bondadsl
>sgbp member lns2-dsl x.x.xx.243
>sgbp member lns1-dsl x.x.xx.242
>sgbp member Aggr.RT2 x.x.xx.232
>!
>virtual-profile virtual-template 1
>!
>multilink virtual-template 1
>multilink bundle-name authenticated
>vpdn enable
>vpdn multihop
>vpdn logging
>vpdn logging user
>vpdn logging tunnel-drop
>vpdn history failure table-size 50
>!
>vpdn-group adsl-ADSL
> ! Default L2TP VPDN group
> accept-dialin
> protocol l2tp
> virtual-template 1
> lcp renegotiation always
> l2tp tunnel password 7 xxxxxxxxxxxx
> ip pmtu
> ip mtu adjust
>
>!
>interface Virtual-Template1
> description adsl-ADSL-STATIC
> mtu 1492
> ip unnumbered GigabitEthernet0/2/0.34
> no ip redirects
> no ip proxy-arp
> ip verify unicast reverse-path
> ip tcp adjust-mss 1420
> no logging event link-status
> no peer default ip address
> ppp mtu adaptive
> ppp authentication pap hawVPDN
> ppp authorization hawVPDN
> ppp accounting hawVPDN
> ppp chap refuse
> ppp ipcp dns xx.xx.xx.234 xx.xx.xx.235
> ppp multilink
>!
>radius-server host x.x.xx.60 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxx
>radius-server host x.x.xx.61 auth-port 1812 acct-port 1813 key 7 xxxxxxxxxxx
>radius-server retransmit 1
>
>------------------------
>2. Here are the attributes from the radius server:
>----------------------
>mysql> select * from radgroupreply where GroupName = 'telco1-pppoe-static' ;
>+-----+--------------------+------------------------+----+--------------------------------
>---------------------------+
>| id | GroupName | Attribute | op | Value
> |
>+-----+--------------------+------------------------+----+--------------------------------
>| 60 | telco1-pppoe-static | Service-Type | := | Framed-User |
>| 61 | telco1-pppoe-static | Framed-Protocol | := | PPP
>| 62 | telco1-pppoe-static | Framed-IP-Netmask | := | 255.255.255.255
>| 65 | telco1-pppoe-static | Tunnel-Server-Endpoint | += | :3:xx.xx.xx.171
>| 66 | telco1-pppoe-static | Tunnel-Server-Endpoint | += | :2:xx.xx.xx.172
>| 67 | telco1-pppoe-static | Tunnel-Password | += | :1:xxx.XXTxxx
>| 68 | telco1-pppoe-static | Tunnel-Password | += | :2:xxx.XXTxxx
>| 69 | telco1-pppoe-static | Tunnel-Preference | += | :1:10
>| 70 | telco1-pppoe-static | Tunnel-Preference | += | :2:10
> | 71 | telco1-pppoe-static | Tunnel-Medium-Type | += | :1:IP
> | 72 | telco1-pppoe-static | Tunnel-Type | += | :1:L2TP
>| 73 | telco1-pppoe-static | Tunnel-Medium-Type | += | :2:IP
>| 74 | telco1-pppoe-static | Tunnel-Type | += | :2:L2TP
>| 123 | telco1-pppoe-static | Cisco-Avpair | += | interface-config=ppp ipcp dns xx.xx.xx.234 xx.xx.xx.235 |
>| 127 | telco1-pppoe-static | Tunnel-Server-Endpoint | += | :1:xx.xx.xx.170
>| 128 | telco1-pppoe-static | Tunnel-Preference | += | :3:10
>| 129 | telco1-pppoe-static | Tunnel-Type | += | :3:L2TP
>| 130 | telco1-pppoe-static | Tunnel-Medium-Type | += | :3:IP
>| 131 | telco1-pppoe-static | Tunnel-Password | += | :3:xxx.XXTxxx
>---------------------------+
>19 rows in set (0.00 sec)
>mysql>
>_______________________________________________
>cisco-bba mailing list
>cisco-bba at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-bba
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20130103/6e1cd0bc/attachment-0001.html>
More information about the cisco-bba
mailing list