[cisco-bba] 7204vxr as LNS - provider is LAC

Gary T. Giesen ggiesen+cisco-bba at giesen.me
Wed Aug 5 17:06:11 EDT 2015 

Nathan,

 

In my experience it’s best to stuff the interfaces facing the provider in a VRF, and point a default route out to their gateway. This way if they add new routes in the future (for new LACs), you don’t need to make any changes. This also works very well when you have multiple loop providers that use private address ranges for their LAC networks, as it ensures you don’t have any conflicts with your routing.

 

One provider in particular up here in Canuckistan likes to add new LAC subnets without telling anyone, then migrate customers to new LACs on these subnets and leave the ISPs to figure out why hundreds or thousands of their customers are down.

 

Cheers,


GTG

 

From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Nathan Downes
Sent: July 31, 2015 6:49 PM
To: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC

 

Hi Wayne,

 

Thankyou we have progress!!! This shows how laziness causes problems later, when we setup the call termination service 3 years ago I had to specifically route 2 ranges through a private lan.

 

202.10.4.0/28

202.10.4.16/28

 

Stupid me decided to be lazy and do the below on our core switch the 7204vxr connects to save typing both out

 

ip route 202.10.4.0 255.255.255.0 10.239.238.121

 

turns out they use 202.10.4.128/25 for the LACs across all the states..

 

Fixed the above and I can at least ping it now J

 

Sending 5, 100-byte ICMP Echos to 202.10.4.147, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

 

Tunnel wont attempts again until modem tries connecting to LAC, it slows down reattempts as time goes on, seeing if I can get it restarted.  We have progress!

 

 

From: Wayne Lee [mailto:linkconnect at googlemail.com] 
Sent: Friday, 31 July 2015 8:47 PM
To: Nathan Downes <nathandownes at hotmail.com>
Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC

 

How are you getting back to 202.10.4.147

 

You will need a route back to the tunnel sources 

 

On 31 July 2015 at 11:38, Nathan Downes <nathandownes at hotmail.com> wrote:

Hi James,

I thought that solved it, I didn't have a source-ip set so I set source-ip
to .29 but it still appears to fail due to unreachable .28??

http://pastebin.com/h0cagDPk

>From what I gather I get the SCCRQ and for some reason a SCCRP is not making
it back, then tunnel is killed.




-----Original Message-----
From: cisco-bba [mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of
James Bensley
Sent: Friday, 31 July 2015 7:49 PM
To: cisco-bba at puck.nether.net
Subject: Re: [cisco-bba] 7204vxr as LNS - provider is LAC

Hi Nathan,

Have you made a configruation mistake in your VPDN group maybe?
Perhaps you can share your config, that is always helpful.

You have this in your logs:


Jul 31 18:22:04.352: L2TP tnl   08060:________:     remote ip set to
202.10.4.147
Jul 31 18:22:04.352: L2TP tnl   08060:________:     local ip set to
203.111.114.28
...
Jul 31 18:22:04.352: L2TP tnl   08060:00003A1E:     local ip set to
203.111.114.29

Then this:

Jul 31 18:22:11.348: L2TP       _____:________: I StopCCN, flg TLS,
ver 2, len 75
...
Jul 31 18:22:11.352: L2TP       _____:________:        "203.111.114.28
is unreachable"
....
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E: Shutting down tunnel
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:   Result Code
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:     General error -
refer to error code
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:   Error Code
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:     Vendor specific
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:   Vendor Error
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:     Tunnel shut
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:   Optional Message
Jul 31 18:22:11.352: L2TP tnl   08060:00003A1E:     "203.111.114.28 is
unreachable"

Have you got a mismatch between you "source-ip" on the VPDN group and actual
interface IP?

Cheers,
James.
_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba
_______________________________________________
cisco-bba mailing list
cisco-bba at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-bba

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-bba/attachments/20150805/599700cc/attachment.html>

More information about the cisco-bba mailing list