[cisco-nas] routing problems on 3640 terminating l2tp tunnels to dsl users

Dave [Hawk-Systems] dave at hawk-systems.com
Mon Nov 3 18:35:43 EST 2003


have a 3640 which terminates a number of l2tp tunnels from bell.  DSL
connections from their redbacks are piped over these tunnels to the router.
Connections are made fine, RADIUS responds with teh IP address assignment,
assigned to the virtual interface, and our test user is connected to the
internet happily.

We are having a problem every X number of hours, the routing simply drops for
that user.  We can still log into the router and access it remotely, but it is
answering on another IP block.

from the router, we can ping the gateway for the block, and we can ping the end
user modem IP.
from the internet we can ping the gateway ip for the block, but cannot ping the
modem.

user still shows as connected, sh int looks pristine, and if we dump the user
(cleat int virtual #), or if the user reboots the modem, the user reconnects and
routes again in most cases.

we have tested the DSL modem with another DSL provider, and it performs
normally.

attached is the config, slightly sanitized, with some tunnels and such removed
to make for a shorter email.

would appreciate any comments, corrections, or caveats with usage, IOS version,
anyting that might be contributing to this annoying little problem.

thanks

Dave

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
IP Information
we have two IP subnets allocated to us from the datacenter, along with the
gatewat IP addresses for each that the datacenter has in place for each IP
address.
IP Block 1 - Equipment/Use
	Network: 66.199.141.32	255.255.255.240
	Gateway: 66.199.141.33
	We have a switch b/t router the internet with IP .34
	router is assigned .35, which is how we connect remotely

IP Block 2 - DSL/LANex Users
	Network: 69.28.227.0	255.255.255.128
	Gateway: 69.28.227.1


rtr1#sh ver
rtr1 uptime is 4 days, 23 hours, 1 minute
System returned to ROM by reload
System restarted at 19:08:27 EST Wed Oct 29 2003
System image file is "flash:c3640-jk9o3s-mz.122-19.bin"

<cisco copyright/crypto notices clipped>

cisco 3640 (R4700) processor (revision 0x00) with 125952K/5120K bytes of memory.
Processor board ID 14827691
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
2 FastEthernet/IEEE 802.3 interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

rtr1#sh run
Building configuration...

Current configuration : 15170 bytes
!
! Last configuration change at 13:40:01 EST Mon Nov 3 2003 by user
! NVRAM config last updated at 13:40:02 EST Mon Nov 3 2003 by user
!
version 12.2
service timestamps debug datetime
service timestamps log datetime
service password-encryption
no service dhcp
!
hostname rtr1
!
boot system flash:c3640-jk9o3s-mz.122-19.bin
logging buffered 12000 debugging
aaa new-model
aaa authentication login default local
aaa authentication login no_radius enable
aaa authentication ppp default group radius local
aaa authentication ppp vpdn group radius
aaa authorization network default group radius
aaa authorization network vpdn group radius
aaa accounting network default start-stop group radius
aaa accounting network vpdn start-stop group radius
enable password 7 XXXXXXXXXXXXXXXXXXXX
!
username user password 7 XXXXXXXXXXXXXXXXXXXX
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
!
!
no ip domain-lookup
ip host sw1 66.199.141.34
ip name-server XXX.XXX.XXX.XX
ip name-server XXX.XXX.XXX.XX
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname nexxia3
 local name someuser
 lcp renegotiation always
 l2tp tunnel password 7 XXXXXXXXXXXXXXXX
!
vpdn-group 100
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname nexxia100
 local name someuser
 lcp renegotiation always
 l2tp tunnel password 7 XXXXXXXXXXXXXXXXXXXX
!
! REMOVED A BUNCH MORE OF THESE FOR THE VARIOUS LOCATIONS
!
!
no call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback1
 ip address 69.28.227.1 255.255.255.128
!
interface FastEthernet3/0
 description physical connection to Internet
 ip address 66.199.141.35 255.255.255.240
 speed 100
 full-duplex
!
interface FastEthernet3/1
 description endpoint for DSL customers
 no ip address
 no ip route-cache
 no ip mroute-cache
 speed 100
 full-duplex
 no cdp enable
!
interface FastEthernet3/1.93
 description nexxia somelocation 91-105
 encapsulation isl 361
 ip address 10.20.109.97 255.255.255.224
 no ip redirects
 no ip route-cache
 no ip mroute-cache
 no cdp enable
!
! DELETED A NUMBER OF OTHER FE3/1.## INTERFACES FOR OTHER LOCATIONS
!
interface Virtual-Template1
 ip unnumbered Loopback1
 peer default ip address pool COMP-hs
 ppp authentication pap chap
 ppp ipcp mask 255.255.255.128
!
ip local pool COMP-hs 69.28.227.2 69.28.227.126
ip classless
ip route 0.0.0.0 0.0.0.0 66.199.141.33
ip route 69.28.227.0 255.255.255.128 FastEthernet3/1
no ip http server
!
!
!
radius-server host XXX.XXX.XXX.XX auth-port 1645 acct-port 1646
radius-server key 7 XXXXXXXXXXXXXXXXXXXXXXXXX
!
dial-peer cor custom
!
!
line con 0
 stopbits 1
line aux 0
line vty 0 4
 session-timeout 30
line vty 5 15
!
ntp broadcastdelay 1
ntp clock-period 17179910
ntp server XXX.XXX.XXX.XX prefer
end

rtr1#




More information about the cisco-nas mailing list