[cisco-nas] routing problems on 3640 terminating l2tp tunnels todsl users

Dennis Peng dpeng at cisco.com
Wed Nov 5 19:40:04 EST 2003 

Dave [Hawk-Systems] [dave at hawk-systems.com] wrote:
> any takers on this?
> 
> -----Original Message-----
> 
> have a 3640 which terminates a number of l2tp tunnels from bell.  DSL
> connections from their redbacks are piped over these tunnels to the router.
> Connections are made fine, RADIUS responds with teh IP address assignment,
> assigned to the virtual interface, and our test user is connected to the
> internet happily.
> 
> We are having a problem every X number of hours, the routing simply drops for
> that user.  We can still log into the router

the router, meaning the LNS?

> and access it remotely, but it is answering on another IP block.

You mean you can ping the user from the LNS? And what do you mean by
it is answering on another IP block. Could you make the example more
concrete?

> from the router, we can ping the gateway for the block, and we can ping the end
> user modem IP.

Is the user's modem the gateway for the block? 

> from the internet we can ping the gateway ip for the block, but cannot ping the
> modem.
> 
> user still shows as connected, sh int looks pristine, and if we dump the user
> (cleat int virtual #), or if the user reboots the modem, the user reconnects and
> routes again in most cases.

Is the route for the user/subnet in the routing table? 

Dennis

> we have tested the DSL modem with another DSL provider, and it performs
> normally.
> 
> attached is the config, slightly sanitized, with some tunnels and such removed
> to make for a shorter email.
> 
> would appreciate any comments, corrections, or caveats with usage, IOS version,
> anyting that might be contributing to this annoying little problem.
> 
> thanks
> 
> Dave
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> IP Information
> we have two IP subnets allocated to us from the datacenter, along with the
> gatewat IP addresses for each that the datacenter has in place for each IP
> address.
> IP Block 1 - Equipment/Use
> 	Network: 66.199.141.32	255.255.255.240
> 	Gateway: 66.199.141.33
> 	We have a switch b/t router the internet with IP .34
> 	router is assigned .35, which is how we connect remotely
> 
> IP Block 2 - DSL/LANex Users
> 	Network: 69.28.227.0	255.255.255.128
> 	Gateway: 69.28.227.1
> 
> 
> rtr1#sh ver
> rtr1 uptime is 4 days, 23 hours, 1 minute
> System returned to ROM by reload
> System restarted at 19:08:27 EST Wed Oct 29 2003
> System image file is "flash:c3640-jk9o3s-mz.122-19.bin"
> 
> <cisco copyright/crypto notices clipped>
> 
> cisco 3640 (R4700) processor (revision 0x00) with 125952K/5120K bytes of memory.
> Processor board ID 14827691
> R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
> Bridging software.
> X.25 software, Version 3.0.0.
> SuperLAT software (copyright 1990 by Meridian Technology Corp).
> TN3270 Emulation software.
> 2 FastEthernet/IEEE 802.3 interface(s)
> DRAM configuration is 64 bits wide with parity disabled.
> 125K bytes of non-volatile configuration memory.
> 16384K bytes of processor board System flash (Read/Write)
> 
> Configuration register is 0x2102
> 
> rtr1#sh run
> Building configuration...
> 
> Current configuration : 15170 bytes
> !
> ! Last configuration change at 13:40:01 EST Mon Nov 3 2003 by user
> ! NVRAM config last updated at 13:40:02 EST Mon Nov 3 2003 by user
> !
> version 12.2
> service timestamps debug datetime
> service timestamps log datetime
> service password-encryption
> no service dhcp
> !
> hostname rtr1
> !
> boot system flash:c3640-jk9o3s-mz.122-19.bin
> logging buffered 12000 debugging
> aaa new-model
> aaa authentication login default local
> aaa authentication login no_radius enable
> aaa authentication ppp default group radius local
> aaa authentication ppp vpdn group radius
> aaa authorization network default group radius
> aaa authorization network vpdn group radius
> aaa accounting network default start-stop group radius
> aaa accounting network vpdn start-stop group radius
> enable password 7 XXXXXXXXXXXXXXXXXXXX
> !
> username user password 7 XXXXXXXXXXXXXXXXXXXX
> clock timezone EST -5
> clock summer-time EDT recurring
> ip subnet-zero
> !
> !
> no ip domain-lookup
> ip host sw1 66.199.141.34
> ip name-server XXX.XXX.XXX.XX
> ip name-server XXX.XXX.XXX.XX
> !
> ip audit notify log
> ip audit po max-events 100
> vpdn enable
> !
> vpdn-group 1
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>  terminate-from hostname nexxia3
>  local name someuser
>  lcp renegotiation always
>  l2tp tunnel password 7 XXXXXXXXXXXXXXXX
> !
> vpdn-group 100
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>  terminate-from hostname nexxia100
>  local name someuser
>  lcp renegotiation always
>  l2tp tunnel password 7 XXXXXXXXXXXXXXXXXXXX
> !
> ! REMOVED A BUNCH MORE OF THESE FOR THE VARIOUS LOCATIONS
> !
> !
> no call rsvp-sync
> !
> !
> !
> !
> !
> !
> !
> !
> interface Loopback1
>  ip address 69.28.227.1 255.255.255.128
> !
> interface FastEthernet3/0
>  description physical connection to Internet
>  ip address 66.199.141.35 255.255.255.240
>  speed 100
>  full-duplex
> !
> interface FastEthernet3/1
>  description endpoint for DSL customers
>  no ip address
>  no ip route-cache
>  no ip mroute-cache
>  speed 100
>  full-duplex
>  no cdp enable
> !
> interface FastEthernet3/1.93
>  description nexxia somelocation 91-105
>  encapsulation isl 361
>  ip address 10.20.109.97 255.255.255.224
>  no ip redirects
>  no ip route-cache
>  no ip mroute-cache
>  no cdp enable
> !
> ! DELETED A NUMBER OF OTHER FE3/1.## INTERFACES FOR OTHER LOCATIONS
> !
> interface Virtual-Template1
>  ip unnumbered Loopback1
>  peer default ip address pool COMP-hs
>  ppp authentication pap chap
>  ppp ipcp mask 255.255.255.128
> !
> ip local pool COMP-hs 69.28.227.2 69.28.227.126
> ip classless
> ip route 0.0.0.0 0.0.0.0 66.199.141.33
> ip route 69.28.227.0 255.255.255.128 FastEthernet3/1
> no ip http server
> !
> !
> !
> radius-server host XXX.XXX.XXX.XX auth-port 1645 acct-port 1646
> radius-server key 7 XXXXXXXXXXXXXXXXXXXXXXXXX
> !
> dial-peer cor custom
> !
> !
> line con 0
>  stopbits 1
> line aux 0
> line vty 0 4
>  session-timeout 30
> line vty 5 15
> !
> ntp broadcastdelay 1
> ntp clock-period 17179910
> ntp server XXX.XXX.XXX.XX prefer
> end
> 
> rtr1#
> 
> 
> 
> _______________________________________________
> cisco-nas mailing list
> cisco-nas at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nas

More information about the cisco-nas mailing list