[cisco-nas] Bonded PPPoE over bridged DSL lines with multilink PPP

Joe Mays jfmays at launchpad.win.net
Mon Mar 21 01:09:50 EDT 2011


Okay, I tried adding "ppp multilink" to the 7200 config


Without it -- 

gw1.armplc#show users
    Line       User       Host(s)              Idle       Location
*  2 vty 0     admin      idle                 00:00:00 admin1.win.net

  Interface    User               Mode         Idle     Peer Address
  Vi2.1        K1.LXFU.396853..SC PPPoE        00:01:32 216.24.35.57
  Vi2.2        quickcash1         PPPoE        00:00:09 216.24.12.100

... and I can ping 216.24.12.100 (the 2620) and telnet to it fine.
With it....

gw1.armplc#show users
    Line       User       Host(s)              Idle       Location
*  2 vty 0     admin      idle                 00:00:00 admin1.win.net

  Interface    User               Mode         Idle     Peer Address
  Vi2.1        K1.LXFU.396853..SC PPPoE        00:00:40 216.24.35.57
  Vi3          quickcash1         PPPoE        00:00:24
  Vi4          quickcash1         MLP Bundle   00:00:24 216.24.12.100

... and 216.24.12.100 does not respond to ping or telnet requests.


----- Original Message ----- 
From: "Vince Mammoliti" <vince at cisco.com>
To: "'Joe Mays'" <jfmays at launchpad.win.net>
Cc: <cisco-nas at puck.nether.net>
Sent: Saturday, March 19, 2011 11:47 AM
Subject: RE: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP


> Joe,
>
>
>
> At a very quick look it looks like you are missing:
>
>
>
> ppp multilink
>
>
>
> on your 7200 config:
>
>
>
> From:
>
> interface Virtual-Template1
>  ip unnumbered FastEthernet1/0.2
>  ip tcp adjust-mss 1360
>  peer default ip address pool pppoepool
>  ppp authentication pap chap
>
>
>
> to:
>
> interface Virtual-Template1
>  ip unnumbered FastEthernet1/0.2
>  ip tcp adjust-mss 1360
>  peer default ip address pool pppoepool
>  ppp authentication pap chap
>
>  ppp multilink
>
>
>
>
>
> Regards,
>
>
>
> Vince
>
>
>
>
>
>
>
>
>
>
>
> From: cisco-nas-bounces at puck.nether.net
> [mailto:cisco-nas-bounces at puck.nether.net] On Behalf Of Joe Mays
> Sent: Saturday, March 19, 2011 3:27 AM
> To: cisco-nas at puck.nether.net
> Subject: [cisco-nas] Bonded PPPoE over bridged DSL lines with
multilink PPP
>
>
>
> Okay. At one end is a 2620 running 12.3(15) IPBase, with a 4NME
card. At the
> other is a 7206. Between them are three DSL lines, all running in
bridged
> mode. Two are bonded together between the DSL modem and the DSLam,
so
> essentially, we have two long Ethernet lines, plugged into ports
ethernet1/0
> and ethernet1/1 on the 2620.
>
>
>
>             /--------C1 ~~~~\
> A ~~~~~~~ B<                 > D
>             \========C2 ~~~~/
>
>
>
>
> A (Cisco 7206, FE2/0)
> B (Zhone Bitstorm)
> ~ (ethernet link)
> - (single DSL line)
> = (bonded DSL lines)
> D (Cisco 2620, 4NME card, E1/0 and E1/1)
>
>
>
> Essentially it all seems to work, turning it up with one port binds
virtual
> access 1 to the multilink PPP connection. But when both ports on
turned up
> on the 2620, it binds the second port, but then the second port
begins to go
> up and down and massive packet loss starts occuring. It's not the
DSL line,
> we tried both lines separately in port 1, but work great. It's not
the port,
> the same problem occurs if we using ethernet1/2 as the second port,
instead
> of E1/1. I was just guessing at the config to make this work and I
may have
> done it completely wrongly.
>
>
>
> Cisco 2620 config....
>
>
>
> Current configuration : 1388 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname Quickcash
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 xxxxxxxx.
> !
> aaa new-model
> !
> !
> aaa authentication login default local
> aaa accounting delay-start
> aaa session-id common
> ip subnet-zero
> ip cef
> !
> !
> !
> vpdn enable
> vpdn ip udp ignore checksum
> !
> vpdn-group 1
>  request-dialin
>   protocol pppoe
> !
> !
> username admin password 0 xxxxxxxx
> !
> !
> !
> interface FastEthernet0/0
>  ip address xxx.24.2.89 255.255.255.248
>  duplex auto
>  speed auto
> !
> interface Ethernet1/0
>  no ip address
>  full-duplex
>  pppoe enable
>  pppoe-client dial-pool-number 1
> !
> interface Ethernet1/1
>  no ip address
>  shutdown
>  full-duplex
>  pppoe enable
>  pppoe-client dial-pool-number 1
> !
> interface Ethernet1/2
>  no ip address
>  shutdown
>  full-duplex
>  pppoe enable
>  pppoe-client dial-pool-number 1
> !
> interface Ethernet1/3
>  no ip address
>  shutdown
>  half-duplex
> !
> interface Dialer1
>  ip address xxx.24.12.100 255.255.255.0
>  ip mtu 1420
>  encapsulation ppp
>  dialer pool 1
>  dialer-group 1
>  ppp authentication pap callin
>  ppp pap sent-username quickcash1 password 0 xxxxxxxx
>  ppp multilink
>  ppp multilink links minimum 2
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer1
> no ip http server
> !
> !
> line con 0
> line aux 0
> line vty 0 4
>  transport preferred none
>  transport input telnet
> !
> !
> end
>
> Cisco 7206 Config....
>
>
>
> Current configuration : 11227 bytes
> !
> version 12.3
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname gw1.armplc
> !
> boot-start-marker
> boot-end-marker
> !
> enable secret 5 xxxxxxxx
> !
> aaa new-model
> !
> !
> aaa group server radius WinAuthAcct
>  server xxx.24.27.48 auth-port 1812 acct-port 1813
>  server xxx.24.27.49 auth-port 1812 acct-port 1813
> !
> aaa authentication login default local
> aaa authentication ppp default local group WinAuthAcct
> aaa authorization exec default local none
> aaa authorization network default local group WinAuthAcct
if-authenticated
> aaa accounting delay-start
> aaa accounting update newinfo
> aaa accounting network default start-stop broadcast group
WinAuthAcct
> aaa session-id common
> ip subnet-zero
> no ip source-route
> !
> !
> ip cef
> ip telnet source-interface Loopback100
> ip tftp source-interface Loopback100
> ip domain list win.net
> ip domain name win.net
> ip name-server xxx.24.27.3
> ip name-server xx.235.0.25
> ip name-server xxx.24.27.4
> !
> no ip bootp server
> pppoe-forwarding
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> !
> username admin secret 5 xxxxxxxx
> username quickcash1 password 0 xxxxxxxx
> !
> !
> controller T3 6/0
> !
> !
> bba-group pppoe global
>  virtual-template 1
> !
> bba-group pppoe global1
>  virtual-template 2
> !
> !
> interface Loopback100
>  description gw1.armplc.win.net loopback interface
>  ip address 216.24.30.16 255.255.255.255
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
> !
> interface FastEthernet1/0
>  ip address xxx.24.8.1 255.255.255.0
>  duplex full
> !
> interface FastEthernet1/0.2
>  encapsulation dot1Q 2
>  ip address xxx.24.12.193 255.255.255.192
>  pppoe enable group global
>  no snmp trap link-status
> !
> interface FastEthernet1/0.3
>  encapsulation dot1Q 3
>  ip tcp adjust-mss 1360
>  pppoe enable group global1
>  no snmp trap link-status
> !
> interface FastEthernet1/0.16
>  encapsulation dot1Q 16
>  no snmp trap link-status
> !
> interface FastEthernet1/0.17
>  encapsulation dot1Q 17
>  no snmp trap link-status
> !
> interface FastEthernet2/0
>  no ip address
>  shutdown
>  duplex half
> !
> interface Serial3/0
>  description Armory Place CO to Heyburn
>  bandwidth 44210
>  ip address 216.24.28.246 255.255.255.252
>  ip route-cache flow
>  dsu bandwidth 44210
>  framing c-bit
>  cablelength 50
>  serial restart-delay 0
>  no cdp enable
> !
> interface Serial3/1
>  no ip address
>  shutdown
>  dsu bandwidth 44210
>  framing c-bit
>  cablelength 10
>  serial restart-delay 0
> !
> interface Serial4/0
>  no ip address
>  shutdown
>  dsu bandwidth 44210
>  framing c-bit
>  cablelength 10
>  serial restart-delay 0
> !
> interface ATM5/0
>  no ip address
>  shutdown
>  no atm ilmi-keepalive
> !
> interface Virtual-Template1
>  ip unnumbered FastEthernet1/0.2
>  ip tcp adjust-mss 1360
>  peer default ip address pool pppoepool
>  ppp authentication pap chap
> !
> interface Virtual-Template2
>  mtu 1400
>  ip unnumbered FastEthernet1/0.3
>  peer default ip address pool pppoepool
>  ppp mtu adaptive
>  ppp authentication pap chap
> !
> router ospf 5150
>  log-adjacency-changes
>  area 0 authentication message-digest
>  summary-address 216.24.9.0 255.255.255.128
>  redistribute connected subnets route-map ospf-redistrib
>  redistribute static subnets route-map ospf-redistrib
>  passive-interface default
>  no passive-interface FastEthernet1/0
>  no passive-interface Serial3/0
>  no passive-interface Loopback100
>  network 24.235.0.0 0.0.31.255 area 0
>  network 216.24.0.0 0.0.63.255 area 0
> !
> ip local pool pppoepool 216.24.12.100 216.24.12.180
> ip classless
> ip route 0.0.0.0 0.0.0.0 Serial3/0
> ip route 216.24.2.88 255.255.255.248 216.24.12.100
> ip route 216.24.35.91 255.255.255.255 216.24.12.100
> no ip http server
> !
> !
> !
> ip access-list standard allow-our-nets
>  permit 216.24.0.0 0.0.63.255
>  permit 24.235.0.0 0.0.31.255
> !
> ip access-list extended in-block-all-smtp-nb
>  deny   tcp any any eq smtp log-input
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip access-list extended in-block-nb
>  remark -- Same as out-block-nb
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip access-list extended in-block-smtp-nb
>  permit tcp any 216.24.27.0 0.0.0.255 eq smtp
>  deny   tcp any any eq smtp log-input
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip access-list extended in-dangerously-allow-all
>  permit ip any any
> ip access-list extended in-permitlog-smtp
>  remark -- This one is used to see who we need to not apply
blocksmtp to.
>  remark -- It is functionally identical to in-block-nb.
>  permit tcp any 216.24.27.0 0.0.0.255 eq smtp
>  permit tcp any any eq smtp syn log-input
>  permit tcp any any eq smtp
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip access-list extended out-block-all-smtp-nb
>  deny   tcp any eq smtp any log-input
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip access-list extended out-block-nb
>  remark -- Same as in-block-nb
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip access-list extended out-block-smtp-nb
>  permit tcp 216.24.27.0 0.0.0.255 eq smtp any
>  deny   tcp any eq smtp any log-input
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip access-list extended out-dangerously-allow-all
>  permit ip any any
> ip access-list extended out-permitlog-smtp
>  permit tcp any 216.24.27.0 0.0.0.255 eq smtp
>  permit tcp any any eq smtp log-input
>  deny   tcp any any range 135 139 log-input
>  permit udp any eq netbios-ns host 216.24.27.3 eq domain
>  permit udp any eq netbios-ns host 216.24.27.4 eq domain
>  permit udp any eq netbios-ns host 199.120.154.17 eq domain
>  permit udp host 216.24.27.3 eq domain any eq netbios-ns
>  permit udp host 216.24.27.4 eq domain any eq netbios-ns
>  permit udp host 199.120.154.17 eq domain any eq netbios-ns
>  deny   udp any any eq netbios-ns
>  deny   udp any any range 135 netbios-ss log-input
>  deny   tcp any any eq 445 log-input
>  deny   udp any any eq 445 log-input
>  permit ip any any
> ip radius source-interface Loopback100
> logging source-interface Loopback100
> !
> route-map ospf-redistrib permit 10
>  match ip address allow-our-nets
> !
> snmp-server trap-source Loopback100
> !
> radius-server attribute nas-port format c
> radius-server dead-criteria tries 2
> radius-server host 216.24.27.201 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.202 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.203 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.204 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.205 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.206 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.207 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.208 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.209 auth-port 1645 acct-port 1646
> radius-server host 216.24.27.200 auth-port 1645 acct-port 1646
> radius-server retry method reorder
> radius-server transaction max-tries 3
> radius-server retransmit 0
> radius-server timeout 3
> radius-server deadtime 2
> radius-server key m00c0w6809
> radius-server vsa send accounting
> radius-server vsa send authentication
> !
> !
> !
> !
> gatekeeper
>  shutdown
> !
> !
> line con 0
>  stopbits 1
> line aux 0
>  stopbits 1
> line vty 0 4
>  exec-timeout 60 0
>  logging synchronous
>  transport preferred none
>  transport input telnet
> !
> !
> end
>
>
>
>
>
>
>
> --
> "The problem with our concept of mind is that we confuse our own
kind of
> self-awareness with thinking in general. Self-awareness is an
attribute of
> certain kinds of social animals. Why should a mind be self-aware?
It's
> enough it's world-aware. If it isn't socially connected to other
minds, it
> doesn't need social filters or self-modeling. It's self-making,
> self-sufficient. It embodies and acts. A world-aware mind is just
one step
> closer to God than you and I."
>           -- Greg Bear, "Slant"
>
>



More information about the cisco-nas mailing list