[nsp] routing problems on 3640 terminating l2tp tunnels to dsl
users
Dave [Hawk-Systems]
dave at hawk-systems.com
Tue Nov 4 12:41:44 EST 2003
any takers on this?
Dave
-----Original Message-----
have a 3640 which terminates a number of l2tp tunnels from bell. DSL
connections from their redbacks are piped over these tunnels to the router.
Connections are made fine, RADIUS responds with teh IP address assignment,
assigned to the virtual interface, and our test user is connected to the
internet happily.
We are having a problem every X number of hours, the routing simply drops for
that user. We can still log into the router and access it remotely, but it is
answering on another IP block.
from the router, we can ping the gateway for the block, and we can ping the end
user modem IP.
from the internet we can ping the gateway ip for the block, but cannot ping the
modem.
user still shows as connected, sh int looks pristine, and if we dump the user
(cleat int virtual #), or if the user reboots the modem, the user reconnects and
routes again in most cases.
we have tested the DSL modem with another DSL provider, and it performs
normally.
attached is the config, slightly sanitized, with some tunnels and such removed
to make for a shorter email.
would appreciate any comments, corrections, or caveats with usage, IOS version,
anyting that might be contributing to this annoying little problem.
thanks
Dave
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
IP Information
we have two IP subnets allocated to us from the datacenter, along with the
gatewat IP addresses for each that the datacenter has in place for each IP
address.
IP Block 1 - Equipment/Use
Network: 66.199.141.32 255.255.255.240
Gateway: 66.199.141.33
We have a switch b/t router the internet with IP .34
router is assigned .35, which is how we connect remotely
IP Block 2 - DSL/LANex Users
Network: 69.28.227.0 255.255.255.128
Gateway: 69.28.227.1
rtr1#sh ver
rtr1 uptime is 4 days, 23 hours, 1 minute
System returned to ROM by reload
System restarted at 19:08:27 EST Wed Oct 29 2003
System image file is "flash:c3640-jk9o3s-mz.122-19.bin"
<cisco copyright/crypto notices clipped>
cisco 3640 (R4700) processor (revision 0x00) with 125952K/5120K bytes of memory.
Processor board ID 14827691
R4700 CPU at 100Mhz, Implementation 33, Rev 1.0
Bridging software.
X.25 software, Version 3.0.0.
SuperLAT software (copyright 1990 by Meridian Technology Corp).
TN3270 Emulation software.
2 FastEthernet/IEEE 802.3 interface(s)
DRAM configuration is 64 bits wide with parity disabled.
125K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
Configuration register is 0x2102
rtr1#sh run
Building configuration...
Current configuration : 15170 bytes
!
! Last configuration change at 13:40:01 EST Mon Nov 3 2003 by user
! NVRAM config last updated at 13:40:02 EST Mon Nov 3 2003 by user
!
version 12.2
service timestamps debug datetime
service timestamps log datetime
service password-encryption
no service dhcp
!
hostname rtr1
!
boot system flash:c3640-jk9o3s-mz.122-19.bin
logging buffered 12000 debugging
aaa new-model
aaa authentication login default local
aaa authentication login no_radius enable
aaa authentication ppp default group radius local
aaa authentication ppp vpdn group radius
aaa authorization network default group radius
aaa authorization network vpdn group radius
aaa accounting network default start-stop group radius
aaa accounting network vpdn start-stop group radius
enable password 7 XXXXXXXXXXXXXXXXXXXX
!
username user password 7 XXXXXXXXXXXXXXXXXXXX
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
!
!
no ip domain-lookup
ip host sw1 66.199.141.34
ip name-server XXX.XXX.XXX.XX
ip name-server XXX.XXX.XXX.XX
!
ip audit notify log
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname nexxia3
local name someuser
lcp renegotiation always
l2tp tunnel password 7 XXXXXXXXXXXXXXXX
!
vpdn-group 100
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname nexxia100
local name someuser
lcp renegotiation always
l2tp tunnel password 7 XXXXXXXXXXXXXXXXXXXX
!
! REMOVED A BUNCH MORE OF THESE FOR THE VARIOUS LOCATIONS
!
!
no call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback1
ip address 69.28.227.1 255.255.255.128
!
interface FastEthernet3/0
description physical connection to Internet
ip address 66.199.141.35 255.255.255.240
speed 100
full-duplex
!
interface FastEthernet3/1
description endpoint for DSL customers
no ip address
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
no cdp enable
!
interface FastEthernet3/1.93
description nexxia somelocation 91-105
encapsulation isl 361
ip address 10.20.109.97 255.255.255.224
no ip redirects
no ip route-cache
no ip mroute-cache
no cdp enable
!
! DELETED A NUMBER OF OTHER FE3/1.## INTERFACES FOR OTHER LOCATIONS
!
interface Virtual-Template1
ip unnumbered Loopback1
peer default ip address pool COMP-hs
ppp authentication pap chap
ppp ipcp mask 255.255.255.128
!
ip local pool COMP-hs 69.28.227.2 69.28.227.126
ip classless
ip route 0.0.0.0 0.0.0.0 66.199.141.33
ip route 69.28.227.0 255.255.255.128 FastEthernet3/1
no ip http server
!
!
!
radius-server host XXX.XXX.XXX.XX auth-port 1645 acct-port 1646
radius-server key 7 XXXXXXXXXXXXXXXXXXXXXXXXX
!
dial-peer cor custom
!
!
line con 0
stopbits 1
line aux 0
line vty 0 4
session-timeout 30
line vty 5 15
!
ntp broadcastdelay 1
ntp clock-period 17179910
ntp server XXX.XXX.XXX.XX prefer
end
rtr1#
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list