[c-nsp] static routes in vrf, table not updated
Gernot Nusshall
Gernot.Nusshall at edvg.at
Tue Sep 5 06:45:02 EDT 2006
Hello,
We got a 7206vxr running
c7200-js-mz.123-12d.bin terminating DSL L2TP VPDN´s.
The DSL boxes are authenticating via RADIUS, in this process there are
multiple Framed-Routes
installed on the NAS(the mentioned 7206). When i try to install a
Framed-Route(with a higher administrativ
Distance) via Radius which the NAS already knows via OSPF from an other
Router he doesn´t update
his routing-table. When i use the debug radius command i see that he gets
the right information but
with debug ip routing static detail and/or sh ip route vrf xxx static i
see that he doesn´t update his
routing-table.
debug radius
Sep 5 12:33:26.391: RADIUS: directed-server 213.227.161.130 extracted
from username "xxx"
Sep 5 12:33:26.391: RADIUS/ENCODE(000001FA):Orig. component type = VPDN
Sep 5 12:33:26.391: RADIUS(000001FA): Using existing nas_port 497
Sep 5 12:33:26.391: RADIUS(000001FA): Config NAS IP: xxx
Sep 5 12:33:26.391: RADIUS(000001FA): sending
Sep 5 12:33:26.391: RADIUS(000001FA): Send Accounting-Request to xxx:1813
id 1646/28, len 200
Sep 5 12:33:26.391: RADIUS: authenticator 3C 12 8D 33 32 8D 60 78 - A9
35 9C E8 02 0B 93 25
Sep 5 12:33:26.391: RADIUS: Acct-Session-Id [44] 10 "00000367"
Sep 5 12:33:26.391: RADIUS: Tunnel-Server-Endpoi[67] 15 "xxx"
Sep 5 12:33:26.391: RADIUS: Tunnel-Client-Endpoi[66] 14 "xxx"
Sep 5 12:33:26.391: RADIUS: Tunnel-Assignment-Id[82] 3 "1"
Sep 5 12:33:26.391: RADIUS: Tunnel-Type [64] 6 00:L2TP [3]
Sep 5 12:33:26.391: RADIUS: Acct-Tunnel-Connecti[68] 12 "3304580446"
Sep 5 12:33:26.391: RADIUS: Tunnel-Client-Auth-I[90] 10 "xxx"
Sep 5 12:33:26.391: RADIUS: Tunnel-Server-Auth-I[91] 6 "xxx"
Sep 5 12:33:26.391: RADIUS: Framed-Protocol [7] 6 PPP [1]
Sep 5 12:33:26.391: RADIUS: Framed-IP-Address [8] 6 10.102.255.102
Sep 5 12:33:26.391: RADIUS: User-Name [1] 14 "xxx"
Sep 5 12:33:26.391: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
Sep 5 12:33:26.391: RADIUS: Acct-Session-Time [46] 6 76880
Sep 5 12:33:26.391: RADIUS: Acct-Input-Octets [42] 6 298197
Sep 5 12:33:26.391: RADIUS: Acct-Output-Octets [43] 6 298064
Sep 5 12:33:26.391: RADIUS: Acct-Input-Packets [47] 6 13822
Sep 5 12:33:26.391: RADIUS: Acct-Output-Packets [48] 6 13822
Sep 5 12:33:26.391: RADIUS: Acct-Terminate-Cause[49] 6 admin-reset
[6]
Sep 5 12:33:26.391: RADIUS: Acct-Status-Type [40] 6 Stop [2]
Sep 5 12:33:26.391: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Sep 5 12:33:26.391: RADIUS: NAS-Port [5] 6 497
Sep 5 12:33:26.391: RADIUS: Service-Type [6] 6 Framed [2]
Sep 5 12:33:26.391: RADIUS: NAS-IP-Address [4] 6 xxx
Sep 5 12:33:26.395: RADIUS: Acct-Delay-Time [41] 6 0
Sep 5 12:33:26.427: RADIUS: Received from id 1646/28 xxx:1813,
Accounting-response, len 20
Sep 5 12:33:26.427: RADIUS: authenticator E4 DE AC AB F6 74 52 13 - B5
92 48 5B 33 91 40 15
Sep 5 12:33:31.127: RADIUS: directed-server xxx extracted from username
"xxx"
Sep 5 12:33:31.127: RADIUS/ENCODE(000001FE):Orig. component type = VPDN
Sep 5 12:33:31.127: RADIUS: AAA Unsupported Attr: interface [153] 15
Sep 5 12:33:31.127: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 35
[Uniq-Sess-ID5]
Sep 5 12:33:31.127: RADIUS(000001FE): Storing nasport 500 in rad_db
Sep 5 12:33:31.127: RADIUS(000001FE): Config NAS IP: xxx
Sep 5 12:33:31.127: RADIUS/ENCODE(000001FE): acct_session_id: 878
Sep 5 12:33:31.127: RADIUS(000001FE): sending
Sep 5 12:33:31.127: RADIUS(000001FE): Send Access-Request toxxx:1812 id
1645/248, len 83
Sep 5 12:33:31.127: RADIUS: authenticator 94 35 8B 82 E5 9A 9A 98 - CE
65 09 A1 F0 A5 68 C8
Sep 5 12:33:31.127: RADIUS: Framed-Protocol [7] 6 PPP [1]
Sep 5 12:33:31.127: RADIUS: User-Name [1] 14 "xxx"
Sep 5 12:33:31.131: RADIUS: CHAP-Password [3] 19 *
Sep 5 12:33:31.131: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Sep 5 12:33:31.131: RADIUS: NAS-Port [5] 6 500
Sep 5 12:33:31.131: RADIUS: Service-Type [6] 6 Framed [2]
Sep 5 12:33:31.131: RADIUS: NAS-IP-Address [4] 6 xxx
Sep 5 12:33:31.135: RADIUS: Received from id 1645/248 xxx:1812,
Access-Accept, len 292
Sep 5 12:33:31.135: RADIUS: authenticator B9 02 AC 2D 2F 7E 69 F6 - 6B
55 91 2B D6 D0 03 4A
Sep 5 12:33:31.135: RADIUS: Framed-IP-Address [8] 6 10.102.255.102
Sep 5 12:33:31.135: RADIUS: Framed-Route [22] 35 "10.100.20.0/24
10.102.255.102 240"
Sep 5 12:33:31.135: RADIUS: Framed-Route [22] 35 "10.100.22.0/24
10.102.255.102 240"
Sep 5 12:33:31.135: RADIUS: Framed-Route [22] 35 "10.100.24.0/27
10.102.255.102 240"
Sep 5 12:33:31.135: RADIUS: Framed-Route [22] 35 "10.100.29.0/28
10.102.255.102 240"
Sep 5 12:33:31.135: RADIUS: Framed-Protocol [7] 6 PPP [1]
Sep 5 12:33:31.135: RADIUS: Service-Type [6] 6 Framed [2]
Sep 5 12:33:31.135: RADIUS: Framed-IP-Netmask [9] 6 255.255.255.255
Sep 5 12:33:31.135: RADIUS: Vendor, Cisco [26] 51
Sep 5 12:33:31.135: RADIUS: Cisco AVpair [1] 45
"lcp:interface-config=ip vrf forwarding xxx"
Sep 5 12:33:31.135: RADIUS: Vendor, Cisco [26] 57
Sep 5 12:33:31.135: RADIUS: Cisco AVpair [1] 51
"lcp:interface-config=ip unnumbered loopback 11002"
Sep 5 12:33:31.135: RADIUS(000001FE): Received from id 1645/248
Sep 5 12:33:31.171: RADIUS: directed-server 213.227.161.130 extracted
from username "xxx"
Sep 5 12:33:31.171: RADIUS/ENCODE(000001FE):Orig. component type = VPDN
Sep 5 12:33:31.171: RADIUS(000001FE): Using existing nas_port 500
Sep 5 12:33:31.171: RADIUS(000001FE): Config NAS IP: 213.227.160.96
Sep 5 12:33:31.171: RADIUS(000001FE): sending
Sep 5 12:33:31.171: RADIUS(000001FE): Send Accounting-Request to xxx:1813
id 1646/29, len 164
Sep 5 12:33:31.171: RADIUS: authenticator 5F B8 0A 79 3C 3A AA A9 - 53
0F 10 E0 29 3C 7C 12
Sep 5 12:33:31.171: RADIUS: Acct-Session-Id [44] 10 "0000036E"
Sep 5 12:33:31.171: RADIUS: Tunnel-Server-Endpoi[67] 15 "xxx"
Sep 5 12:33:31.171: RADIUS: Tunnel-Client-Endpoi[66] 14 "xxx"
Sep 5 12:33:31.171: RADIUS: Tunnel-Assignment-Id[82] 3 "1"
Sep 5 12:33:31.171: RADIUS: Tunnel-Type [64] 6 00:L2TP [3]
Sep 5 12:33:31.171: RADIUS: Acct-Tunnel-Connecti[68] 12 "3304583712"
Sep 5 12:33:31.171: RADIUS: Tunnel-Client-Auth-I[90] 10 "xxx"
Sep 5 12:33:31.171: RADIUS: Tunnel-Server-Auth-I[91] 6 "xxx"
Sep 5 12:33:31.171: RADIUS: Framed-Protocol [7] 6 PPP [1]
Sep 5 12:33:31.171: RADIUS: Framed-IP-Address [8] 6 xxx
Sep 5 12:33:31.171: RADIUS: User-Name [1] 14 "xxx"
Sep 5 12:33:31.171: RADIUS: Acct-Authentic [45] 6 RADIUS [1]
Sep 5 12:33:31.171: RADIUS: Acct-Status-Type [40] 6 Start [1]
Sep 5 12:33:31.171: RADIUS: NAS-Port-Type [61] 6 Virtual [5]
Sep 5 12:33:31.171: RADIUS: NAS-Port [5] 6 500
Sep 5 12:33:31.171: RADIUS: Service-Type [6] 6
Framed [2]
Sep 5 12:33:31.171: RADIUS: NAS-IP-Address [4] 6 xxx
Sep 5 12:33:31.171: RADIUS: Acct-Delay-Time [41] 6 0
Sep 5 12:33:31.199: RADIUS: Received from id 1646/29 xxx:1813,
Accounting-response, len 20
Sep 5 12:33:31.199: RADIUS: authenticator DB 88 08 19 FF AC 73 F6 - 9C
58 A0 57 60 CD 2C 4F
debug ip routing static detail
Sep 5 12:37:26.447: IP-ST(oegb): 10.100.20.0 255.255.255.0
10.102.255.102 Path = 2 3 5 7, route table no change, recursive flag clear
Sep 5 12:37:26.447: IP-ST(oegb): 10.100.22.0 255.255.255.0
10.102.255.102 Path = 2 3 5 7, route table no change, recursive flag clear
Sep 5 12:37:26.447: IP-ST(oegb): 10.100.24.0 255.255.255.224
10.102.255.102 Path = 2 3 5 7, route table no change, recursive flag clear
Sep 5 12:37:26.447: IP-ST(oegb): 10.100.29.0 255.255.255.240
10.102.255.102 Path = 2 3 5 7, route table no change, recursive flag clear
Has anyone encounterd this problem?
Gernot
More information about the cisco-nsp
mailing list