[c-nsp] PPPoE Relay from 1811 to 7206VXR

Skeeve Stevens skeeve at skeeve.org
Tue Jun 5 03:29:04 EDT 2007 

Hey Oli, 

1811(config-vpdn-acc-in)#protocol ?
  any   Use any protocol
  l2f   Use L2F
  l2tp  Use L2TP
  pptp  Use PPTP

doesn't seem to have protocol pppoe.

So at the moment I have:

-------

username Tunnel-In password 7 x
username LAC-Gosford-Test password 7 x

vpdn enable
vpdn multihop
!
vpdn-group forward-as-l2tp
 request-dialin
  protocol l2tp
 initiate-to ip 58.x.x.x
 local name LAC-Gosford-Test
!
vpdn-group pppoe
! Default L2TP VPDN group
! Default PPTP VPDN group
 accept-dialin
  protocol any
  virtual-template 1
 local name LAC-Gosford-Test
!
interface Virtual-Template1 
 mtu 1492
 no ip address
 no peer default ip address
 no keepalive
 ppp authentication chap pap
-------


Can the users use no domain? Or do they have to? I've tried with a domain
and it didn't seem to help.

1811 Debug:

PPPoE:
  PPPoE protocol events debugging is on
VPN:
  L2X protocol events debugging is on
  VPDN call event debugging is on
  VPDN events debugging is on
  VPDN errors debugging is on
  VPDN packet debugging is on
  L2TP data sequencing debugging is on

===
Jun  5 07:28:58.147: PPPoE : encap string prepared
Jun  5 07:28:58.147: [561]PPPoE 21582: Access IE handle allocated
Jun  5 07:28:58.147: [561]PPPoE 21582: pppoe SSS switch updated
Jun  5 07:28:58.151: [561]PPPoE 21582: AAA unique ID allocated
Jun  5 07:28:58.151: [561]PPPoE 21582: Destroying  R:0017.3101.664e
L:0017.5902.2d34 Fa0
Jun  5 07:28:58.151: [561]PPPoE 21582: AAA account stopped
Jun  5 07:29:03.147: PPPoE 0: I PADR  R:0017.3101.664e L:0017.5902.2d34 Fa0
Jun  5 07:29:03.147:  Service tag: NULL Tag
Jun  5 07:29:03.147: PPPoE : encap string prepared
Jun  5 07:29:03.147: [562]PPPoE 21583: Access IE handle allocated
Jun  5 07:29:03.147: [562]PPPoE 21583: pppoe SSS switch updated
Jun  5 07:29:03.147: [562]PPPoE 21583: AAA unique ID allocated
Jun  5 07:29:03.147: [562]PPPoE 21583: Destroying  R:0017.3101.664e
L:0017.5902.2d34 Fa0
Jun  5 07:29:03.151: [562]PPPoE 21583: AAA account stopped
Jun  5 07:29:18.179: PPPoE 0: I PADI  R:0017.3101.664e L:ffff.ffff.ffff Fa0
Jun  5 07:29:18.179:  Service tag: NULL Tag
Jun  5 07:29:18.179: PPPoE 0: O PADO, R:0017.5902.2d34 L:0017.3101.664e Fa0
Jun  5 07:29:18.179:  Service tag: NULL Tag
Jun  5 07:29:18.179: PPPoE 0: I PADR  R:0017.3101.664e L:0017.5902.2d34 Fa0
Jun  5 07:29:18.179:  Service tag: NULL Tag
Jun  5 07:29:18.179: PPPoE : encap string prepared
Jun  5 07:29:18.179: [563]PPPoE 21584: Access IE handle allocated
Jun  5 07:29:18.179: [563]PPPoE 21584: pppoe SSS switch updated
Jun  5 07:29:18.179: [563]PPPoE 21584: AAA unique ID allocated
Jun  5 07:29:18.179: [563]PPPoE 21584: Destroying  R:0017.3101.664e
L:0017.5902.2d34 Fa0
Jun  5 07:29:18.179: [563]PPPoE 21584: AAA account stopped
Jun  5 07:29:23.179: PPPoE 0: I PADR  R:0017.3101.664e L:0017.5902.2d34 Fa0
Jun  5 07:29:23.179:  Service tag: NULL Tag
Jun  5 07:29:23.179: PPPoE : encap string prepared
Jun  5 07:29:23.179: [564]PPPoE 21585: Access IE handle allocated
Jun  5 07:29:23.179: [564]PPPoE 21585: pppoe SSS switch updated
Jun  5 07:29:23.179: [564]PPPoE 21585: AAA unique ID allocated
Jun  5 07:29:23.179: [564]PPPoE 21585: Destroying  R:0017.3101.664e
L:0017.5902.2d34 Fa0
Jun  5 07:29:23.179: [564]PPPoE 21585: AAA account stopped
===




The 7200 Radius is testing fine, but it isn't seeing the tunnel come up at
all.

Here is the config.

-------
aaa new-model
aaa group server radius isp
 server x auth-port 1812 acct-port 1813
!
aaa authentication login default local
aaa authentication ppp isp group isp
aaa authorization exec default local group isp 
aaa authorization network isp group isp 
aaa accounting delay-start
aaa accounting update periodic 30
aaa accounting network default start-stop group isp
aaa accounting connection default start-stop group isp
aaa accounting system default start-stop group isp

username Tunnel-In password 7 1042081B0C03
username LAC-Gosford-Test password 7 03085A090F1B

vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
vpdn logging
vpdn logging local
vpdn logging tunnel-drop
vpdn history failure table-size 50
vpdn session-limit 2048
vpdn search-order domain 
vpdn domain-delimiter @ suffix
vpdn domain-delimiter / prefix
!
vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC-Gosford-Test
 local name Tunnel-In
 lcp renegotiation on-mismatch
!
interface Virtual-Template1
 mtu 1492
 ip unnumbered Loopback0
 peer default ip address pool eqpool
 down-when-looped
 ppp mtu adaptive
 ppp authentication chap pap isp
 ppp authorization isp
 ppp accounting isp
!
ip local pool eqpool x x
!
!
radius-server configure-nas
radius-server host x  auth-port 1812 acct-port 1813
radius-server retransmit 2
radius-server timeout 2
radius-server key 7 x
radius-server authorization permit missing Service-Type
-------





-----Original Message-----
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: Tuesday, 29 May 2007 8:17 PM
To: skeeve at skeeve.org; Cisco-nsp
Subject: RE: [c-nsp] PPPoE Relay from 1811 to 7206VXR

Skeeve,

you need to configure vpdn multihop on the 1811, something like this

vpdn enable
vpdn multihop
vpdn-group pppoe
 accept-dialin
  protocol pppoe
  virtual-template 1
!         
vpdn-group forward-as-l2tp
 request-dialin
  protocol l2tp
  domain domain.com
 initiate-to ip <address-of-the-7200>
 local name pppoe-relay

The trick could be to match the forward-as-l2tp tunnel using the domain,
the example above assumes all the users authenticate via
xxxx at domain.com..
You can also use Radius and return a tunnel profile within the
access-request..

Don't think you need the bba-group stuff, but not entirely sure..

	oli

Skeeve Stevens <> wrote on Monday, May 28, 2007 4:31 PM:

> Hi guys,
> 
> 	I've just spent most of the day trying to get an 1811 relay
PPPoE
> calls to a central server, and I've failed miserably.
> 
> 	I have established that the max number of sessions an 1811 can
relay
> is 300.
> 
> 	I do need some help from you wonderful people.
> 
> 	Imagine the 1811(12.4)  and 7206(12.2) are configless.  Where do
I
> start from?
> 
> 	I assume the following:
> 
> 1.	1811 can accept PPPoE calls
> 2.	1811 needs to make a l2tp tunnel to the 7206 which is already
> configured to accept PPPoE
> 
> 
> If anyone can assist that would be wonderful. The areas that are new
> to me on the 1811 in 12.4
> -	No idea how the new bba-group pppoe global works for pppoe
dialin
> 
> 		The basic scenario is about 30 * 1811's out in regional
pops
> with between 20 and 200 clients on a layer 2 wireless network behind
> the 1811.  The 1811 remote pops are all connected in an MPLS cloud
> which goes back to a central 7206vxr-npe400.  The goal is to have the
> end user be able to pppoe into the 7200 some how.
> 
> All assistance is welcome.
> 
> .Skeeve
> 
> 
> 
> --
> Skeeve Stevens, RHCE
> skeeve at skeeve.org / www.skeeve.org
> Cell +61 (0)414 753 383 / skype://skeeve
> 
> eintellego - skeeve at eintellego.net - www.eintellego.net
> --
> I'm a groove licked love child king of the verse
> Si vis pacem, para bellum
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list