[c-nsp] 7200 LNS problems from Redback? or Radius?

Ian MacKinnon ian.mackinnon at lumison.net
Wed May 30 11:58:14 EDT 2007


What does your virtual template look like?
I have in addition to your ppp group a group for l2tp:-
aaa authentication ppp l2tptunnel group radius

and then :-
vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname <remotehost>
 lcp renegotiation on-mismatch
 l2tp tunnel password 0 blah

interface Virtual-Template1
 ip unnumbered Loopback3
 no logging event link-status
 load-interval 30
 no snmp trap link-status
 no peer default ip address
 ppp authentication chap l2tptunnel
 ppp authorization l2tptunnel
 ppp accounting l2tptunnel

this is on a NPE-G1 running c7200-spservicesk9-mz.124-2.T5.bin

Skeeve Stevens wrote:
> Hey guys,
> 
> 	I have a 7200 taking sessions from a Redback and either the Redback
> is not configured properly (hard to prove as I don't have access), or I have
> a local problem.
> 
> I'm receiving the log entry below
> 
> AAA/AUTHOR (0x0): Pick method list 'local-list'
> 
> 	This seems to suggest that it is ignoring radius and trying local
> auth.
> 
> I have:
> 
> !
> aaa group server radius dslrad
>  server 202.x.x.x auth-port 1812 acct-port 1813
> !
> aaa authentication login default local
> aaa authentication ppp default group radius group dslrad
> aaa authorization exec default local group dslrad
> aaa authorization network default group dslrad
> aaa accounting delay-start 
> aaa accounting update periodic 30
> aaa accounting network default start-stop group dslrad
> aaa accounting connection default start-stop group dslrad
> aaa accounting system default start-stop group dslrad
> 
> which seems to be fine.
> 
> I have the following debugging on:
> 
> General OS:
>   AAA Authentication debugging is on
>   AAA Authorization debugging is on
>   AAA Administrative debugging is on
>   AAA Local debugs debugging is on
>   AAA Radius debugs debugging is on
> L2TP:
>   L2TP packet events debugging is on
>   L2TP packet errors debugging is on
>   L2TP errors debugging is on
>   L2TP events debugging is on
>   L2TP L2TUN socket API debugging is on
> PPP:
>   PPP authentication debugging is on
>   PPP protocol errors debugging is on
>   PPP protocol negotiation debugging is on
>   PPP forwarding events debugging is on
> VPN:
>   VPDN call event debugging is on
>   VPDN message debugging is on
>   VPDN events debugging is on
>   VPDN errors debugging is on
>   VPDN packet debugging is on
> Radius protocol debugging is on
> Radius protocol brief debugging is on
> Radius protocol verbose debugging is on
> 
> And I am seeing zero radius chatter at all, and only the one AAA comment
> about local-list.
> 
> The tunnel seems to come up to the Redback, but then I see nothing except
> this:
> 
> May 30 2007 21:51:59: L2X:CEF From tunnel: 93 byte pak dropped
> May 30 2007 21:52:01: L2X:CEF From tunnel: Gi0/1.31 Received 93 byte pak
> May 30 2007 21:52:01: L2X:CEF From tunnel: 93 byte pak dropped
> May 30 2007 21:52:03: L2X:CEF From tunnel: Gi0/1.31 Received 93 byte pak
> 
> Anyone have any ideas please?
> 
> System image file is "disk2:c7200p-advipservicesk9-mz.124-11.T1.bin"
> 
> Cisco 7204G2.
> 
> .Skeeve
> 
> 
> --
> Skeeve Stevens, RHCE
> skeeve at skeeve.org / www.skeeve.org
> Cell +61 (0)414 753 383 / skype://skeeve
> 
> eintellego - skeeve at eintellego.net - www.eintellego.net 
> --
> I'm a groove licked love child king of the verse 
> Si vis pacem, para bellum
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 

This email and any files transmitted with it are confidential and intended 
solely for the use of the individual or entity to whom they are addressed.  
If you have received this email in error please notify the sender. Any 
offers or quotation of service are subject to formal specification.  
Errors and omissions excepted.  Please note that any views or opinions 
presented in this email are solely those of the author and do not 
necessarily represent those of Lumison, nplusone or lightershade ltd.  
Finally, the recipient should check this email and any attachments for the 
presence of viruses.  Lumison, nplusone and lightershade ltd accepts no 
liability for any damage caused by any virus transmitted by this email.

-- 
-- 
Virus scanned by Lumison.


More information about the cisco-nsp mailing list