[c-nsp] Problem with config for 7206 acting as a lns

Samantha (Regional Connect) samantha at cairns.net.au
Thu Jun 11 20:13:24 EDT 2009


Hi

I have the radius issuing the following attribute (example)

lcp:interface-config#1=service-policy output 160
lcp:interface-config#1=service-policy input 2560

Now when the user authenticates it closes the connection on the user
If I remove the attributes from radius (shaping after a user has reached a
download limit)
they stay connected




boot system flash disk0:c7200-xxxxxxxxxxxx
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authorization network l2tp group radius
aaa accounting delay-start
aaa accounting update periodic 5
aaa accounting network default start-stop group radius
aaa accounting network l2tp start-stop group radius
aaa nas port extended
aaa pod server auth-type any server-key xxxxxxxxxxxxxxxxx
aaa session-id common
enable secret 5 $1$BSPX$QS0/XG/J8WmSW7attjsTC/
enable password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone GMT 10
ip subnet-zero
no ip source-route
!
!
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
!
ip cef
vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
vpdn logging
vpdn logging local
vpdn logging tunnel-drop
vpdn history failure table-size 50
vpdn session-limit 1000
! Default L2TP VPDN group
 accept-dialin
  protocol l2tp
  virtual-template 1
 lcp renegotiation always
 l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet1/0
 description LNS Link to Network
 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
 duplex full
 ipv6 address xxx.xxx.xxx.xxx /48
 ipv6 enable
 no cdp enable
!
interface FastEthernet2/0
 no ip address
 duplex full
 no cdp enable
 no mop enabled
!
interface FastEthernet2/0.1027
 encapsulation dot1Q 1027
 ip address 125.xxx.xxx.xxx 255.255.xxx.xxx
 no cdp enable
!
interface FastEthernet2/0.1028
 encapsulation dot1Q 1028
 ip address 125.xxx.xxx.xxx 255.255.xxx.xxx
 no cdp enable
!
interface Virtual-Template1
 description Customer DSL-Sessions via L2TP
 ip unnumbered FastEthernet1/0
 ip access-group 110 out
 peer default ip address pool default
 ppp authentication pap chap radius
ppp authorization l2tp
 ppp accounting l2tp
 ppp multilink
!
router ospf 1
 router-id 202.xxx.xxx.xxx
 log-adjacency-changes
 redistribute connected subnets
 redistribute static subnets
 passive-interface FastEthernet2/0
 passive-interface FastEthernet2/0.1027
 passive-interface FastEthernet2/0.1028
 network 202.xxx.xxx.xxx 0.0.0.255 area 0.0.0.0
!
ip local pool default xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx FastEthernet1/0
no ip http server
!
!
access-list 110 permit ip any any
no cdp run
ipv6 route xxx.xxx.xxx.xxx 48 FastEthernet1/0
ipv6 route ::/0 xxx.xxx.xxx.xxx
!
snmp-server community public RO 99
snmp-server location Equinix Sydney
snmp-server contact xxx.xxx.xxx.xxx
snmp-server chassis-id lns1.c7206
snmp-server enable traps tty
!
!
radius-server configure-nas
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key xxxxxxxxxxx
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
!
ntp clock-period 17179650
ntp master 4
ntp server 192.189.54.17
ntp server 202.47.112.1
ntp server 192.189.54.65
!


Thanks


Sam



More information about the cisco-nsp mailing list