[c-nsp] Problem with config for 7206 acting as a lns
Samantha (Regional Connect)
samantha at cairns.net.au
Thu Jun 11 20:13:24 EDT 2009
Hi
I have the radius issuing the following attribute (example)
lcp:interface-config#1=service-policy output 160
lcp:interface-config#1=service-policy input 2560
Now when the user authenticates it closes the connection on the user
If I remove the attributes from radius (shaping after a user has reached a
download limit)
they stay connected
boot system flash disk0:c7200-xxxxxxxxxxxx
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authentication ppp default group radius
aaa authorization network l2tp group radius
aaa accounting delay-start
aaa accounting update periodic 5
aaa accounting network default start-stop group radius
aaa accounting network l2tp start-stop group radius
aaa nas port extended
aaa pod server auth-type any server-key xxxxxxxxxxxxxxxxx
aaa session-id common
enable secret 5 $1$BSPX$QS0/XG/J8WmSW7attjsTC/
enable password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
clock timezone GMT 10
ip subnet-zero
no ip source-route
!
!
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
!
ip cef
vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
vpdn logging
vpdn logging local
vpdn logging tunnel-drop
vpdn history failure table-size 50
vpdn session-limit 1000
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
lcp renegotiation always
l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet1/0
description LNS Link to Network
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
duplex full
ipv6 address xxx.xxx.xxx.xxx /48
ipv6 enable
no cdp enable
!
interface FastEthernet2/0
no ip address
duplex full
no cdp enable
no mop enabled
!
interface FastEthernet2/0.1027
encapsulation dot1Q 1027
ip address 125.xxx.xxx.xxx 255.255.xxx.xxx
no cdp enable
!
interface FastEthernet2/0.1028
encapsulation dot1Q 1028
ip address 125.xxx.xxx.xxx 255.255.xxx.xxx
no cdp enable
!
interface Virtual-Template1
description Customer DSL-Sessions via L2TP
ip unnumbered FastEthernet1/0
ip access-group 110 out
peer default ip address pool default
ppp authentication pap chap radius
ppp authorization l2tp
ppp accounting l2tp
ppp multilink
!
router ospf 1
router-id 202.xxx.xxx.xxx
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
passive-interface FastEthernet2/0
passive-interface FastEthernet2/0.1027
passive-interface FastEthernet2/0.1028
network 202.xxx.xxx.xxx 0.0.0.255 area 0.0.0.0
!
ip local pool default xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
ip route xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx FastEthernet1/0
no ip http server
!
!
access-list 110 permit ip any any
no cdp run
ipv6 route xxx.xxx.xxx.xxx 48 FastEthernet1/0
ipv6 route ::/0 xxx.xxx.xxx.xxx
!
snmp-server community public RO 99
snmp-server location Equinix Sydney
snmp-server contact xxx.xxx.xxx.xxx
snmp-server chassis-id lns1.c7206
snmp-server enable traps tty
!
!
radius-server configure-nas
radius-server host xxx.xxx.xxx.xxx auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key xxxxxxxxxxx
radius-server authorization permit missing Service-Type
radius-server vsa send accounting
radius-server vsa send authentication
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
ntp clock-period 17179650
ntp master 4
ntp server 192.189.54.17
ntp server 202.47.112.1
ntp server 192.189.54.65
!
Thanks
Sam
More information about the cisco-nsp
mailing list