[c-nsp] RFC 1483 Bridged to PPPoE migration with Cisco 7401

Ned Schumann a3.schumann at olympus.net
Wed Feb 23 17:38:41 EST 2011


We’re currently aggregating DSL connections with a Cisco 7401 using RFC 1483 bridged. We want to migrate from bridged to PPPoE and authenticate and assign IP addresses with RADIUS. 

We’re looking for sample configurations which have both 1483 bridged and PPPoE interfaces on the same box. We'd like to use either ranges and pvc-in-range subinterfaces as shown below, or a fresh configuration without ranges where we can replace a bridged subinterface with a PPPoE one for the same pvc.

We’re using ranges of pvcs to create subinterfaces like this ...

interface ATM1/0
 no ip address
 atm scrambling cell-payload
 atm framing cbitplcp
 no atm ilmi-keepalive

interface ATM1/0.285 point-to-point
 description RBE Subinterface Range2
 ip unnumbered Loopback1
 atm route-bridged ip
 range RANGE2 pvc 1/285 1/537
  encapsulation aal5snap
 !
  pvc-in-range samuel 1/357
   class-vc atm
   encapsulation aal5autoppp Virtual-Template1
   no protocol ip inarp
   protocol pppoe

ip route 44.133.56.79 255.255.255.255 ATM1/0.356
ip route 44.133.56.80 255.255.255.255 ATM1/0.357
ip route 44.133.56.78 255.255.255.255 ATM1/0.358


We’ve now got RADIUS authenticating and returning the Framed-IP-Address and Framed-Netmask in the accept packet. But the 7401 doesn’t  apply the IP address to the generated virtual interface.

7401 debug statements follow
Feb 21 2011 21:31:47.359 UTC: RADIUS: Received from id 1645/177 44.133.224.78:1645, Access-Accept, len 44
Feb 21 2011 21:31:47.359 UTC: RADIUS:  authenticator 79 20 DE 47 35 51 D2 3F - 6C 92 4B E4 91 33 5F D9
Feb 21 2011 21:31:47.359 UTC: RADIUS:  Service-Type        [6]   6   Framed                    [2]
Feb 21 2011 21:31:47.359 UTC: RADIUS:  Framed-Protocol     [7]   6   PPP                       [1]
Feb 21 2011 21:31:47.359 UTC: RADIUS:  Framed-IP-Address   [8]   6   44.133.226.74      <=== User address
Feb 21 2011 21:31:47.359 UTC: RADIUS:  Framed-IP-Netmask   [9]   6   255.255.255.255           

...

Feb 21 2011 22:26:19.520 UTC: Vi3.1 PPP: Phase is UP
Feb 21 2011 22:26:19.520 UTC: Vi3.1 IPCP: O CONFREQ [Closed] id 1 len 10
Feb 21 2011 22:26:19.520 UTC: Vi3.1 IPCP:    Address 44.133.224.36 (0x03344175E024)
Feb 21 2011 22:26:19.520 UTC: Vi3.1 PPP: Process pending ncp packets
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: I CONFREQ [REQsent] id 1 len 22
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP:    Address 0.0.0.0 (0x030600000000)
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: No peer address configured
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: Neither side knows remote address
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: O CONFREJ [REQsent] id 1 len 10
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP:    Address 0.0.0.0 (0x030600000000)
Feb 21 2011 22:26:19.564 UTC: Vi3.1 IPCP: I CONFACK [REQsent] id 1 len 10
Feb 21 2011 22:26:19.564 UTC: Vi3.1 IPCP:    Address 44.133.224.36 (0x03344175E024)
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 26
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP:    Addresses(Deprecated) 0.0.0.0 0.0.0.0 (0x010A0000000000000000)  <=== Missing user address
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: No peer address configured
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: Neither side knows remote address
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: O CONFREJ [ACKrcvd] id 2 len 14
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP:    Addresses(Deprecated) 0.0.0.0 0.0.0.0 (0x010A0000000000000000)  <=== Missing user address
Feb 21 2011 22:26:19.644 UTC: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 3 len 16
Feb 21 2011 22:26:19.644 UTC: Vi3.1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
Feb 21 2011 22:26:19.644 UTC: Vi3.1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
Feb 21 2011 22:26:19.648 UTC: Vi3.1 IPCP: O CONFNAK [ACKrcvd] id 3 len 16
Feb 21 2011 22:26:19.648 UTC: Vi3.1 IPCP:    PrimaryDNS 44.133.224.77 (0x45388375E04D)
Feb 21 2011 22:26:19.648 UTC: Vi3.1 IPCP:    SecondaryDNS 44.133.224.80 (0x43877575E050)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 4 len 16
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP:    PrimaryDNS 44.133.224.77 (0x45388375E04D)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP:    SecondaryDNS 44.133.224.80 (0x43877575E050)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: O CONFACK [ACKrcvd] id 4 len 16
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP:    PrimaryDNS 44.133.224.77 (0x45388375E04D)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP:    SecondaryDNS 44.133.224.80 (0x43877575E050)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: State is Open
Feb 21 2011 22:26:19.732 UTC: Vi3.1 IPCP: I TERMREQ [Open] id 5 len 40


Following is the 7401's configuration

version 12.3
no service dhcp
!
hostname cisco7401asr
!
boot-start-marker
boot system flash disk0:c7400-is-mz.123-17a.bin
boot system flash disk0:c7400-js-mz.123-1a.bin
boot-end-marker
!
aaa new-model
!
aaa authentication ppp default group radius
aaa session-id common
ip subnet-zero
!
ip cef
ip name-server 44.133.224.77
ip name-server 44.133.224.80
!
vpdn enable
!
vpdn-group 1
 description Qwest DSL
 accept-dialin
  protocol pppoe
  virtual-template 1
 pppoe limit per-vc 1
 
[  .. SNIP ..  ]

vc-class atm default
  ubr 7168
  encapsulation aal5autoppp Virtual-Template1
  no create on-demand
  
[  .. SNIP ..  ]

interface Virtual-Template1
 ip unnumbered GigabitEthernet0/0
 ip mtu 1492
 no peer default ip address
 ppp authentication chap pap
 ppp ipcp dns 44.133.224.77 44.133.224.80
 ppp ipcp address required
 ppp ipcp address unique
 
[  .. SNIP ..  ]

radius-server attribute nas-port format d
radius-server host 44.133.224.78 auth-port 1645 acct-port 1646
radius-server key 7 ABCDEFGHIJK




More information about the cisco-nsp mailing list