[c-nsp] Weird ISG behaviour

Alexander Shikoff minotaur at crete.org.ua
Mon Feb 6 15:41:49 EST 2012


Hello,

I'm trying to set up Cisco ISG on 7206VXR NPE-G2 platform for DHCP termination.
ISG works as DHCP relay.

Control Policy is quite simple:
policy-map type control DHCP-Subscriber
 class type control always event session-start
  10 authorize aaa list DHCP-BRAS identifier remote-id plus circuit-id plus mac-address separator #
 !
 class type control always event session-restart
  10 authorize aaa list DHCP-BRAS identifier mac-address 

It's applied to appropriate interface:
interface GigabitEthernet0/2.33
 encapsulation dot1Q 33
 ip dhcp relay information trusted
 ip address 178.214.200.1 255.255.255.0
 ip helper-address 178.214.192.2
 ip directed-broadcast
 arp timeout 60
 service-policy type control DHCP-Subscriber
 ip subscriber l2-connected
  initiator dhcp class-aware




The problem is that ISG normally authorizes user but does not bring up a session.
In details: user sends DHCP DISCOVER, event session-start occurs, 
ISG sends Access-Request to a Radius, radius answers with Access-Accept,
DHCP negotiation finishes, user receives an IP address ... and that's all: 
session is down. But if user sends any packet then
event session-restart occurs and ISG brings up session normally.

Debugging showed it seems that ISG cannot apply features:
bras1-gdr.ki#show debugging 
SSS:
  SSS Feature Manager events debugging is on
  SSS Feature Manager detailed events debugging is on
  SSS Feature Manager errors debugging is on

*Feb  6 19:48:02.366: SSF[IP Config]: AAA feature IP Config created, for Per-user configuration source
*Feb  6 19:48:02.366: SSF[keepalive]: AAA feature keepalive created, for Per-user configuration source
*Feb  6 19:48:02.374: SSF[Gi0/2.33/uid:29]: Apply Interface configured features
*Feb  6 19:48:02.374: SSF[Gi0/2.33/uid:29]: Segment bound to a Interface configuration source Success
*Feb  6 19:48:02.374: SSF[uid:29]: Apply Per-user configured features
*Feb  6 19:48:02.374: SSF[uid:29/keepalive]: Applying feature on segment
*Feb  6 19:48:02.374: SSF[uid:29/keepalive]: Adding inbound direction feature context to segment
*Feb  6 19:48:02.374: SSF[uid:29/keepalive]: Successfully applied feature on segment
*Feb  6 19:48:02.374: SSF[uid:29]: Segment bound to a Per-user configuration source Success
*Feb  6 19:48:02.374: SSF[uid:29/keepalive]: Start 10 sec timer
*Feb  6 19:48:02.374: SSF[pms-1M/TC]: AAA feature TC created, for Service Profile configuration source
*Feb  6 19:48:02.374: SSF[pms-1M/IP Config]: AAA feature IP Config created, for Service Profile configuration source
*Feb  6 19:48:02.374: SSF[pms-1M/Policing]: AAA feature Policing created, for Service Profile configuration source
*Feb  6 19:48:02.378: SSF[pms-1M/uid:29]: Apply Service Profile configured features
*Feb  6 19:48:02.378: SSF[pms-1M/uid:29/TC]: Applying feature on segment
*Feb  6 19:48:02.378: SSF[uid:29/TC]: Adding inbound direction feature context to segment
*Feb  6 19:48:02.378: SSF[uid:29/TC]: Adding outbound direction feature context to segment
*Feb  6 19:48:02.378: SSF[pms-1M/uid:29/TC]: Successfully applied feature on segment
*Feb  6 19:48:02.378: SSF[pms-1M/uid:29]: Segment bound to a Service Profile configuration source Success
*Feb  6 19:48:02.378: SSF[Gi0/2.33/uid:29]: Disassociated segment from Interface configuration source
*Feb  6 19:48:02.378: SSF[pms-1M/uid:29/TC]: Removing feature on segment
*Feb  6 19:48:02.378: SSF[uid:29/TC]: Removing inbound direction feature context from segment
*Feb  6 19:48:02.378: SSF[uid:29/TC]: Removing outbound direction feature context from segment
*Feb  6 19:48:02.378: SSF[pms-1M/uid:29/TC]: Successfully removed feature on segment
*Feb  6 19:48:02.378: SSF[pms-1M/uid:29]: Disassociated segment from Service Profile configuration source
*Feb  6 19:48:02.378: SSF[uid:29/keepalive]: Removing feature from segment
*Feb  6 19:48:02.378: SSF[uid:29/keepalive]: Stop timer
*Feb  6 19:48:02.378: SSF[uid:29/keepalive]: Stop timer
*Feb  6 19:48:02.378: SSF[uid:29/keepalive]: Removing inbound direction feature context from segment
*Feb  6 19:48:02.378: SSF[uid:29]: Disassociated segment from Per-user configuration source
*Feb  6 19:48:02.382: SSF: Cannot find peer segment from Lterm segment:9899
*Feb  6 19:48:02.386: SSF[pms-1M/uid:30]: Apply Service Profile configured features
*Feb  6 19:48:02.390: SSF[uid:30/Policing]: Adding inbound direction feature context to segment
*Feb  6 19:48:02.390: SSF[uid:30/Policing]: Adding outbound direction feature context to segment
*Feb  6 19:48:02.390: SSF[pms-1M/uid:30]: Segment bound to a Service Profile configuration source Success
*Feb  6 19:48:02.390: SSF[uid:30/Policing]: Removing inbound direction feature context from segment
*Feb  6 19:48:02.390: SSF[uid:30/Policing]: Removing outbound direction feature context from segment
*Feb  6 19:48:02.390: SSF[pms-1M/uid:30]: Disassociated segment from Service Profile configuration source

Has anyone expirienced such behaviour before? I'm ready to provide 
additional debug info on request. Thanks a lot!

-- 
MINO-RIPE


More information about the cisco-nsp mailing list