[c-nsp] LNS Error %VPDN-3-NORESOURCE:

ar ar_djp at yahoo.com
Fri Jun 15 09:32:30 EDT 2012 

Hi.

Thanks for the reply.

What I noticed today was,

I tried to authenticate one vrf-enabled l2tp session and one global (no-vrf).
The one with VRF can't authenticate. Giving me the error of "LNS no resources for user..."
But the one with no-vrf was able to authenticate successfully. 

My tcpdump on the radius server says Authentication Request, and Authentication Accept.
Router debug also shows CHAP login response is PASS.

I tried also using my other LNS (NPE-G1) and any vrf-enabled session is successful.
Both VRF-enabled and GLobal L2tp session terminates on the same vpdn-group.

I have similar config on both LNS routers.



Here's my LNS config:

vpdn-group 1
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LNS1
 source-ip x.x.x.x
 local name ABC
 lcp renegotiation on-mismatch
 l2tp tunnel password 7 09123456
 l2tp tunnel timeout no-session 600
 ip tos reflect




interface Virtual-Template1
  mtu 1462
 ip unnumbered Loopback0
 ip tcp adjust-mss 1422
 peer default ip address pool LNSPool
 keepalive 60
 ppp authentication chap radius-ppp



Here's the debug pp/aaa/vpdn output:

Jun 15 09:34:07.823: VPDN Received L2TUN socket message Incoming
Jun 15 09:34:07.823: AAA/BIND(000001E7): Bind i/f  
Jun 15 09:34:07.823: VPDN uid:393 L2TUN socket session accept requested
Jun 15 09:34:07.823: VPDN uid:393 Setting up dataplane for L2-L2, no idb
Jun 15 09:34:07.827: VPDN Received L2TUN socket message Connected
Jun 15 09:34:07.827: AAA/BIND(000001E7): Bind i/f Virtual-Template1 
Jun 15 09:34:07.827: VPDN uid:393 VPDN session up
Jun 15 09:34:07.831: AAA/AUTHEN/PPP (000001E7): Pick method list 'radius-ppp' 
Jun 15 09:34:07.831: ppp393 PPP: Sent CHAP LOGIN Request
Jun 15 09:34:07.831: ppp393 PPP: Received LOGIN Response PASS
Jun 15 09:34:07.835: VPDN uid:393 disconnect (L2X) IETF: 9/nas-error Ascend: 62/VPDN No Resources
Jun 15 09:34:07.835: VPDN uid:393 vpdn shutdown session, result=4, error=4, vendor_err=0, syslog_error_code=15, syslog_key_type=1
Jun 15 09:34:07.835: %VPDN-3-NORESOURCE: L2TP LNS  no resources for user xyz at test.net; Result 4, Error 4, SSS Manager disconnected session
Jun 15 09:34:07.835: VPDN uid:393 VPDN/AAA: accounting stop sent
Jun 15 09:34:07.835: ppp393 CHAP: O FAILURE id 1 len 26 msg is "Authentication failure"


thanks



________________________________
 From: Oliver Boehmer (oboehmer) <oboehmer at cisco.com>
To: ar <ar_djp at yahoo.com>; Tim Warnock <timoid at timoid.org> 
Cc: cisco-nsp <cisco-nsp at puck.nether.net> 
Sent: Friday, June 15, 2012 7:19 PM
Subject: RE: [c-nsp] LNS Error %VPDN-3-NORESOURCE:
 

> I tried SRE6 already.
> I got the same error.
> Unfortunately I dont have any TAC support for this box.
> 
> Could this be a possible NPE-G2 problem?
> 
> 
> #sho ver
> Cisco IOS Software, 7200 Software (C7200P-ADVIPSERVICESK9-M), Version
> 12.2(33)SRE6, RELEASE SOFTWARE (fc1)
> 
> 
> Jun 14 23:10:54.455: ppp76 PPP: Sent CHAP LOGIN Request
> Jun 14 23:10:54.455: ppp76 PPP: Received LOGIN Response PASS
> Jun 14 23:10:54.459: %VPDN-3-NORESOURCE: L2TP LNS LNS1 no resources
for user
> test at xyz.net; Result 4, Error 4, SSS Manager disconnected session
> Jun 14 23:10:54.459: ppp76 CHAP: O FAILURE id 1 len 26 msg is
> "Authentication failure"

don't think this is related to the platform, some debugs are in order to
find out what's happening (my l2tp/vpdn skills are a bit rusty, though
;-)

debug radius
debug aaa author
debug aaa per-user
debug vpdn event
debug vpdn error
debug vpdn l2x-ev
debug vpdn l2x-er
debug vpdn sss err
debug vpdn sss ev

can you share the full configs of both devices offline/unicast?

    oli

More information about the cisco-nsp mailing list