[c-nsp] Difference betwen Cisco 7301 and ASR 1002 in vpdn ?

Olivier CALVANO o.calvano at gmail.com
Sun Apr 2 03:59:28 EDT 2017 

Hi,

i have a small problems, i have two router:

On a Old Cisco 7301 :
Cisco IOS Software, 7301 Software (C7301-ADVENTERPRISEK9-M), Version
12.4(24)T8, RELEASE SOFTWARE (fc

with l2tp/ppp forwarding:


vpdn enable
vpdn multihop
vpdn authen-before-forward
vpdn logging
vpdn logging local
vpdn logging tunnel-drop
vpdn history failure table-size 50

vpdn-group LNS
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC-172.16.1.1
 local name LNS-172.16.1.1
 lcp renegotiation always
 no l2tp tunnel authentication
 l2tp tunnel receive-window 500
 l2tp tunnel retransmit retries 7
 l2tp tunnel retransmit timeout min 2
 l2tp tunnel retransmit timeout max 7

interface Virtual-Template1
 mtu 1460
 ip unnumbered Loopback100
 ip tcp adjust-mss 1420
 no logging event link-status
 no peer default ip address
 keepalive 20
 ppp mtu adaptive
 ppp authentication chap ppp-radius
 ppp multilink


on this router, no problems session is received and forwarded to the final
router.




On the Cisco ASR1002:
Cisco IOS XE Software, Version 03.13.06a.S - Extended Support Release
Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M),
Version 15.4(3)S6a, RELEASE SOFTWARE (fc2)

vpdn enable
vpdn multihop
vpdn authen-before-forward
vpdn logging
vpdn logging local
vpdn logging user
vpdn logging tunnel-drop
vpdn history failure table-size 50

vpdn-group LNS
 accept-dialin
  protocol l2tp
  virtual-template 1
 terminate-from hostname LAC-172.16.1.2
 local name LNS-172.16.1.2
 lcp renegotiation always
 no l2tp tunnel authentication
 l2tp tunnel receive-window 500
 l2tp tunnel retransmit retries 7
 l2tp tunnel retransmit timeout min 2
 l2tp tunnel retransmit timeout max 7

interface Virtual-Template1
 mtu 1460
 ip unnumbered Loopback100
 ip tcp adjust-mss 1420
 no logging event link-status
 no peer default ip address
 keepalive 20
 ppp mtu adaptive
 ppp authentication chap ppp-radius
 ppp multilink




It's the same radius server,
radius answer are identic (only change IP and terminate-from, local name)


On the cisco 7301, the session are correctly forwarded, on the ASR no, the
ASR create a interface:
Apr  2 07:12:47.086: VPDN uid:123 Virtual interface created for
username at myrealm bandwidth 25000 Kbps
Apr  2 07:12:47.086: VPDN Vi2.1 Virtual interface created for
username at myrealm, bandwidth 25000 Kbps



a debug radius on ASR:

Apr  2 07:12:47.034: RADIUS/ENCODE(00003352):Orig. component type = VPDN
Apr  2 07:12:47.034: RADIUS: DSL line rate attributes successfully added
Apr  2 07:12:47.035: RADIUS(00003352): Config NAS IP: 172.16.1.2
Apr  2 07:12:47.035: RADIUS(00003352): Config NAS IPv6: ::
Apr  2 07:12:47.035: RADIUS/ENCODE(00003352): acct_session_id: 13128
Apr  2 07:12:47.035: RADIUS(00003352): sending
Apr  2 07:12:47.035: RADIUS(00003352): Send Access-Request to
192.168.50.100:1812 id 1645/123, len 148
Apr  2 07:12:47.035: RADIUS:  authenticator 07 51 45 7E 07 E7 81 19 - CC B0
03 4D AE 43 84 7C
Apr  2 07:12:47.035: RADIUS:  Framed-Protocol     [7]   6   PPP
          [1]
Apr  2 07:12:47.035: RADIUS:  User-Name           [1]   42
 "username at myrealm"
Apr  2 07:12:47.035: RADIUS:  CHAP-Password       [3]   19  *
Apr  2 07:12:47.035: RADIUS:  Connect-Info        [77]  20
 "25000000/149760000"
Apr  2 07:12:47.035: RADIUS:  NAS-Port-Type       [61]  6   ISDN
           [2]
Apr  2 07:12:47.035: RADIUS:  NAS-Port            [5]   6   20123

Apr  2 07:12:47.035: RADIUS:  NAS-Port-Id         [87]  17
 "Uniq-Sess-ID123"
Apr  2 07:12:47.035: RADIUS:  Service-Type        [6]   6   Framed
           [2]
Apr  2 07:12:47.035: RADIUS:  NAS-IP-Address      [4]   6   172.16.1.2

Apr  2 07:12:47.035: RADIUS(00003352): Sending a IPv4 Radius Packet
Apr  2 07:12:47.035: RADIUS(00003352): Started 5 sec timeout
Apr  2 07:12:47.072: RADIUS: Received from id 1645/123 192.168.50.100:1812,
Access-Accept, len 159
Apr  2 07:12:47.072: RADIUS:  authenticator C7 30 3D 06 C2 CF 60 1A - 23 16
3B FE DC 88 2E 86
Apr  2 07:12:47.072: RADIUS:  Service-Type        [6]   6   Outbound
           [5]
Apr  2 07:12:47.073: RADIUS:  Framed-Protocol     [7]   6   PPP
          [1]
Apr  2 07:12:47.073: RADIUS:  Tunnel-Type         [64]  6   00:L2TP
          [3]
Apr  2 07:12:47.073: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4
          [1]
Apr  2 07:12:47.073: RADIUS:  Tunnel-Client-Auth-I[90]  19  "LAC-172.16.1.2"
Apr  2 07:12:47.073: RADIUS:  Tunnel-Server-Auth-I[91]  19  "LNS-172.16.1.2"
Apr  2 07:12:47.073: RADIUS:  Tunnel-Server-Endpoi[67]  15  "172.16.1.200"
Apr  2 07:12:47.073: RADIUS:  Tunnel-Assignment-Id[82]  14  "LNS-Out"
Apr  2 07:12:47.073: RADIUS:  Tunnel-Client-Endpoi[66]  14  "172.16.1.2"
Apr  2 07:12:47.073: RADIUS:  Vendor, Cisco       [26]  34
Apr  2 07:12:47.073: RADIUS:   Cisco AVpair       [1]   28
 "vpdn:l2tp-tunnel-authen=no"
Apr  2 07:12:47.073: RADIUS(00003352): Received from id 1645/123



on the cisco 7301:
Apr  2 07:57:46.146: RADIUS/ENCODE(00938779):Orig. component type = VPDN
Apr  2 07:57:46.146: RADIUS:  AAA Unsupported Attr: interface         [175]
15
Apr  2 07:57:46.146: RADIUS:   55 6E 69 71 2D 53 65 73 73 2D 49 44 35
    [Uniq-Sess-ID5]
Apr  2 07:57:46.146: RADIUS(00938779): Config NAS IP: 172.16.1.1
Apr  2 07:57:46.146: RADIUS/ENCODE(00938779): acct_session_id: 9650947
Apr  2 07:57:46.146: RADIUS(00938779): sending
Apr  2 07:57:46.146: RADIUS(00938779): Send Access-Request to
192.168.50.100:1812 id 1645/21, len 127
Apr  2 07:57:46.146: RADIUS:  authenticator C0 D1 66 19 47 84 B0 E7 - 94 9E
DD A0 71 8E 48 08
Apr  2 07:57:46.146: RADIUS:  Framed-Protocol     [7]   6   PPP
          [1]
Apr  2 07:57:46.146: RADIUS:  User-Name           [1]   29
 "username at myrealm"
Apr  2 07:57:46.146: RADIUS:  CHAP-Password       [3]   19  *
Apr  2 07:57:46.146: RADIUS:  Connect-Info        [77]  12  "4294967295"
Apr  2 07:57:46.146: RADIUS:  NAS-Port-Type       [61]  6   ISDN
           [2]
Apr  2 07:57:46.146: RADIUS:  NAS-Port            [5]   6   20550
Apr  2 07:57:46.146: RADIUS:  NAS-Port-Id         [87]  17
 "Uniq-Sess-ID550"
Apr  2 07:57:46.146: RADIUS:  Service-Type        [6]   6   Framed
           [2]
Apr  2 07:57:46.146: RADIUS:  NAS-IP-Address      [4]   6   172.16.1.1
Apr  2 07:57:46.174: RADIUS: Received from id 1645/21 192.168.50.100:1812,
Access-Accept, len 132
Apr  2 07:57:46.174: RADIUS:  authenticator A6 35 B4 E5 5F 6F EA 68 - 28 CA
8A 15 9D 9B FB 8E
Apr  2 07:57:46.174: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4
          [1]
Apr  2 07:57:46.174: RADIUS:  Tunnel-Server-Endpoi[67]  14  "172.16.1.200"
Apr  2 07:57:46.174: RADIUS:  Tunnel-Type         [64]  6   00:L2TP
          [3]
Apr  2 07:57:46.174: RADIUS:  Message-Authenticato[80]  18
Apr  2 07:57:46.174: RADIUS:   A7 17 FD B0 E4 C8 ED FD 20 E3 C9 C2 BC 44 A8
5E  [???????? ????D?^]
Apr  2 07:57:46.174: RADIUS:  Service-Type        [6]   6   Outbound
           [5]
Apr  2 07:57:46.174: RADIUS:  Tunnel-Assignment-Id[82]  14  "LNS-Out"
Apr  2 07:57:46.174: RADIUS:  Tunnel-Client-Endpoi[66]  14  "172.16.1.1"
Apr  2 07:57:46.174: RADIUS:  Vendor, Cisco       [26]  34
Apr  2 07:57:46.174: RADIUS:   Cisco AVpair       [1]   28
 "vpdn:l2tp-tunnel-authen=no"
Apr  2 07:57:46.174: RADIUS(00938779): Received from id 1645/21



anyone have a idea of my errors ?

regards
Olivier

More information about the cisco-nsp mailing list