[c-nsp] Difference betwen Cisco 7301 and ASR 1002 in vpdn ?
Olivier CALVANO
o.calvano at gmail.com
Sun Apr 2 04:39:45 EDT 2017
thank, but this line are on the cisco 7301 (and that's work on this router)
2017-04-02 10:26 GMT+02:00 Tim Warnock <timoid at timoid.org>:
> I'd start here:
>
> Apr 2 07:57:46.146: RADIUS: AAA Unsupported Attr: interface
> [175] 15
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Olivier CALVANO
> Sent: Sunday, 2 April 2017 5:59 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] Difference betwen Cisco 7301 and ASR 1002 in vpdn ?
>
> Hi,
>
> i have a small problems, i have two router:
>
> On a Old Cisco 7301 :
> Cisco IOS Software, 7301 Software (C7301-ADVENTERPRISEK9-M), Version
> 12.4(24)T8, RELEASE SOFTWARE (fc
>
> with l2tp/ppp forwarding:
>
>
> vpdn enable
> vpdn multihop
> vpdn authen-before-forward
> vpdn logging
> vpdn logging local
> vpdn logging tunnel-drop
> vpdn history failure table-size 50
>
> vpdn-group LNS
> accept-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname LAC-172.16.1.1
> local name LNS-172.16.1.1
> lcp renegotiation always
> no l2tp tunnel authentication
> l2tp tunnel receive-window 500
> l2tp tunnel retransmit retries 7
> l2tp tunnel retransmit timeout min 2
> l2tp tunnel retransmit timeout max 7
>
> interface Virtual-Template1
> mtu 1460
> ip unnumbered Loopback100
> ip tcp adjust-mss 1420
> no logging event link-status
> no peer default ip address
> keepalive 20
> ppp mtu adaptive
> ppp authentication chap ppp-radius
> ppp multilink
>
>
> on this router, no problems session is received and forwarded to the final
> router.
>
>
>
>
> On the Cisco ASR1002:
> Cisco IOS XE Software, Version 03.13.06a.S - Extended Support Release
> Cisco IOS Software, ASR1000 Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M),
> Version 15.4(3)S6a, RELEASE SOFTWARE (fc2)
>
> vpdn enable
> vpdn multihop
> vpdn authen-before-forward
> vpdn logging
> vpdn logging local
> vpdn logging user
> vpdn logging tunnel-drop
> vpdn history failure table-size 50
>
> vpdn-group LNS
> accept-dialin
> protocol l2tp
> virtual-template 1
> terminate-from hostname LAC-172.16.1.2
> local name LNS-172.16.1.2
> lcp renegotiation always
> no l2tp tunnel authentication
> l2tp tunnel receive-window 500
> l2tp tunnel retransmit retries 7
> l2tp tunnel retransmit timeout min 2
> l2tp tunnel retransmit timeout max 7
>
> interface Virtual-Template1
> mtu 1460
> ip unnumbered Loopback100
> ip tcp adjust-mss 1420
> no logging event link-status
> no peer default ip address
> keepalive 20
> ppp mtu adaptive
> ppp authentication chap ppp-radius
> ppp multilink
>
>
>
>
> It's the same radius server,
> radius answer are identic (only change IP and terminate-from, local name)
>
>
> On the cisco 7301, the session are correctly forwarded, on the ASR no, the
> ASR create a interface:
> Apr 2 07:12:47.086: VPDN uid:123 Virtual interface created for
> username at myrealm bandwidth 25000 Kbps
> Apr 2 07:12:47.086: VPDN Vi2.1 Virtual interface created for
> username at myrealm, bandwidth 25000 Kbps
>
>
>
> a debug radius on ASR:
>
> Apr 2 07:12:47.034: RADIUS/ENCODE(00003352):Orig. component type = VPDN
> Apr 2 07:12:47.034: RADIUS: DSL line rate attributes successfully added
> Apr 2 07:12:47.035: RADIUS(00003352): Config NAS IP: 172.16.1.2
> Apr 2 07:12:47.035: RADIUS(00003352): Config NAS IPv6: ::
> Apr 2 07:12:47.035: RADIUS/ENCODE(00003352): acct_session_id: 13128
> Apr 2 07:12:47.035: RADIUS(00003352): sending
> Apr 2 07:12:47.035: RADIUS(00003352): Send Access-Request to
> 192.168.50.100:1812 id 1645/123, len 148
> Apr 2 07:12:47.035: RADIUS: authenticator 07 51 45 7E 07 E7 81 19 - CC B0
> 03 4D AE 43 84 7C
> Apr 2 07:12:47.035: RADIUS: Framed-Protocol [7] 6 PPP
> [1]
> Apr 2 07:12:47.035: RADIUS: User-Name [1] 42
> "username at myrealm"
> Apr 2 07:12:47.035: RADIUS: CHAP-Password [3] 19 *
> Apr 2 07:12:47.035: RADIUS: Connect-Info [77] 20
> "25000000/149760000"
> Apr 2 07:12:47.035: RADIUS: NAS-Port-Type [61] 6 ISDN
> [2]
> Apr 2 07:12:47.035: RADIUS: NAS-Port [5] 6 20123
>
> Apr 2 07:12:47.035: RADIUS: NAS-Port-Id [87] 17
> "Uniq-Sess-ID123"
> Apr 2 07:12:47.035: RADIUS: Service-Type [6] 6 Framed
> [2]
> Apr 2 07:12:47.035: RADIUS: NAS-IP-Address [4] 6 172.16.1.2
>
> Apr 2 07:12:47.035: RADIUS(00003352): Sending a IPv4 Radius Packet
> Apr 2 07:12:47.035: RADIUS(00003352): Started 5 sec timeout
> Apr 2 07:12:47.072: RADIUS: Received from id 1645/123 192.168.50.100:1812
> ,
> Access-Accept, len 159
> Apr 2 07:12:47.072: RADIUS: authenticator C7 30 3D 06 C2 CF 60 1A - 23 16
> 3B FE DC 88 2E 86
> Apr 2 07:12:47.072: RADIUS: Service-Type [6] 6 Outbound
> [5]
> Apr 2 07:12:47.073: RADIUS: Framed-Protocol [7] 6 PPP
> [1]
> Apr 2 07:12:47.073: RADIUS: Tunnel-Type [64] 6 00:L2TP
> [3]
> Apr 2 07:12:47.073: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4
> [1]
> Apr 2 07:12:47.073: RADIUS: Tunnel-Client-Auth-I[90] 19
> "LAC-172.16.1.2"
> Apr 2 07:12:47.073: RADIUS: Tunnel-Server-Auth-I[91] 19
> "LNS-172.16.1.2"
> Apr 2 07:12:47.073: RADIUS: Tunnel-Server-Endpoi[67] 15 "172.16.1.200"
> Apr 2 07:12:47.073: RADIUS: Tunnel-Assignment-Id[82] 14 "LNS-Out"
> Apr 2 07:12:47.073: RADIUS: Tunnel-Client-Endpoi[66] 14 "172.16.1.2"
> Apr 2 07:12:47.073: RADIUS: Vendor, Cisco [26] 34
> Apr 2 07:12:47.073: RADIUS: Cisco AVpair [1] 28
> "vpdn:l2tp-tunnel-authen=no"
> Apr 2 07:12:47.073: RADIUS(00003352): Received from id 1645/123
>
>
>
> on the cisco 7301:
> Apr 2 07:57:46.146: RADIUS/ENCODE(00938779):Orig. component type = VPDN
> Apr 2 07:57:46.146: RADIUS: AAA Unsupported Attr: interface [175]
> 15
> Apr 2 07:57:46.146: RADIUS: 55 6E 69 71 2D 53 65 73 73 2D 49 44 35
> [Uniq-Sess-ID5]
> Apr 2 07:57:46.146: RADIUS(00938779): Config NAS IP: 172.16.1.1
> Apr 2 07:57:46.146: RADIUS/ENCODE(00938779): acct_session_id: 9650947
> Apr 2 07:57:46.146: RADIUS(00938779): sending
> Apr 2 07:57:46.146: RADIUS(00938779): Send Access-Request to
> 192.168.50.100:1812 id 1645/21, len 127
> Apr 2 07:57:46.146: RADIUS: authenticator C0 D1 66 19 47 84 B0 E7 - 94 9E
> DD A0 71 8E 48 08
> Apr 2 07:57:46.146: RADIUS: Framed-Protocol [7] 6 PPP
> [1]
> Apr 2 07:57:46.146: RADIUS: User-Name [1] 29
> "username at myrealm"
> Apr 2 07:57:46.146: RADIUS: CHAP-Password [3] 19 *
> Apr 2 07:57:46.146: RADIUS: Connect-Info [77] 12 "4294967295"
> Apr 2 07:57:46.146: RADIUS: NAS-Port-Type [61] 6 ISDN
> [2]
> Apr 2 07:57:46.146: RADIUS: NAS-Port [5] 6 20550
> Apr 2 07:57:46.146: RADIUS: NAS-Port-Id [87] 17
> "Uniq-Sess-ID550"
> Apr 2 07:57:46.146: RADIUS: Service-Type [6] 6 Framed
> [2]
> Apr 2 07:57:46.146: RADIUS: NAS-IP-Address [4] 6 172.16.1.1
> Apr 2 07:57:46.174: RADIUS: Received from id 1645/21 192.168.50.100:1812,
> Access-Accept, len 132
> Apr 2 07:57:46.174: RADIUS: authenticator A6 35 B4 E5 5F 6F EA 68 - 28 CA
> 8A 15 9D 9B FB 8E
> Apr 2 07:57:46.174: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4
> [1]
> Apr 2 07:57:46.174: RADIUS: Tunnel-Server-Endpoi[67] 14 "172.16.1.200"
> Apr 2 07:57:46.174: RADIUS: Tunnel-Type [64] 6 00:L2TP
> [3]
> Apr 2 07:57:46.174: RADIUS: Message-Authenticato[80] 18
> Apr 2 07:57:46.174: RADIUS: A7 17 FD B0 E4 C8 ED FD 20 E3 C9 C2 BC 44 A8
> 5E [???????? ????D?^]
> Apr 2 07:57:46.174: RADIUS: Service-Type [6] 6 Outbound
> [5]
> Apr 2 07:57:46.174: RADIUS: Tunnel-Assignment-Id[82] 14 "LNS-Out"
> Apr 2 07:57:46.174: RADIUS: Tunnel-Client-Endpoi[66] 14 "172.16.1.1"
> Apr 2 07:57:46.174: RADIUS: Vendor, Cisco [26] 34
> Apr 2 07:57:46.174: RADIUS: Cisco AVpair [1] 28
> "vpdn:l2tp-tunnel-authen=no"
> Apr 2 07:57:46.174: RADIUS(00938779): Received from id 1645/21
>
>
>
> anyone have a idea of my errors ?
>
> regards
> Olivier
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list