ISGDEV2#sh log Syslog logging: enabled (0 messages dropped, 1 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) Console logging: level debugging, 389 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 176 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 389 messages logged, xml disabled, filtering disabled Exception Logging: size (8192 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. Trap logging: level informational, 44 message lines logged Log Buffer (100000 bytes): *Jun 18 00:04:08.839: L2TP: I SCCRQ from MY-ISG tnl 53834 *Jun 18 00:04:08.839: Tnl 26393 L2TP: Got a challenge in SCCRQ, MY-ISG *Jun 18 00:04:08.839: Tnl 26393 L2TP: Tunnel Authorization started for host MY-ISG *Jun 18 00:04:08.839: Tnl 26393 L2TP: New tunnel created for remote MY-ISG, address y.y.78.242 *Jun 18 00:04:08.839: L2X: Tunnel author reply found L2X info *Jun 18 00:04:08.839: Tnl 26393 L2TP: Got a challenge in SCCRQ, MY-ISG *Jun 18 00:04:08.839: Tnl 26393 L2TP: O SCCRP to MY-ISG tnlid 53834 *Jun 18 00:04:08.839: Tnl 26393 L2TP: Control channel retransmit delay set to 1 seconds *Jun 18 00:04:08.839: Tnl 26393 L2TP: Tunnel state change from idle to wait-ctl-reply *Jun 18 00:04:08.839: Tnl 26393 L2TP: I SCCCN from MY-ISG tnl 53834 *Jun 18 00:04:08.839: Tnl 26393 L2TP: Got a response in SCCCN, from remote peer MY-ISG *Jun 18 00:04:08.839: Tnl 26393 L2TP: Tunnel Authentication success *Jun 18 00:04:08.839: Tnl 26393 L2TP: Tunnel auth counter, Challenge/Response AVP Passed, now 3 *Jun 18 00:04:08.839: Tnl 26393 L2TP: Control connection authentication skipped/passed. *Jun 18 00:04:08.839: Tnl 26393 L2TP: Tunnel auth counter, Overall Passed, now 3 *Jun 18 00:04:08.839: Tnl 26393 L2TP: Tunnel state change from wait-ctl-reply to established *Jun 18 00:04:08.839: Tnl 26393 L2TP: SM State established *Jun 18 00:04:08.839: Tnl 26393 L2TP: Perform early message digest validation for ICRQ *Jun 18 00:04:08.839: Tnl 26393 L2TP: Control connection authentication skipped/passed. *Jun 18 00:04:08.839: Tnl 26393 L2TP: Tunnel auth counter, Overall Skipped, now 7 *Jun 18 00:04:08.839: Tnl 26393 L2TP: I ICRQ from MY-ISG tnl 53834 *Jun 18 00:04:08.839: L2X Session DB (Tnl/Sn: 26393/4): Stored the control session in the session DB *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: Create session *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: Session state change from idle to wait-connect *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: PW-MGMT: PW peer y.y.78.242, vcid 0 *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: PW-MGMT: Reason [Protocol DOWN] *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: PW-MGMT: Local VC DOWN, Remote VC DOWN *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: PW-MGMT: Provisioned NO, Established NO *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: PW-MGMT: No change in PW state *Jun 18 00:04:08.839: Tnl/Sn 26393/4 L2TP: Accepted ICRQ, new session created *Jun 18 00:04:08.839: uid:3 Tnl/Sn 26393/4 L2TP: O ICRP to MY-ISG 53834/109 *Jun 18 00:04:08.839: Tnl 26393 L2TP: Control channel retransmit delay set to 1 seconds *Jun 18 00:04:08.843: Tnl 26393 L2TP: Perform early message digest validation for ICCN *Jun 18 00:04:08.843: Tnl 26393 L2TP: Control connection authentication skipped/passed. *Jun 18 00:04:08.843: Tnl 26393 L2TP: Tunnel auth counter, Overall Skipped, now 8 *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: I ICCN from MY-ISG tnl 53834, cl 109 *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: Session state change from wait-connect to wait-for-service-selection-iccn *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: PW-MGMT: PW peer y.y.78.242, vcid 0 *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: PW-MGMT: Reason [Protocol DOWN] *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: PW-MGMT: Local VC DOWN, Remote VC DOWN *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: PW-MGMT: Provisioned NO, Established NO *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: PW-MGMT: No change in PW state *Jun 18 00:04:08.843: uid:3 Tnl/Sn 26393/4 L2TP: L2X session data plane setup successful *Jun 18 00:04:08.843: L2X Session DB (Tnl/Sn: 26393/4): Stored the switching session in the session DB *Jun 18 00:04:08.843: L2TP:(Tnl26393:Sn4)L2X s/w switching session provisioned *Jun 18 00:04:08.843: PPP: Alloc Context [4652E08] *Jun 18 00:04:08.843: ppp3 PPP: Phase is ESTABLISHING *Jun 18 00:04:08.843: ppp3 PPP: Using AAA Unique Id = 12 *Jun 18 00:04:08.843: ppp3 PPP: Authorization required *Jun 18 00:04:08.843: ppp3 LCP: Event[Jam Start] New State[Closed] *Jun 18 00:04:08.843: ppp3 LCP: I FORCED rcvd CONFACK len 19 *Jun 18 00:04:08.843: ppp3 LCP: MRU 1492 (0x010405D4) *Jun 18 00:04:08.843: ppp3 LCP: AuthProto CHAP (0x0305C22305) *Jun 18 00:04:08.843: ppp3 LCP: MagicNumber 0x4C5594AF (0x05064C5594AF) *Jun 18 00:04:08.843: ppp3 LCP: I FORCED sent CONFACK len 14 *Jun 18 00:04:08.843: ppp3 LCP: MRU 1492 (0x010405D4) *Jun 18 00:04:08.843: ppp3 LCP: MagicNumber 0x234558BF (0x0506234558BF) *Jun 18 00:04:08.843: ppp3 LCP: Event[Jam UP] New State[Open] *Jun 18 00:04:08.863: ppp3 PPP: Phase is FORWARDING, Attempting Forward *Jun 18 00:04:08.863: ppp3 LCP: State is Open *Jun 18 00:04:08.935: ppp3 PPP: Phase is AUTHENTICATING, Unauthenticated User *Jun 18 00:04:08.935: ppp3 PPP: Sent CHAP LOGIN Request *Jun 18 00:04:08.935: ppp3 PPP: Received LOGIN Response PASS *Jun 18 00:04:08.935: ppp3 PPP AUTHOR: Author Data NOT Available *Jun 18 00:04:08.935: ppp3 PPP: Phase is FORWARDING, Attempting Forward *Jun 18 00:04:08.935: uid:3 Tnl/Sn 26393/4 L2TP: Virtual interface created for igun@cisco.com bandwidth 100000 Kbps *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: Virtual interface created for igun@cisco.com, bandwidth 100000 Kbps *Jun 18 00:04:08.935: L2TP:(Tnl26393:Sn4)L2X s/w session mode changed to L2_L3 *Jun 18 00:04:08.935: L2TP:(Tnl26393:Sn4)L2X s/w switching session bound *Jun 18 00:04:08.935: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User *Jun 18 00:04:08.935: Vi2.1 LCP AUTHOR: No Author Data to process *Jun 18 00:04:08.935: Vi2.1 CHAP: O SUCCESS id 1 len 4 *Jun 18 00:04:08.935: Vi2.1 PPP: Reducing MTU to peer's MRU *Jun 18 00:04:08.935: Vi2.1 PPP: Phase is UP *Jun 18 00:04:08.935: Vi2.1 IPCP: Protocol configured, start CP. state[Initial] *Jun 18 00:04:08.935: Vi2.1 IPCP: Event[OPEN] New State[Starting] *Jun 18 00:04:08.935: Vi2.1 PPP: Sent IPCP AUTHOR Request *Jun 18 00:04:08.935: Vi2.1 IPCP: Authorizing CP *Jun 18 00:04:08.935: Vi2.1 IPCP: CP stalled on event[Authorize CP] *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: Session state change from wait-for-service-selection-iccn to established *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: VPDN session up *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: PW peer y.y.78.242, vcid 0 *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: Reason [Protocol UP] *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: Local VC DOWN, Remote VC DOWN *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: Provisioned NO, Established YES *Jun 18 00:04:08.935: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: No change in PW state *Jun 18 00:04:08.983: Vi2.1 IPCP: Received AAA AUTHOR Response FAIL *Jun 18 00:04:08.983: Vi2.1 IPCP: Event[CLOSE] New State[Initial] *Jun 18 00:04:09.011: Vi2.1 CCP: I CONFREQ [UNKNOWN] id 6 len 10 *Jun 18 00:04:09.011: Vi2.1 CCP: MS-PPC supported bits 0x00000001 (0x120600000001) *Jun 18 00:04:09.011: Vi2.1 LCP: O PROTREJ [Open] id 1 len 16 protocol CCP (0x0106000C120600000001) *Jun 18 00:04:09.011: Vi2.1 IPCP: I CONFREQ [Initial] id 7 len 34 *Jun 18 00:04:09.011: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:09.011: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) *Jun 18 00:04:09.011: Vi2.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) *Jun 18 00:04:09.011: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) *Jun 18 00:04:09.011: Vi2.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) *Jun 18 00:04:09.011: Vi2.1 IPCP: Store stalled packet [570CAC8] *Jun 18 00:04:10.403: Vi2.1 IPCP: I CONFREQ [Initial] id 8 len 34 *Jun 18 00:04:10.403: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:10.403: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) *Jun 18 00:04:10.403: Vi2.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) *Jun 18 00:04:10.403: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) *Jun 18 00:04:10.403: Vi2.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) *Jun 18 00:04:10.403: Vi2.1 IPCP: Update stall packet id [7] to [8] *Jun 18 00:04:13.423: Vi2.1 IPCP: I CONFREQ [Initial] id 9 len 34 *Jun 18 00:04:13.423: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:13.423: Vi2.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000) *Jun 18 00:04:13.423: Vi2.1 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000) *Jun 18 00:04:13.423: Vi2.1 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000) *Jun 18 00:04:13.423: Vi2.1 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000) *Jun 18 00:04:13.423: Vi2.1 IPCP: Update stall packet id [8] to [9] *Jun 18 00:04:21.427: Vi2.1 IPCP: I CONFREQ [Initial] id 11 len 10 *Jun 18 00:04:21.427: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:21.427: Vi2.1 IPCP: Currently stalled packet. Discard incoming packet *Jun 18 00:04:25.615: Vi2.1 IPCP: I CONFREQ [Initial] id 12 len 10 *Jun 18 00:04:25.615: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:25.615: Vi2.1 IPCP: Currently stalled packet. Discard incoming packet *Jun 18 00:04:29.675: Vi2.1 IPCP: I CONFREQ [Initial] id 13 len 10 *Jun 18 00:04:29.675: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:29.675: Vi2.1 IPCP: Currently stalled packet. Discard incoming packet *Jun 18 00:04:33.863: Vi2.1 IPCP: I CONFREQ [Initial] id 14 len 10 *Jun 18 00:04:33.863: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:33.863: Vi2.1 IPCP: Currently stalled packet. Discard incoming packet *Jun 18 00:04:37.907: Vi2.1 IPCP: I CONFREQ [Initial] id 15 len 10 *Jun 18 00:04:37.907: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:37.907: Vi2.1 IPCP: Currently stalled packet. Discard incoming packet *Jun 18 00:04:41.919: Vi2.1 IPCP: I CONFREQ [Initial] id 16 len 10 *Jun 18 00:04:41.919: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Jun 18 00:04:41.919: Vi2.1 IPCP: Currently stalled packet. Discard incoming packet *Jun 18 00:04:49.819: Vi2.1 LCP: I TERMREQ [Open] id 17 len 16 *Jun 18 00:04:49.819: Vi2.1 LCP: (0x234558BF003CCD7400000000) *Jun 18 00:04:49.819: Vi2.1 IPCP: Illegal event DOWN in state Initial *Jun 18 00:04:49.819: Vi2.1 IPCP: Event[DOWN] New State[Initial] *Jun 18 00:04:49.819: Vi2.1 IPCP: Event[CLOSE] New State[Initial] *Jun 18 00:04:49.819: Vi2.1 LCP: O TERMACK [Open] id 17 len 4 *Jun 18 00:04:49.819: Vi2.1 LCP: Event[Receive TermReq] New State[Stopping] *Jun 18 00:04:49.819: Vi2.1 PPP DISC: Received LCP TERMREQ from peer *Jun 18 00:04:49.819: Vi2.1 PPP: Sending Acct Event[Down] id[12] *Jun 18 00:04:49.819: Vi2.1 PPP: Phase is TERMINATING *Jun 18 00:04:50.271: Tnl 26393 L2TP: Perform early message digest validation for CDN *Jun 18 00:04:50.271: Tnl 26393 L2TP: Control connection authentication skipped/passed. *Jun 18 00:04:50.271: Tnl 26393 L2TP: Tunnel auth counter, Overall Skipped, now 9 *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: I CDN from MY-ISG tnl 53834, cl 109 *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: disconnect (AAA) IETF: 1/user-request Ascend: 28/PPP Receive Term *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: Destroying session *Jun 18 00:04:50.271: L2X Session DB (Tnl/Sn: 26393/4): Removed the control session from the session DB *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: Session state change from established to idle *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: PW peer y.y.78.242, vcid 0 *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: Reason [Protocol DOWN] *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: Local VC DOWN, Remote VC DOWN *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: Provisioned NO, Established NO *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: PW-MGMT: No change in PW state *Jun 18 00:04:50.271: Vi2.1 LCP: Event[CLOSE] New State[Closing] *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: L2X request teardown data plane *Jun 18 00:04:50.271: Vi2.1 Tnl/Sn 26393/4 L2TP: Unbinding session from idb *Jun 18 00:04:50.271: Vi2.1 VPDN: Resetting interface *Jun 18 00:04:50.271: Vi2.1 PPP: Block vaccess from being freed [0x10] *Jun 18 00:04:50.271: Tnl 26393 L2TP: Tunnel state change from established to no-sessions-left *Jun 18 00:04:50.271: Tnl 26393 L2TP: No more sessions in tunnel, shutdown (likely) in 10 seconds *Jun 18 00:04:50.271: Vi2.1 LCP: Event[DOWN] New State[Initial] *Jun 18 00:04:50.271: Vi2.1 PPP: Clearing AAA Unique Id = 12 *Jun 18 00:04:50.271: Vi2.1 PPP: Unlocked by [0x10] Still Locked by [0x0] *Jun 18 00:04:50.271: Vi2.1 PPP: Free previously blocked vaccess *Jun 18 00:04:50.271: Vi2.1 PPP: Phase is DOWN *Jun 18 00:04:50.271: L2TP:(Tnl26393:Sn4)L2X s/w switching session unprovisioned *Jun 18 00:04:50.271: L2X Session DB (Tnl/Sn: 26393/4): Removed the switching session from the session DB *Jun 18 00:04:50.527: Vi2.1 PPP: Free Context [4652E08] *Jun 18 00:05:00.271: Tnl 26393 L2TP: O StopCCN to MY-ISG tnlid 53834 *Jun 18 00:05:00.271: Tnl 26393 L2TP: Control channel retransmit delay set to 1 seconds *Jun 18 00:05:00.271: Tnl 26393 L2TP: Tunnel state change from no-sessions-left to shutting-down *Jun 18 00:05:00.271: Tnl 26393 L2TP: Early authen passing ZLB *Jun 18 00:05:00.271: Tnl 26393 L2TP: Shutdown tunnel *Jun 18 00:05:00.271: Tnl 26393 L2TP: Tunnel state change from shutting-down to idle ISGDEV2#sh run Building configuration... Current configuration : 9162 bytes ! upgrade fpd auto version 12.2 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime no service password-encryption ! hostname ISGDEV2 ! boot-start-marker boot system disk2:c7200p-js-mz.122-31.SB11.bin boot-end-marker ! logging buffered 100000 debugging logging rate-limit 500 enable secret 5 $1$Ud3O$FP59HuaS9BGSbC4Zg5xBG1 ! aaa new-model ! ! aaa group server radius AAA server x.x.100.29 auth-port 1645 acct-port 1646 ip vrf forwarding vpn_internet ip radius source-interface Loopback100 deadtime 10 ! aaa group server radius BBB server x.x.100.29 auth-port 1645 acct-port 1646 ip radius source-interface Loopback100 deadtime 10 ! aaa authentication login default local aaa authentication ppp default local aaa authentication ppp pradius group AAA group BBB aaa authorization config-commands aaa authorization network default group AAA aaa authorization network pradius group AAA group BBB aaa authorization subscriber-service pradius group AAA group BBB aaa accounting delay-start all aaa accounting update newinfo aaa accounting exec pradius start-stop group AAA group BBB aaa accounting network pradius start-stop group AAA group BBB ! ! ! ! aaa session-id common clock timezone JKT 7 ip subnet-zero ! ! no ip domain lookup no ip dhcp use vrf connected ! ! ip vrf sce rd 65500:127 route-target export 65500:10024 route-target export 65500:10003 route-target export 65500:10001 route-target export 65500:10007 route-target import 65500:10025 route-target import 65500:10101 route-target import 65500:10006 route-target import 65500:10100 route-target import 65500:10024 ! ip vrf vpn_internet rd 65500:99 export map set-community route-target export 65500:10006 route-target export 65500:10003 route-target export 65500:10001 route-target export 65500:10000 route-target import 65500:10006 route-target import 65500:10007 route-target import 65500:10002 route-target import 65500:21001 route-target import 65500:10000 route-target import 65500:10001 ! ip cef ! subscriber feature prepaid prepaid-conf threshold time 0 seconds threshold volume 1000 bytes method-list author pradius method-list accounting pradius password cisco ! subscriber authorization enable vpdn enable ! vpdn-group FromLNS1 accept-dialin protocol l2tp virtual-template 13 terminate-from hostname MY-ISG local name ISGDEV2 lcp renegotiation on-mismatch l2tp tunnel password 0 LNS1LNS2 ! redirect server-group L4REDIRECT server ip x.x.100.250 ! mpls label protocol ldp call rsvp-sync no scripting tcl init no scripting tcl encdir ! ! ! ! ! no file verify auto username fadly password 7 121F04131E12 username igun password 7 070A2C4E4B1B username isafe password 7 0452050200324D5A044B username yahoo privilege 15 password 7 094B41061E021B17 username igun@indonet.net password 7 000D14130A username igun@cisco.com password 0 cisco ! class-map type traffic match-any POLICE-CAR match access-group input name OUT-INTERNET match access-group output name IN-INTERNET ! class-map type control match-any POLICE-CAR match authenticated-username regexp _softex$ match no-username yes match no-username no ! ! class-map match-all type ! policy-map type service -PBHK_SERVICE ip portbundle ! policy-map type service -SOFT_CAP 1 class type traffic POLICE-CAR police input 256000 police output 256000 ! ! policy-map type service LIMIT 20 class type traffic POLICE-CAR police input 256000 128000 5000 police output 256000 128000 5000 ! class type traffic default in-out ! ! policy-map type control RULE5 class type control POLICE-CAR event credit-exhausted 1 service-policy type service name -SOFT_CAP ! class type control POLICE-CAR event session-start 10 service-policy type service name -PBHK_SERVICE 20 service-policy type service name -OPENGARDEN_SERVICE2 ! class type control always event session-start 10 service-policy type service name -PBHK_SERVICE 20 service-policy type service name -OPENGARDEN_SERVICE5 ! class type control always event credit-exhausted 1 service-policy type service name -L4REDIRECT_SERVICE5 ! class type control always event quota-depleted 10 set-param drop-traffic TRUE ! ! ! ! interface Loopback0 ip address x.y.1.122 255.255.255.255 ! interface Loopback100 ip vrf forwarding vpn_internet ip address y.y.78.249 255.255.255.255 ! interface GigabitEthernet0/1 mtu 9216 ip address x.y.16.167 255.255.255.254 ip ospf hello-interval 5 ip ospf dead-interval 15 ip ospf mtu-ignore load-interval 30 media-type sfp speed auto duplex auto negotiation auto mpls mtu 1524 mpls label protocol ldp mpls ip ! interface FastEthernet0/2 no ip address shutdown speed auto duplex auto ! interface GigabitEthernet0/2 ip address y.y.78.241 255.255.255.252 media-type rj45 speed 100 duplex full no negotiation auto ! interface GigabitEthernet0/2.15 encapsulation dot1Q 15 ip vrf forwarding vpn_internet ip address y.y.78.237 255.255.255.252 ! interface GigabitEthernet0/3 no ip address shutdown media-type rj45 speed auto duplex auto negotiation auto ! interface Virtual-Template5 ip unnumbered Loopback100 ip mtu 1420 ip flow ingress ip tcp header-compression ip tcp adjust-mss 1360 no peer default ip address ppp mtu adaptive ppp authentication pap chap optional pradius ppp authorization pradius ppp accounting pradius ppp ms-chap refuse ppp ms-chap-v2 refuse ppp ipcp dns x.x.0.10 x.x.0.15 service-policy type control RULE5 ! interface Virtual-Template13 ip unnumbered GigabitEthernet0/2 peer default ip address pool multihop ppp mtu adaptive ppp authentication chap callin ! router ospf 1 router-id x.y.1.122 log-adjacency-changes network x.y.1.122 0.0.0.0 area 0 network x.y.16.167 0.0.0.0 area 0 ! router bgp 65500 bgp router-id x.y.1.122 bgp log-neighbor-changes neighbor x.x.159.4 remote-as 65500 neighbor x.x.159.4 update-source Loopback0 neighbor x.x.159.5 remote-as 65500 neighbor x.x.159.5 update-source Loopback0 ! address-family ipv4 redistribute connected neighbor x.x.159.4 activate neighbor x.x.159.5 activate no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor x.x.159.4 activate neighbor x.x.159.4 send-community both neighbor x.x.159.4 next-hop-self neighbor x.x.159.5 activate neighbor x.x.159.5 send-community both neighbor x.x.159.5 next-hop-self exit-address-family ! address-family ipv4 vrf vpn_internet redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf sce redistribute connected no auto-summary no synchronization exit-address-family ! ip local pool internet y.y.78.245 y.y.78.246 ip local pool isafe y.y.78.45 y.y.78.46 ip local pool multihop 192.168.1.2 192.168.1.254 ! ip portbundle match access-list 198 ! ip classless ip route 0.0.0.0 0.0.0.0 y.y.78.242 ip route vrf vpn_internet y.y.78.236 255.255.255.252 y.y.78.242 ip route vrf vpn_internet y.y.78.240 255.255.255.252 y.y.78.238 ip route vrf vpn_internet y.y.94.0 255.255.255.248 y.y.78.242 ! ip http server ip http port 8080 ! ! ! ip access-list extended IN-INTERNET permit ip any any ip access-list extended IN-L4R deny ip any host x.x.100.250 permit tcp any any eq www permit tcp any any eq 8080 permit udp any any eq domain ip access-list extended IN-OPEN permit ip any host x.x.0.10 permit ip any host x.x.0.15 permit ip any host x.x.0.20 permit ip any host x.x.100.250 permit ip any host x.x.100.245 deny ip any any ip access-list extended OUT-INTERNET permit ip any any ip access-list extended OUT-L4R permit ip any any ip access-list extended OUT-OPEN permit ip host x.x.0.10 any permit ip host x.x.0.15 any permit ip host x.x.0.20 any permit ip host x.x.100.250 any permit ip host x.x.100.245 any deny ip any any ip radius source-interface Loopback100 vrf vpn_internet access-list 100 permit ip any any access-list 198 permit ip any host x.x.100.250 access-list 198 deny ip any any ! ! mpls ldp router-id Loopback0 force radius-server attribute 44 include-in-access-req radius-server attribute 8 include-in-access-req radius-server attribute 55 access-request include radius-server attribute 25 access-request include radius-server attribute 31 remote-id radius-server host x.x.100.29 auth-port 1645 acct-port 1646 key 7 0945400D161616065B5C55 radius-server host x.x.30.4 auth-port 1645 acct-port 1646 key 7 130C1916041F053E7B7479 radius-server retransmit 5 radius-server timeout 15 radius-server deadtime 7 radius-server key 7 0828424A060A0403425B5D radius-server vsa send accounting radius-server vsa send authentication ! control-plane