[rbak-nsp] Cisco AS5300 L2TP forwarding to Redback SmartEdge
Ian Calderbank
ian at calderbankconsulting.co.uk
Tue Mar 16 16:55:37 EDT 2010
Carl,,
I've done cisco lac to redback LNS countless times. Spent 1 year debugging
all the nitty interop issues of both vendors l2tp in BT in 2000 :-)
There's something wrong with your smartedge binding config probably:
Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
Cannot bind subscriber <user>@zen.net.uk to valid context
(apologies to rest of list for sales pitch)
I work as a freelance network consulting engineer in the UK. I worked with
dave wylie at zen in your early days of putting redbacks in. I'd be happy to
assist you with this, get it working in no time. Get in touch directly if
you're interested.
Regards
Ian
-----Original Message-----
From: redback-nsp-bounces at puck.nether.net
[mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of
redback-nsp-request at puck.nether.net
Sent: 16 March 2010 19:15
To: redback-nsp at puck.nether.net
Subject: redback-nsp Digest, Vol 27, Issue 9
Send redback-nsp mailing list submissions to
redback-nsp at puck.nether.net
To subscribe or unsubscribe via the World Wide Web, visit
https://puck.nether.net/mailman/listinfo/redback-nsp
or, via email, send a message with subject or body 'help' to
redback-nsp-request at puck.nether.net
You can reach the person managing the list at
redback-nsp-owner at puck.nether.net
When replying, please edit your Subject line so it is more specific than
"Re: Contents of redback-nsp digest..."
Today's Topics:
1. Re: Cisco AS5300 L2TP forwarding to Redback SmartEdge
(redback-nsp)
----------------------------------------------------------------------
Message: 1
Date: Tue, 16 Mar 2010 19:14:19 -0000
From: "redback-nsp" <redback-nsp at caarl.co.uk>
To: "'Frans Legdeur'" <frans at falco-networks.com>,
<redback-nsp at puck.nether.net>
Subject: Re: [rbak-nsp] Cisco AS5300 L2TP forwarding to Redback
SmartEdge
Message-ID: <35EB5FAFA100456EA758AA62C6349A89 at csimpson01>
Content-Type: text/plain; charset="us-ascii"
Hi Frans,
I'm not clear on how to check what PPP parameters are being used by each
device; nothing like MRRU is explicitly configured; should I be looking in
any particular debug output for this?
A fragment of the debug output from the Redback is below; it suggests an
issue with authentication although I may just be miss-interpreting it. I'm
unclear as to why the subscriber cannot be bound to the context which exists
and is able to terminate DSL subscribers forwarded to it from other Redback
SEs. RADIUS configuration is also exactly the same for the LNS as it is
when terminating DSL forwarded subscribers.
Mar 12 15:02:19: %L2TP-7-SESFSM: sp_lac:9231:8074 FSM event LNS-READY
[Wait-LNS-ready -> Wait-ICCN]
Mar 12 15:02:19: %L2TP-7-PPA: Unpacking messages from PPA, total length:28,
msg type len:28
Mar 12 15:02:19: %L2TP-7-PPA: Received SESSION_BIND msg #1 from PPA,
remaining len:0
Mar 12 15:02:19: %L2TP-7-PPA: Received bind from L2TP SLOT 01/0 for circuit
255/16:1023:63/5/2/1
Mar 12 15:02:19: %L2TP-7-PPA: Unpacking messages from PPA, total length:28,
msg type len:28
Mar 12 15:02:19: %L2TP-7-PPA: Received SESSION_BIND msg #1 from PPA,
remaining len:0
Mar 12 15:02:19: %L2TP-7-PPA: Received bind from L2TP SLOT 01/1 for circuit
255/16:1023:63/5/2/1
Mar 12 15:02:19: %L2TP-7-ISM: 255/16:1023:63/5/2/1: no aaa_index
Mar 12 15:02:19: %L2TP-7-ISM: L2TP-cfg 255/16:1023:63/5/2/1 [PPP] [SB] LNS
L:9231/8074 Rs:13
Mar 12 15:02:19: %L2TP-7-PKT: RX sp_lac:9231 <3:2> ICCN L:150 T:9231 S:8074
Mar 12 15:02:19: %L2TP-7-AVP: M Len= 2 IETF Message-Type=ICCN
Mar 12 15:02:19: %L2TP-7-AVP: M Len= 4 IETF TX-Connect-Speed=44000
Mar 12 15:02:19: %L2TP-7-AVP: Len= 4 IETF Rx-Connect-Speed=28800
Mar 12 15:02:19: %L2TP-7-AVP: M Len= 4 IETF Framing-Type=Async
Mar 12 15:02:19: %L2TP-7-AVP: Len=20 IETF
Last-TX-ConfReq=0206000a00000304c02305067fd09d7e07020802
Mar 12 15:02:19: %L2TP-7-AVP: Len=16 IETF
Last-RX-ConfReq=020600000000050631b44f3c07020802
Mar 12 15:02:19: %L2TP-7-AVP: Len= 2 IETF Proxy-Authen-ID=33
Mar 12 15:02:19: %L2TP-7-AVP: Len=16 IETF
Proxy-Authen-Name=<user>@zen.net.uk
Mar 12 15:02:19: %L2TP-7-AVP: Len= 8 IETF
Proxy-Authen-Response=<password removed>
Mar 12 15:02:19: %L2TP-7-AVP: Len= 2 IETF Proxy-Authen-Type=PAP
Mar 12 15:02:19: %L2TP-7-SES: sp_lac:9231:8074 Received ICCN
Mar 12 15:02:19: %L2TP-7-AAA: sp_lac:9231:8074: tx speed: 44000 rx speed:
28800
Mar 12 15:02:19: %L2TP-7-SESFSM: Running SES event RECV_ICCN on
sp_lac:9231:8074
Mar 12 15:02:19: %L2TP-7-ISM: sp_lac:9231:8074 ism ses state change state:
Established
Mar 12 15:02:19: %L2TP-7-SESFSM: sp_lac:9231:8074 FSM event RECV_ICCN
[Wait-ICCN -> Established]
Mar 12 15:02:19: %L2TP-7-PPP: Starting LNS PPP session for sp_lac:9231:8074
Mar 12 15:02:19: %L2TP-7-PPP: RenegMRU: 0 FragMru: 2 RenegLCP: 1
Mar 12 15:02:19: %L2TP-7-WINDOW: sp_lac:9231 Sending ZLB ack Ns=2 Nr=4
Mar 12 15:02:19: %L2TP-7-PKT: TX sp_lac:9231 <2:4> ZLB L:12 T:11198 S:0
Mar 12 15:02:19: %L2TP-7-ISM: sp_lac:9231:8074 ism ses state change state:
Established
Mar 12 15:02:19: %L2TP-7-PPA: FWD Processing tun sp_lac:9231 in state
Established (chg: 4)
Mar 12 15:02:19: %L2TP-7-PPA: PPA already up to date for sp_lac:9231
Mar 12 15:02:19: %L2TP-7-PPP: Peer ACCM received : 0 0
Mar 12 15:02:19: %L2TP-7-PPP: OUR ACCM received : a0000
Mar 12 15:02:19: %L2TP-7-SES: sp_lac:9231:8074 Sending SLI, Tx ACCM:
00000000 Rx ACCM: 0x000a0000
Mar 12 15:02:19: %L2TP-7-PKT: TX sp_lac:9231 <2:4> SLI L:36 T:11198 S:13
Mar 12 15:02:19: %L2TP-7-AVP: M Len= 2 IETF Message-Type=SLI
Mar 12 15:02:19: %L2TP-7-AVP: M Len=10 IETF ACCM=000000000000000a0000
Mar 12 15:02:19: %L2TP-7-PKT: RX sp_lac:9231 <4:3> ZLB L:12 T:9231 S:0
Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
Cannot bind subscriber <user>@zen.net.uk to valid context
Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-3-ERR: aaa_idx 10000002: Can't
find pvd_idx ffffffff
Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
aaa_remove_session_from_trees: remove session that is not bound to any
context yet
Mar 12 15:02:20: %L2TP-7-ISM: 255/16:1023:63/5/2/1: no aaa_index
Mar 12 15:02:20: %L2TP-7-ISM: L2TP-cfg 255/16:1023:63/5/2/1 [PPP] [SB] LNS
L:9231/8074 Rs:13
Mar 12 15:02:20: %L2TP-7-ISM: SUB down cplt 255/16:1023:63/5/2/1 tc:24 (ses)
Mar 12 15:02:20: %L2TP-7-PKT: TX sp_lac:9231 <3:4> CDN L:93 T:11198 S:13
Mar 12 15:02:20: %L2TP-7-AVP: M Len= 2 IETF Message-Type=CDN
Mar 12 15:02:20: %L2TP-7-AVP: M Len= 2 IETF Assigned-Session-ID=8074
Mar 12 15:02:20: %L2TP-7-AVP: Len=27 IETF PPP-Disc-Cause=16:C223:1
Authentication failure
Mar 12 15:02:20: %L2TP-7-AVP: M Len=26 IETF
Result-Code=(2,6):Authentication failure
Mar 12 15:02:20: %L2TP-7-SESABORT: sp_lac:9231:8074 local abort:
Authentication failure (tc 24)
Mar 12 15:02:20: %L2TP-7-SESFSM: Running SES event LOCAL_CLOSE on
sp_lac:9231:8074
Mar 12 15:02:20: %L2TP-7-SESFSM: sp_lac:9231:8074 FSM event LOCAL_CLOSE
[Established -> Idle]
The initial purpose of my post was to try and establish if anyone has tried
L2TP forwarding dialup users from an AS5300 to a SE and gauge if it is worth
putting effort into trying to make it work. If however anyone can point out
anything simple that I may be missing based on the above information it
would be much appreciated.
Regards,
Carl
_____
From: redback-nsp-bounces at puck.nether.net
[mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of Frans Legdeur
Sent: 15 March 2010 15:27
To: Carl Simpson; redback-nsp at puck.nether.net
Subject: Re: [rbak-nsp] Cisco AS5300 L2TP forwarding to Redback SmartEdge
Hi Carl,
Have you tried:
Debug aaa authen
Debug aaa author
Debug aaa rad-attr
Watch the output closely, you might see some attributes failing to find a
place to hook them on.
Be aware that the SE400 doesn't support compression algorithms.
Another caveat is that the first negotiation is done between client and
AS5300, and secondly is done between client and SE400.
If these have different parameters for PPP, like MRRU, the client might
expect a man-in-the-middle attack and close connection directly.
Keep all negotiated info between AS5300 and SE400 the same, else debug PPP
negotiation to see where it fails on ...
Kind regards,
Frans.
_____
From: Carl Simpson <carl.simpson at zeninternet.co.uk>
Date: Mon, 15 Mar 2010 14:56:59 +0000
To: <redback-nsp at puck.nether.net>
Subject: [rbak-nsp] Cisco AS5300 L2TP forwarding to Redback SmartEdge
Hi All,
I'm trying to dial in to a Cisco AS5300 and have it L2TP forward the PPP
session to a context on a Redback Smart Edge for termination.
Dialup modem ---> AS5300(LAC) ---> SE400 (LNS)
Does anyone know if this is possible or have any experience (successful or
unsuccessful) of doing this?
I've got as far as the AS5300 seemingly bringing up the L2TP tunnel
successfully but the SE fails to terminate dialup users PPP session in the
context specified by RADIUS.
I can provide debug/log message if anyone can help.
Thanks,
Carl
--
Carl Simpson
Senior Network Engineer, Zen Internet
T: 0845 058 9168
F: 0845 058 9005
W: http://www.zen.co.uk <http://www.zen.co.uk/>
Zen Internet - the only broadband provider to be awarded a Best Buy in
Which?'s latest broadband survey - now up to 20Mbps
www.zen.co.uk/Broadband/20Mbps
<http://www.zen.co.uk/Broadband/20Mbps%3Chttp://ww
<http://www.zen.co.uk/Broadband/20Mbps%3Chttp:/ww> >
Please consider your environmental responsibility before printing this
e-mail
Zen Internet is ISO 14001:2004 Registered
This email is confidential, may be legally privileged or otherwise protected
from disclosure, and is sent for the attention of the intended recipient. If
you are not the intended recipient of this email; please contact the sender
and delete it from your system; you must not copy, reproduce, disclose to
any other person, or otherwise use the contents of it or any attachment.
Copyright in documents created by or on behalf of Zen Internet Limited
remains vested in Zen Internet Limited.
Zen Internet Limited is registered in England and Wales Sandbrook Park,
Sandbrook Way, Rochdale OL11 1RY Company No. 03101568 VAT Reg No. 686 0495
01
_____
_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://puck.nether.net/pipermail/redback-nsp/attachments/20100316/2753f888
/attachment.html>
------------------------------
_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp
End of redback-nsp Digest, Vol 27, Issue 9
******************************************
More information about the redback-nsp
mailing list