[rbak-nsp] Cisco AS5300 L2TP forwarding to Redback SmartEdge

Ian Calderbank ian at calderbankconsulting.co.uk
Tue Mar 16 16:55:37 EDT 2010


Carl,,

I've done cisco lac to redback LNS countless times. Spent 1 year debugging
all the nitty interop issues of both vendors l2tp  in BT in 2000 :-)

 There's something wrong with your smartedge binding config probably:

Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
Cannot bind subscriber <user>@zen.net.uk to valid context

(apologies to rest of list for sales pitch)

I work as a freelance network consulting engineer in the UK. I worked with
dave wylie at zen in your early days of putting redbacks in. I'd be happy to
assist you with this, get it working in no time. Get in touch directly if
you're interested.

Regards
Ian



-----Original Message-----
From: redback-nsp-bounces at puck.nether.net
[mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of
redback-nsp-request at puck.nether.net
Sent: 16 March 2010 19:15
To: redback-nsp at puck.nether.net
Subject: redback-nsp Digest, Vol 27, Issue 9

Send redback-nsp mailing list submissions to
	redback-nsp at puck.nether.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://puck.nether.net/mailman/listinfo/redback-nsp
or, via email, send a message with subject or body 'help' to
	redback-nsp-request at puck.nether.net

You can reach the person managing the list at
	redback-nsp-owner at puck.nether.net

When replying, please edit your Subject line so it is more specific than
"Re: Contents of redback-nsp digest..."


Today's Topics:

   1. Re: Cisco AS5300 L2TP forwarding to Redback SmartEdge
      (redback-nsp)


----------------------------------------------------------------------

Message: 1
Date: Tue, 16 Mar 2010 19:14:19 -0000
From: "redback-nsp" <redback-nsp at caarl.co.uk>
To: "'Frans Legdeur'" <frans at falco-networks.com>,
	<redback-nsp at puck.nether.net>
Subject: Re: [rbak-nsp] Cisco AS5300 L2TP forwarding to Redback
	SmartEdge
Message-ID: <35EB5FAFA100456EA758AA62C6349A89 at csimpson01>
Content-Type: text/plain; charset="us-ascii"

Hi Frans,

 

I'm not clear on how to check what PPP parameters are being used by each
device; nothing like MRRU is explicitly configured; should I be looking in
any particular debug output for this?

 

A fragment of the debug output from the Redback is below; it suggests an
issue with authentication although I may just be miss-interpreting it.  I'm
unclear as to why the subscriber cannot be bound to the context which exists
and is able to terminate DSL subscribers forwarded to it from other Redback
SEs.  RADIUS configuration is also exactly the same for the LNS as it is
when terminating DSL forwarded subscribers. 

 

Mar 12 15:02:19: %L2TP-7-SESFSM: sp_lac:9231:8074 FSM event LNS-READY
[Wait-LNS-ready -> Wait-ICCN]

Mar 12 15:02:19: %L2TP-7-PPA: Unpacking messages from PPA, total length:28,
msg type len:28

Mar 12 15:02:19: %L2TP-7-PPA: Received SESSION_BIND msg #1 from PPA,
remaining len:0

Mar 12 15:02:19: %L2TP-7-PPA: Received bind from L2TP SLOT 01/0 for circuit
255/16:1023:63/5/2/1

Mar 12 15:02:19: %L2TP-7-PPA: Unpacking messages from PPA, total length:28,
msg type len:28

Mar 12 15:02:19: %L2TP-7-PPA: Received SESSION_BIND msg #1 from PPA,
remaining len:0

Mar 12 15:02:19: %L2TP-7-PPA: Received bind from L2TP SLOT 01/1 for circuit
255/16:1023:63/5/2/1

Mar 12 15:02:19: %L2TP-7-ISM: 255/16:1023:63/5/2/1: no aaa_index

Mar 12 15:02:19: %L2TP-7-ISM: L2TP-cfg 255/16:1023:63/5/2/1 [PPP] [SB]  LNS
L:9231/8074 Rs:13

Mar 12 15:02:19: %L2TP-7-PKT: RX sp_lac:9231 <3:2> ICCN L:150 T:9231 S:8074

Mar 12 15:02:19: %L2TP-7-AVP:  M  Len= 2 IETF Message-Type=ICCN

Mar 12 15:02:19: %L2TP-7-AVP:  M  Len= 4 IETF TX-Connect-Speed=44000

Mar 12 15:02:19: %L2TP-7-AVP:     Len= 4 IETF Rx-Connect-Speed=28800

Mar 12 15:02:19: %L2TP-7-AVP:  M  Len= 4 IETF Framing-Type=Async 

Mar 12 15:02:19: %L2TP-7-AVP:     Len=20 IETF
Last-TX-ConfReq=0206000a00000304c02305067fd09d7e07020802

Mar 12 15:02:19: %L2TP-7-AVP:     Len=16 IETF
Last-RX-ConfReq=020600000000050631b44f3c07020802

Mar 12 15:02:19: %L2TP-7-AVP:     Len= 2 IETF Proxy-Authen-ID=33

Mar 12 15:02:19: %L2TP-7-AVP:     Len=16 IETF
Proxy-Authen-Name=<user>@zen.net.uk

Mar 12 15:02:19: %L2TP-7-AVP:     Len= 8 IETF
Proxy-Authen-Response=<password removed>

Mar 12 15:02:19: %L2TP-7-AVP:     Len= 2 IETF Proxy-Authen-Type=PAP

Mar 12 15:02:19: %L2TP-7-SES: sp_lac:9231:8074 Received ICCN

Mar 12 15:02:19: %L2TP-7-AAA: sp_lac:9231:8074: tx speed: 44000 rx speed:
28800

Mar 12 15:02:19: %L2TP-7-SESFSM: Running SES event RECV_ICCN on
sp_lac:9231:8074

Mar 12 15:02:19: %L2TP-7-ISM: sp_lac:9231:8074 ism ses state change state:
Established

Mar 12 15:02:19: %L2TP-7-SESFSM: sp_lac:9231:8074 FSM event RECV_ICCN
[Wait-ICCN -> Established]

Mar 12 15:02:19: %L2TP-7-PPP: Starting LNS PPP session for sp_lac:9231:8074

Mar 12 15:02:19: %L2TP-7-PPP: RenegMRU: 0 FragMru: 2 RenegLCP: 1

Mar 12 15:02:19: %L2TP-7-WINDOW: sp_lac:9231 Sending ZLB ack Ns=2 Nr=4

Mar 12 15:02:19: %L2TP-7-PKT: TX sp_lac:9231 <2:4> ZLB L:12 T:11198 S:0

Mar 12 15:02:19: %L2TP-7-ISM: sp_lac:9231:8074 ism ses state change state:
Established

Mar 12 15:02:19: %L2TP-7-PPA: FWD Processing tun sp_lac:9231 in state
Established (chg: 4)

Mar 12 15:02:19: %L2TP-7-PPA: PPA already up to date for sp_lac:9231

Mar 12 15:02:19: %L2TP-7-PPP: Peer ACCM received : 0 0

Mar 12 15:02:19: %L2TP-7-PPP: OUR ACCM received : a0000

Mar 12 15:02:19: %L2TP-7-SES: sp_lac:9231:8074 Sending SLI, Tx ACCM:
00000000 Rx ACCM: 0x000a0000

Mar 12 15:02:19: %L2TP-7-PKT: TX sp_lac:9231 <2:4> SLI L:36 T:11198 S:13

Mar 12 15:02:19: %L2TP-7-AVP:  M  Len= 2 IETF Message-Type=SLI

Mar 12 15:02:19: %L2TP-7-AVP:  M  Len=10 IETF ACCM=000000000000000a0000

Mar 12 15:02:19: %L2TP-7-PKT: RX sp_lac:9231 <4:3> ZLB L:12 T:9231 S:0

Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
Cannot bind subscriber <user>@zen.net.uk to valid context

Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-3-ERR: aaa_idx 10000002: Can't
find pvd_idx ffffffff

Mar 12 15:02:20: [255/16:1023:63/5/2/1]: %AAA-7-EXCEPT: aaa_idx 10000002:
aaa_remove_session_from_trees: remove session that is not bound to any
context yet

Mar 12 15:02:20: %L2TP-7-ISM: 255/16:1023:63/5/2/1: no aaa_index

Mar 12 15:02:20: %L2TP-7-ISM: L2TP-cfg 255/16:1023:63/5/2/1 [PPP] [SB]  LNS
L:9231/8074 Rs:13

Mar 12 15:02:20: %L2TP-7-ISM: SUB down cplt 255/16:1023:63/5/2/1 tc:24 (ses)

Mar 12 15:02:20: %L2TP-7-PKT: TX sp_lac:9231 <3:4> CDN L:93 T:11198 S:13

Mar 12 15:02:20: %L2TP-7-AVP:  M  Len= 2 IETF Message-Type=CDN

Mar 12 15:02:20: %L2TP-7-AVP:  M  Len= 2 IETF Assigned-Session-ID=8074

Mar 12 15:02:20: %L2TP-7-AVP:     Len=27 IETF PPP-Disc-Cause=16:C223:1
Authentication failure

Mar 12 15:02:20: %L2TP-7-AVP:  M  Len=26 IETF
Result-Code=(2,6):Authentication failure

Mar 12 15:02:20: %L2TP-7-SESABORT: sp_lac:9231:8074 local abort:
Authentication failure (tc 24)

Mar 12 15:02:20: %L2TP-7-SESFSM: Running SES event LOCAL_CLOSE on
sp_lac:9231:8074

Mar 12 15:02:20: %L2TP-7-SESFSM: sp_lac:9231:8074 FSM event LOCAL_CLOSE
[Established -> Idle]

 

The initial purpose of my post was to try and establish if anyone has tried
L2TP forwarding dialup users from an AS5300 to a SE and gauge if it is worth
putting effort into trying to make it work.  If however anyone can point out
anything simple that I may be missing based on the above information it
would be much appreciated.

 

Regards,

 

Carl

 

  _____  

From: redback-nsp-bounces at puck.nether.net
[mailto:redback-nsp-bounces at puck.nether.net] On Behalf Of Frans Legdeur
Sent: 15 March 2010 15:27
To: Carl Simpson; redback-nsp at puck.nether.net
Subject: Re: [rbak-nsp] Cisco AS5300 L2TP forwarding to Redback SmartEdge

 

Hi Carl,

Have you tried:
Debug aaa authen
Debug aaa author
Debug aaa rad-attr

Watch the output closely, you might see some attributes failing to find a
place to hook them on.
Be aware that the SE400 doesn't support compression algorithms.
Another caveat is that the first negotiation is done between client and
AS5300, and secondly is done between client and SE400.
If these have different parameters for PPP, like MRRU, the client might
expect a man-in-the-middle attack and close connection directly.
Keep all negotiated info between AS5300 and SE400 the same, else debug PPP
negotiation to see where it fails on ...

Kind regards,


Frans.



  _____  

From: Carl Simpson <carl.simpson at zeninternet.co.uk>
Date: Mon, 15 Mar 2010 14:56:59 +0000
To: <redback-nsp at puck.nether.net>
Subject: [rbak-nsp] Cisco AS5300 L2TP forwarding to Redback SmartEdge

Hi All,
 
I'm trying to dial in to a Cisco AS5300 and have it L2TP forward the PPP
session to a context on a Redback Smart Edge for termination.
 
Dialup modem ---> AS5300(LAC) ---> SE400 (LNS)
 
Does anyone know if this is possible or have any experience (successful or
unsuccessful) of doing this?
 
I've got as far as the AS5300 seemingly bringing up the L2TP tunnel
successfully but the SE fails to terminate dialup users PPP session in the
context specified by RADIUS.
 
I can provide debug/log message if anyone can help.
 
Thanks,
 
Carl
 

--
Carl Simpson
Senior Network Engineer, Zen Internet
T: 0845 058 9168
F: 0845 058 9005
W: http://www.zen.co.uk <http://www.zen.co.uk/> 

Zen Internet - the only broadband provider to be awarded a Best Buy in
Which?'s latest broadband survey - now up to 20Mbps
www.zen.co.uk/Broadband/20Mbps
<http://www.zen.co.uk/Broadband/20Mbps%3Chttp://ww
<http://www.zen.co.uk/Broadband/20Mbps%3Chttp:/ww> > 
 
Please consider your environmental responsibility before printing this
e-mail
 
Zen Internet is ISO 14001:2004 Registered

This email is confidential, may be legally privileged or otherwise protected
from disclosure, and is sent for the attention of the intended recipient. If
you are not the intended recipient of this email; please contact the sender
and delete it from your system; you must not copy, reproduce, disclose to
any other person, or otherwise use the contents of it or any attachment.
Copyright in documents created by or on behalf of Zen Internet Limited
remains vested in Zen Internet Limited.  

Zen Internet Limited is registered in England and Wales Sandbrook Park,
Sandbrook Way, Rochdale OL11 1RY Company No. 03101568 VAT Reg No. 686 0495
01 







  _____  

_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://puck.nether.net/pipermail/redback-nsp/attachments/20100316/2753f888
/attachment.html>

------------------------------

_______________________________________________
redback-nsp mailing list
redback-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/redback-nsp


End of redback-nsp Digest, Vol 27, Issue 9
******************************************



More information about the redback-nsp mailing list