Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: BBA

duplicate Vi interfaces on 12.4T(22)

  

 
Cisco bba RSS feed   Index | Next | Previous | View Threaded


mauritz at three6five

Jun 22, 2009, 5:21 AM

Post #1 of 4 (3101 views)
Permalink
duplicate Vi interfaces on 12.4T(22)
From:
Mauritz Lewies
<mauritz [at] three6five>
Reply-To:
mauritz [at] three6five
To:
cisco-bba [at] puck
Subject:
cisco-bba] duplicate Vi interfaces
on 12.4T(22)]
Date:
Wed, 17 Jun 2009 16:15:51 +0200



Hi

We're having some weird issues with L2TP terminated links.
L2TP sessions are being terminated and built correctly from Radius sent
config but in some cases the router allocates a Virtual-Access interface
that is already active.

----------------------------------------------
L2TP-DSL-PE2#SHOW VPDn SESS


L2TP Session Information Total tunnels 9 sessions 9


LocID RemID TunID Username, Intf/ State Last Chg
Uniq ID

Vcid,
Circuit

4012 49 14211 550-nti-mabo-ad, Vi4 est 00:35:44
38

4009 33 17734 1-mint-rf [at] bcs-, Vi3 est 04:24:19
30

3987 2355 27602 554-nti-pret-no, Vi6 est 16:38:52
6

1552 11 30424 1-meib-adsl [at] bc, Vi6 est 1d17h
576

3989 894 31125 551-nti-walt-ad, Vi7 est 09:14:24
13

4008 11193 48740 553-nti-pret-we, Vi2 est 04:58:10
31

3986 12 58608 552-nti-baba-ad, Vi4 est 18:02:09
9

3988 936 62131 1-nap-joha-nel-, Vi2 est 12:42:23
11

1553 11 64953 1-mark-adsl [at] bc, Vi8 est 1d17h
577



L2TP-DSL-PE2#SHOW INT VIRTual-Access 6

Virtual-Access6 is up, line protocol is up

Hardware is Virtual Access interface

Description: 554-nti-pret-nort-adsl

Internet address is 172.16.150.154/30

MTU 1452 bytes, BW 1024 Kbit/sec, RxBW 256 Kbit/sec, DLY 100000
usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Open

Open: IPCP

PPPoVPDN vaccess, cloned from AAA, Virtual-Template1

Vaccess status 0x44

Protocol l2tp, tunnel id 27602, session id 3987, loopback not set

Keepalive set (10 sec)

DTR is pulsed for 5 seconds on reset

Last input 00:00:01, output never, output hang never

Last clearing of "show interface" counters 17:49:11

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

30 second input rate 0 bits/sec, 0 packets/sec

30 second output rate 0 bits/sec, 0 packets/sec

177636 packets input, 12441878 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

194012 packets output, 91814604 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 output buffer failures, 0 output buffers swapped out

0 carrier transitions







L2TP-DSL-PE2#sh l2tun | in Vi6

3987 2355 27602 554-nti-pret-no, Vi6 est 16:45:18
6

1552 11 30424 1-meib-adsl [at] bc, Vi6 est 1d17h
576









LocTunID RemTunID Remote Name State Remote Address Sessn L2TP
Class/

Count VPDN
Group

27602 17646 554-nti-pret- est 10.205.17.62 1
L2TP



LocID RemID TunID Username, Intf/ State Last Chg
Uniq ID

Vcid,
Circuit

3987 2355 27602 554-nti-pret-no, Vi6 est 16:46:08
6



LocTunID RemTunID Remote Name State Remote Address Sessn L2TP
Class/

Count VPDN
Group

30424 57600 1-meib est 10.205.20.23 1
L2TP
-------------------------------------------------------------------------------

The only way to resolve this is to clear the VPDN session ID.

The router is a 7206 VXR NPE-400 running 12.4T(22) IP base.

------------------------
vpdn enable
vpdn multihop
vpdn authen-before-forward
vpdn search-order domain
!
vpdn-group L2TP
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
lcp renegotiation always
no l2tp tunnel authentication
l2tp tunnel timeout no-session 1800
l2tp tunnel retransmit retries 7
l2tp tunnel retransmit timeout min 2
l2tp tunnel retransmit timeout max 5
!
interface Virtual-Template1
description L2TP-TEMPLATE
mtu 1452
bandwidth 512
bandwidth receive 256
no ip address
ip tcp adjust-mss 1460
load-interval 30
no peer default ip address
keepalive 10 3
traffic-shape rate 512000 12800 12800 1000
ppp mtu adaptive
ppp authentication chap callin
!
radius-server host zzz.zzz.zzz.zzz auth-port 1812 acct-port 1813
radius-server source-ports extended
!
----------------------------------

Radius example:

------------------------------------
test1-l2tp-adsl [at] test Auth-Type := Local, Cleartext-Password :=
"testing123"
Service-Type = Framed-User,
Framed-IP-Address = 10.250.0.2,
Cisco-AVPair += "interface-config#1=ip vrf forwarding CustA
",
Cisco-AVPair += "lcp:interface-config#2=ip address 10.250.0.1
255.255.255.252",
Cisco-AVPair += "lcp:interface-config#3=decription TEST1 ADSL
Primary",
Cisco-AVPair += "lcp:interface-config#4=bandwidth 1024",
Cisco-AVPair += "ip:route=172.16.28.0 255.255.255.0 10.250.0.2"
--------------------------------------

Has anyone seen similar issues or potential resolutions?


linkconnect at googlemail

Jun 22, 2009, 6:24 AM

Post #2 of 4 (2978 views)
Permalink
Re: duplicate Vi interfaces on 12.4T(22) [In reply to]
On Mon, Jun 22, 2009 at 1:21 PM, Mauritz Lewies<mauritz [at] three6five> wrote:
> From:  Mauritz Lewies <mauritz [at] three6five>
> Reply-To:  mauritz [at] three6five
> To:  cisco-bba [at] puck
> Subject:  cisco-bba]  duplicate Vi interfaces on 12.4T(22)]
> Date:  Wed, 17 Jun 2009 16:15:51 +0200
>
>
> Hi
>
> We're having some weird issues with L2TP terminated links.
> L2TP sessions are being terminated and built correctly from Radius sent
> config but in some cases the router allocates a Virtual-Access interface
> that is already active.
>
> ----------------------------------------------
> L2TP-DSL-PE2#SHOW VPDn SESS
>
>
> L2TP Session Information Total tunnels 9 sessions 9
>
>
> LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq
> ID
>
>                                  Vcid,
> Circuit
>
> 4012       49         14211      550-nti-mabo-ad, Vi4 est    00:35:44
> 38
>
> 4009       33         17734      1-mint-rf [at] bcs-, Vi3 est    04:24:19
> 30
>
> 3987       2355       27602      554-nti-pret-no, Vi6 est    16:38:52
> 6
>
> 1552       11         30424      1-meib-adsl [at] bc, Vi6 est    1d17h
> 576
>
> 3989       894        31125      551-nti-walt-ad, Vi7 est    09:14:24
> 13
>
> 4008       11193      48740      553-nti-pret-we, Vi2 est    04:58:10
> 31
>
> 3986       12         58608      552-nti-baba-ad, Vi4 est    18:02:09
> 9
>
> 3988       936        62131      1-nap-joha-nel-, Vi2 est    12:42:23
> 11
>
> 1553       11         64953      1-mark-adsl [at] bc, Vi8 est    1d17h    577
>
>
>
> L2TP-DSL-PE2#SHOW INT VIRTual-Access 6
>
> Virtual-Access6 is up, line protocol is up
>
>    Hardware is Virtual Access interface
>
>    Description: 554-nti-pret-nort-adsl
>
>    Internet address is 172.16.150.154/30
>
>    MTU 1452 bytes, BW 1024 Kbit/sec, RxBW 256 Kbit/sec, DLY 100000 usec,
>
>       reliability 255/255, txload 1/255, rxload 1/255
>
>    Encapsulation PPP, LCP Open
>
>    Open: IPCP
>
>    PPPoVPDN vaccess, cloned from AAA, Virtual-Template1
>
>    Vaccess status 0x44
>
>    Protocol l2tp, tunnel id 27602, session id 3987, loopback not set
>
>    Keepalive set (10 sec)
>
>    DTR is pulsed for 5 seconds on reset
>
>    Last input 00:00:01, output never, output hang never
>
>    Last clearing of "show interface" counters 17:49:11
>
>    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
>
>    Queueing strategy: fifo
>
>    Output queue: 0/40 (size/max)
>
>    30 second input rate 0 bits/sec, 0 packets/sec
>
>    30 second output rate 0 bits/sec, 0 packets/sec
>
>       177636 packets input, 12441878 bytes, 0 no buffer
>
>       Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
>
>       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
>
>       194012 packets output, 91814604 bytes, 0 underruns
>
>       0 output errors, 0 collisions, 0 interface resets
>
>       0 unknown protocol drops
>
>       0 output buffer failures, 0 output buffers swapped out
>
>       0 carrier transitions
>
>
>
>
>
>
>
> L2TP-DSL-PE2#sh l2tun | in Vi6
>
> 3987       2355       27602      554-nti-pret-no, Vi6 est    16:45:18
> 6
>
> 1552       11         30424      1-meib-adsl [at] bc, Vi6 est    1d17h    576
>
>
>
>
>
>
>
>
>
> LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
>
>                                                             Count VPDN Group
>
> 27602      17646      554-nti-pret- est    10.205.17.62    1
> L2TP
>
>
>
> LocID      RemID      TunID      Username, Intf/      State  Last Chg Uniq
> ID
>
>                                  Vcid,
> Circuit
>
> 3987       2355       27602      554-nti-pret-no, Vi6 est    16:46:08
> 6
>
>
>
> LocTunID   RemTunID   Remote Name   State  Remote Address  Sessn L2TP Class/
>
>                                                             Count VPDN Group
>
> 30424      57600      1-meib        est    10.205.20.23    1     L2TP
> -------------------------------------------------------------------------------
>
> The only way to resolve this is to clear the VPDN session ID.
>
> The router is a 7206 VXR NPE-400 running 12.4T(22) IP base.
>
> ------------------------
> vpdn enable
> vpdn multihop
> vpdn authen-before-forward
> vpdn search-order domain
> !
> vpdn-group L2TP
> ! Default L2TP VPDN group
> accept-dialin
>    protocol l2tp
>    virtual-template 1
> lcp renegotiation always
> no l2tp tunnel authentication
> l2tp tunnel timeout no-session 1800
> l2tp tunnel retransmit retries 7
> l2tp tunnel retransmit timeout min 2
> l2tp tunnel retransmit timeout max 5
> !
> interface Virtual-Template1
> description L2TP-TEMPLATE
> mtu 1452
> bandwidth 512
> bandwidth receive 256
> no ip address
> ip tcp adjust-mss 1460
> load-interval 30
> no peer default ip address
> keepalive 10 3
> traffic-shape rate 512000 12800 12800 1000
> ppp mtu adaptive
> ppp authentication chap callin
> !

I believe you need to use a unnumbered interface in the virtual-template

EG

ip unnumbered Loopback1


I saw something on the list a short while ago about this, I have
unnumbered on all my VT's

Regards

Wayne
_______________________________________________
cisco-bba mailing list
cisco-bba [at] puck
https://puck.nether.net/mailman/listinfo/cisco-bba


mauritz at three6five

Jun 22, 2009, 6:42 AM

Post #3 of 4 (2968 views)
Permalink
Re: duplicate Vi interfaces on 12.4T(22) [In reply to]
>
> I believe you need to use a unnumbered interface in the virtual-template
>
> EG
>
> ip unnumbered Loopback1
>
>
> I saw something on the list a short while ago about this, I have
> unnumbered on all my VT's
>
> Regards
>
> Wayne


Hi

Thanks, I'll try this.
But the IP is assigned via Radius and also I have a 3825 running
12.4(3i) with exactly the same config and no issues on that box...

Regards,

Mauritz


linkconnect at googlemail

Jun 22, 2009, 6:53 AM

Post #4 of 4 (2967 views)
Permalink
Re: duplicate Vi interfaces on 12.4T(22) [In reply to]
>Thanks, I'll try this.
>But the IP is assigned via Radius and also I have a 3825 running 12.4(3i) with exactly the same >config and no issues on that box...

DSL connection IP's are still assigned by radius or ip pool but the
unnumbered interface lets you create unlimited VI's, without it the
limit is 6
_______________________________________________
cisco-bba mailing list
cisco-bba [at] puck
https://puck.nether.net/mailman/listinfo/cisco-bba

Cisco bba RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.