In the process of setting up a 7206 to terminate ADSL connections, using a Radiator (Radius) server for auth.
The test ADSL connection appears to authenticate successfuly, but then disconnect immediately, then attempt to authenticate again.
I am seeing the following in the 7206 logs:
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: Looking for tunnel dsl.datafx.com.au
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: tunnel dsl.datafx.com.au doesn't exist
Jul 13 08:13:57.335 aest: AAA/AUTHOR (2818497300): Post authorization status = ERROR
and
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 18/"Host Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1046/"Upper Layer Req Close"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 1/"User Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1045/"Received Terminate"
Then I see the connection est. then a nosess:
gc-rt-02#sh vpdn tunnel
L2TP Tunnel Information Total tunnels 1 sessions 1
LocID RemID Remote Name State Remote Address Port Sessions
36067 1758 for-cor3 est 210.8.1.65 1701 1
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
gc-rt-02#sh vpdn tunnel
L2TP Tunnel Information Total tunnels 1 sessions 0
LocID RemID Remote Name State Remote Address Port Sessions
36067 1758 for-cor3 nosess 210.8.1.65 1701 0
Radius server is reporting the term cause as 'Host-Request':
Acct-Terminate-Cause = Host-Request
Have the following on the 7206 (Multiple vpdn-groups are defined):
aaa new-model
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius local
aaa authorization network l2tp group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
aaa accounting network l2tp start-stop group radius
!
vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
no vpdn logging remote
no vpdn logging user
vpdn history failure table-size 50
vpdn ignore udp checksum
vpdn search-order domain
vpdn domain-delimiter @ suffix
vpdn domain-delimiter / prefix
!
vpdn-group for
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname for-cor3
local name dsl.datafx.com.au
lcp renegotiation on-mismatch
l2tp tunnel password 7 08306004044D40
!
interface Virtual-Template1
description Connect L2TP termination
no ip address
ppp authentication pap chap callin
ppp authorization l2tp
ppp accounting l2tp
!
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server attribute 25 nas-port format d
radius-server attribute nas-port format d
radius-server key #############
!
I'm certain I am missing something vital in the radius config...
Any assistance is greatly appreciated.
Regards,
MB
The test ADSL connection appears to authenticate successfuly, but then disconnect immediately, then attempt to authenticate again.
I am seeing the following in the 7206 logs:
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: Looking for tunnel dsl.datafx.com.au
Jul 13 08:13:57.335 aest: AAA/AUTHOR/VPDN/LOCAL: tunnel dsl.datafx.com.au doesn't exist
Jul 13 08:13:57.335 aest: AAA/AUTHOR (2818497300): Post authorization status = ERROR
and
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 18/"Host Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1046/"Upper Layer Req Close"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC: 1/"User Request"
Jul 13 08:13:31.863 aest: AAA/ACCT/ACCT_DISC: Found list "l2tp"
Jul 13 08:13:31.863 aest: Virtual-Access1 AAA/DISC/EXT: 1045/"Received Terminate"
Then I see the connection est. then a nosess:
gc-rt-02#sh vpdn tunnel
L2TP Tunnel Information Total tunnels 1 sessions 1
LocID RemID Remote Name State Remote Address Port Sessions
36067 1758 for-cor3 est 210.8.1.65 1701 1
%No active L2F tunnels
%No active PPTP tunnels
%No active PPPoE tunnels
gc-rt-02#sh vpdn tunnel
L2TP Tunnel Information Total tunnels 1 sessions 0
LocID RemID Remote Name State Remote Address Port Sessions
36067 1758 for-cor3 nosess 210.8.1.65 1701 0
Radius server is reporting the term cause as 'Host-Request':
Acct-Terminate-Cause = Host-Request
Have the following on the 7206 (Multiple vpdn-groups are defined):
aaa new-model
aaa authentication ppp default if-needed group radius
aaa authorization network default group radius local
aaa authorization network l2tp group radius
aaa accounting update periodic 10
aaa accounting network default start-stop group radius
aaa accounting network l2tp start-stop group radius
!
vpdn enable
vpdn multihop
vpdn aaa attribute nas-port vpdn-nas
no vpdn logging remote
no vpdn logging user
vpdn history failure table-size 50
vpdn ignore udp checksum
vpdn search-order domain
vpdn domain-delimiter @ suffix
vpdn domain-delimiter / prefix
!
vpdn-group for
accept-dialin
protocol l2tp
virtual-template 1
terminate-from hostname for-cor3
local name dsl.datafx.com.au
lcp renegotiation on-mismatch
l2tp tunnel password 7 08306004044D40
!
interface Virtual-Template1
description Connect L2TP termination
no ip address
ppp authentication pap chap callin
ppp authorization l2tp
ppp accounting l2tp
!
radius-server host xxx.xxx.xxx.xxx auth-port 1812 acct-port 1813
radius-server retransmit 3
radius-server attribute 25 nas-port format d
radius-server attribute nas-port format d
radius-server key #############
!
I'm certain I am missing something vital in the radius config...
Any assistance is greatly appreciated.
Regards,
MB
