We’re currently aggregating DSL connections with a Cisco 7401 using RFC 1483
bridged. We want to migrate from bridged to PPPoE and authenticate and assign
IP addresses with RADIUS.
We’re looking for sample configurations which have both 1483 bridged and PPPoE
interfaces on the same box. We'd like to use either ranges and pvc-in-range
subinterfaces as shown below, or a fresh configuration without ranges where we
can replace a bridged subinterface with a PPPoE one for the same pvc.
We’re using ranges of pvcs to create subinterfaces like this ...
interface ATM1/0
no ip address
atm scrambling cell-payload
atm framing cbitplcp
no atm ilmi-keepalive
interface ATM1/0.285 point-to-point
description RBE Subinterface Range2
ip unnumbered Loopback1
atm route-bridged ip
range RANGE2 pvc 1/285 1/537
encapsulation aal5snap
!
pvc-in-range samuel 1/357
class-vc atm
encapsulation aal5autoppp Virtual-Template1
no protocol ip inarp
protocol pppoe
ip route 44.133.56.79 255.255.255.255 ATM1/0.356
ip route 44.133.56.80 255.255.255.255 ATM1/0.357
ip route 44.133.56.78 255.255.255.255 ATM1/0.358
We’ve now got RADIUS authenticating and returning the Framed-IP-Address and
Framed-Netmask in the accept packet. But the 7401 doesn’t apply the IP address
to the generated virtual interface.
7401 debug statements follow
Feb 21 2011 21:31:47.359 UTC: RADIUS: Received from id 1645/177
44.133.224.78:1645, Access-Accept, len 44
Feb 21 2011 21:31:47.359 UTC: RADIUS: authenticator 79 20 DE 47 35 51 D2 3F -
6C 92 4B E4 91 33 5F D9
Feb 21 2011 21:31:47.359 UTC: RADIUS: Service-Type [6] 6 Framed
[2]
Feb 21 2011 21:31:47.359 UTC: RADIUS: Framed-Protocol [7] 6 PPP
[1]
Feb 21 2011 21:31:47.359 UTC: RADIUS: Framed-IP-Address [8] 6
44.133.226.74 <=== User address
Feb 21 2011 21:31:47.359 UTC: RADIUS: Framed-IP-Netmask [9] 6
255.255.255.255
...
Feb 21 2011 22:26:19.520 UTC: Vi3.1 PPP: Phase is UP
Feb 21 2011 22:26:19.520 UTC: Vi3.1 IPCP: O CONFREQ [Closed] id 1 len 10
Feb 21 2011 22:26:19.520 UTC: Vi3.1 IPCP: Address 44.133.224.36
(0x03344175E024)
Feb 21 2011 22:26:19.520 UTC: Vi3.1 PPP: Process pending ncp packets
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: I CONFREQ [REQsent] id 1 len 22
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: Address 0.0.0.0 (0x030600000000)
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: SecondaryDNS 0.0.0.0
(0x830600000000)
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: No peer address configured
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: Neither side knows remote address
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: O CONFREJ [REQsent] id 1 len 10
Feb 21 2011 22:26:19.560 UTC: Vi3.1 IPCP: Address 0.0.0.0 (0x030600000000)
Feb 21 2011 22:26:19.564 UTC: Vi3.1 IPCP: I CONFACK [REQsent] id 1 len 10
Feb 21 2011 22:26:19.564 UTC: Vi3.1 IPCP: Address 44.133.224.36
(0x03344175E024)
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 26
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: Addresses(Deprecated) 0.0.0.0
0.0.0.0 (0x010A0000000000000000) <=== Missing user address
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: SecondaryDNS 0.0.0.0
(0x830600000000)
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: No peer address configured
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: Neither side knows remote address
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: O CONFREJ [ACKrcvd] id 2 len 14
Feb 21 2011 22:26:19.604 UTC: Vi3.1 IPCP: Addresses(Deprecated) 0.0.0.0
0.0.0.0 (0x010A0000000000000000) <=== Missing user address
Feb 21 2011 22:26:19.644 UTC: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 3 len 16
Feb 21 2011 22:26:19.644 UTC: Vi3.1 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Feb 21 2011 22:26:19.644 UTC: Vi3.1 IPCP: SecondaryDNS 0.0.0.0
(0x830600000000)
Feb 21 2011 22:26:19.648 UTC: Vi3.1 IPCP: O CONFNAK [ACKrcvd] id 3 len 16
Feb 21 2011 22:26:19.648 UTC: Vi3.1 IPCP: PrimaryDNS 44.133.224.77
(0x45388375E04D)
Feb 21 2011 22:26:19.648 UTC: Vi3.1 IPCP: SecondaryDNS 44.133.224.80
(0x43877575E050)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: I CONFREQ [ACKrcvd] id 4 len 16
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: PrimaryDNS 44.133.224.77
(0x45388375E04D)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: SecondaryDNS 44.133.224.80
(0x43877575E050)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: O CONFACK [ACKrcvd] id 4 len 16
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: PrimaryDNS 44.133.224.77
(0x45388375E04D)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: SecondaryDNS 44.133.224.80
(0x43877575E050)
Feb 21 2011 22:26:19.688 UTC: Vi3.1 IPCP: State is Open
Feb 21 2011 22:26:19.732 UTC: Vi3.1 IPCP: I TERMREQ [Open] id 5 len 40
Following is the 7401's configuration
version 12.3
no service dhcp
!
hostname cisco7401asr
!
boot-start-marker
boot system flash disk0:c7400-is-mz.123-17a.bin
boot system flash disk0:c7400-js-mz.123-1a.bin
boot-end-marker
!
aaa new-model
!
aaa authentication ppp default group radius
aaa session-id common
ip subnet-zero
!
ip cef
ip name-server 44.133.224.77
ip name-server 44.133.224.80
!
vpdn enable
!
vpdn-group 1
description Qwest DSL
accept-dialin
protocol pppoe
virtual-template 1
pppoe limit per-vc 1
[ .. SNIP .. ]
vc-class atm default
ubr 7168
encapsulation aal5autoppp Virtual-Template1
no create on-demand
[ .. SNIP .. ]
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
ip mtu 1492
no peer default ip address
ppp authentication chap pap
ppp ipcp dns 44.133.224.77 44.133.224.80
ppp ipcp address required
ppp ipcp address unique
[ .. SNIP .. ]
radius-server attribute nas-port format d
radius-server host 44.133.224.78 auth-port 1645 acct-port 1646
radius-server key 7 ABCDEFGHIJK
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
