существовала рабочая схема двух провайдеров Corbina и Ультра с балансировкой через SLA.
fa0/0 - Corbina (по l2tp)
fa0/1 - Ультра
На ультре поменялся тариф и нужно переделать на PPPOE, тут у меня проблемы возникли - вроде схема реализации не сложная, описана например тут (http://www.cisco.com/en/US/tech/tk175/tk15/technologies_conf...) но на деле PPPOE канал постоянно в состоянии SHUTDOWN. Возможно дело в настройках, подскажите пож-ста. Далее конфиг (в котором временно отключен track2 и sla monitor 2? чтобы не включать маршрут на ультру):
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CentrOffice_cisco
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-19.bin
boot-end-marker
!
enable secret 5 **************************
!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default none
!
aaa session-id common
!
!
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip sla monitor 1
type echo protocol ipIcmpEcho 10.*.*.*
timeout 1000
threshold 40
tag tag -=Monitoring Corbina ISP GW=-
frequency 3
ip sla monitor schedule 1 life forever start-time now
vpdn enable
!
l2tp-class corbina
!
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki [скрыто]
!
!
crypto pki certificate chain[скрыто]
quit
username cisco privilege 15 secret 5 [скрыто]
!
!
ip ssh version 2
!
track 1 rtr 1 reachability
delay down 15 up 10
pseudowire-class class1
encapsulation l2tpv2
protocol l2tpv2 corbina
ip local interface FastEthernet0/0
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/0
description Corbina_WAN_Ethernet
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description UltraNet_WAN_Ethernet
mac-address [скрыто]
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface FastEthernet0/0/0
description CiscoLan_4ESW_VLAN172
switchport access vlan 172
!
interface FastEthernet0/0/1
description CiscoLan_4ESW_VLAN172
switchport access vlan 172
!
interface FastEthernet0/0/2
description CiscoLan_4ESW_VLAN172
switchport access vlan 172
!
interface FastEthernet0/0/3
description CiscoLan_4ESW_VLAN172
switchport access vlan 172
!
interface Virtual-PPP1
description L2TP-to-Corbina
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
no cdp enable
ppp authentication chap callin
ppp chap hostname [скрыто]
ppp chap password 7 [скрыто]
pseudowire *.*.*.253 10 pw-class class1
!
interface Vlan1
no ip address
!
interface Vlan172
description -= CiscoLan_4ESW_VLAN172 =-
ip address 172.25.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 500
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username [скрыто] password 7 [скрыто]
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Virtual-PPP1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer1 track 2
ip route 192.168.0.0 255.255.255.0 172.25.20.10
ip route *.*.*.253 255.255.255.255 dhcp
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map ISP_Corbina interface Virtual-PPP1 overload
ip nat inside source route-map ISP_ULTRANet interface FastEthernet0/1 overload!
ip access-list extended NAT_ISP_Corbina
permit ip 172.25.20.0 0.0.0.255 any
permit ip 192.168.0.0 0.0.0.255 any
ip access-list extended NAT_ISP_ULTRANet
permit ip 172.25.20.0 0.0.0.255 any
permit ip 192.168.0.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
!
route-map ISP_ULTRANet permit 10
match ip address NAT_ISP_ULTRANet
match interface FastEthernet0/1 Dialer1
!
route-map ISP_Corbina permit 10
match ip address NAT_ISP_Corbina
match interface Virtual-PPP1
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 [скрыто]
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
password 7 [скрыто]
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Теперь немного отладочной информации непосредственно по PPPOE:*Jul 16 12:11:26.048: Sending PADI: Interface = FastEthernet0/1
*Jul 16 12:11:26.048: pppoe_send_padi:
FF FF FF FF FF FF 00 04 23 0C 40 BB 88 63 11 09
00 00 00 0C 01 01 00 00 01 03 00 04 45 D2 95 60 ...
*Jul 16 12:11:26.048: PPPoE 0: I PADO R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
00 04 23 0C 40 BB 00 E0 81 5E 5B 7B 88 63 11 07
00 00 00 2D 01 02 00 05 7A 69 61 62 61 01 01 00 ...
*Jul 16 12:11:28.096: PPPOE: we've got our pado and the pado timer went off
*Jul 16 12:11:28.096: OUT PADR from PPPoE Session
00 E0 81 5E 5B 7B 00 04 23 0C 40 BB 88 63 11 19
00 00 00 2D 01 02 00 05 7A 69 61 62 61 01 01 00 ...
*Jul 16 12:11:28.096: PPPoE 178: I PADS R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
00 04 23 0C 40 BB 00 E0 81 5E 5B 7B 88 63 11 65
00 B2 00 0C 01 01 00 00 01 03 00 04 45 D2 95 60 ...
*Jul 16 12:11:28.096: IN PADS from PPPoE Session
*Jul 16 12:11:28.096: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Jul 16 12:11:28.100: PPPoE: Virtual Access interface obtained.
*Jul 16 12:11:28.100: PPPoE : encap string prepared
*Jul 16 12:11:28.100: [0]PPPoE 178: data path set to Virtual Acess
*Jul 16 12:11:28.100: [0]PPPoE 178: O
C0 21 01 01 00 0A 05 06 28 61 D0 5F
*Jul 16 12:11:28.104: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Jul 16 12:11:28.116: [0]PPPoE 178: I R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
C0 21 01 01 00 0F 03 05 C2 23 05 05 06 63 4D FA
DF
*Jul 16 12:11:28.116: [0]PPPoE 178: O
C0 21 02 01 00 0F 03 05 C2 23 05 05 06 63 4D FA
DF
*Jul 16 12:11:30.084: [0]PPPoE 178: O
C0 21 01 02 00 0A 05 06 28 61 D0 5F
*Jul 16 12:11:30.084: [0]PPPoE 178: I R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
C0 21 02 02 00 0A 05 06 28 61 D0 5F
*Jul 16 12:11:30.084: [0]PPPoE 178: I R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
C0 21 09 00 00 08 63 4D FA DF
*Jul 16 12:11:30.084: [0]PPPoE 178: I R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
C2 23 01 48 00 1A 10 1D 6A FC F6 93 8B F1 FA 5C
46 E3 4C 86 CB 9E 78 7A 69 61 62 61
*Jul 16 12:11:30.084: [0]PPPoE 178: O
C0 21 0A 00 00 08 28 61 D0 5F
*Jul 16 12:11:30.088: [0]PPPoE 178: O
C0 21 05 03 00 04
*Jul 16 12:11:30.088: [0]PPPoE 178: I R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
C0 21 06 03 00 04
*Jul 16 12:11:30.088: PPPoE : Shutting down client session
*Jul 16 12:11:30.088: [0]PPPoE 178: O PADT R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
00 E0 81 5E 5B 7B 00 04 23 0C 40 BB 88 63 11 A7
00 B2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...
*Jul 16 12:11:30.092: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Jul 16 12:11:30.092: PPPoE 178: I PADT R:00e0.815e.5b7b L:0004.230c.40bb Fa0/1
00 04 23 0C 40 BB 00 E0 81 5E 5B 7B 88 63 11 A7
00 B2 00 11 02 03 00 0D 52 65 63 65 69 76 65 64 ...
*Jul 16 12:11:30.092: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
CentrOffice_cisco#sh int fa0/1
FastEthernet0/1 is up, line protocol is up
Hardware is MV96340 Ethernet, address is 0004.230c.40bb (bia 001e.be50.f431)
Description: UltraNet_WAN_Ethernet
Internet address is 10.*.*.*/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 2 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
405671 packets input, 36946891 bytes
Received 211899 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
70753 packets output, 4314989 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
3466 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped outCentrOffice_cisco#sh int dia1
Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address will be negotiated using IPCP
MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d21h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
0 packets output, 0 bytes
CentrOffice_cisco#sh vpdn%No active L2F tunnels
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocID RemID Remote Name State Remote Address Port Sessions L2TP Class/
VPDN Group
58413 15263 ******* est *.*.*.253 1701 1 corbinaLocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
10 28061 58413 10, Vp1 est 1d21h 1%No active PPTP tunnels
PPPoE Tunnel and Session Information Total tunnels 1 sessions 1
PPPoE Session Information
Uniq ID PPPoE RemMAC Port Source VA State
SID LocMAC VA-st
N/A 219 00e0.815e.5b7b Fa0/1 Di1 N/A SHUTDOWN
0004.230c.40bbCisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(19), RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Fri 29-Feb-08 20:07 by prod_rel_teamROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
CentrOffice_cisco uptime is 1 day, 21 hours, 11 minutes
System returned to ROM by reload at 15:15:06 UTC Tue Jul 14 2009
System image file is "flash:c2800nm-adventerprisek9-mz.124-19.bin"
Подскажите в чем может быть проблема? чесно говоря PPPOE впервые настраиваю, и в debugging понятия не имею что должно отображаться и как траблешутить... Заранее благодарен!
забыл еще! добавилvpdn-group 1
request-dialin
protocol pppoeно ничего не изменилось.
возможно будет полезно еще:
CentrOffice_cisco#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 *.*.*.238 YES DHCP up up
FastEthernet0/1 *.*.*.129 YES DHCP up up
FastEthernet0/0/0 unassigned YES unset up up
FastEthernet0/0/1 unassigned YES unset up up
FastEthernet0/0/2 unassigned YES unset up down
FastEthernet0/0/3 unassigned YES unset up down
Vlan1 unassigned YES NVRAM up down
Vlan172 172.25.20.1 YES NVRAM up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up
Virtual-PPP1 89.*.*.* YES IPCP up up
Virtual-Access2 unassigned YES unset down down
Dialer1 unassigned YES NVRAM up up
Loopback0 unassigned YES NVRAM up up
делаю clear vpdn tunnel pppoeсмотрю по sh vpdn
обнуляются маки, состояние PPTP: SHUTDOWN, потом PADORCVD, затем на секунду UP, и снова SHUTDOWN. так повторяется каждые примерно 20 секунд.
включил дебаги:
CentrOffice_cisco#debug aaa authentication
CentrOffice_cisco#debug aaa authorization
CentrOffice_cisco#debug ppp negotiation
*Jul 16 14:49:23.216: %DIALER-6-BIND: Interface Vi2 bound to profile Di1
*Jul 16 14:49:23.216: Vi2 PPP: Phase is DOWN, Setup
*Jul 16 14:49:23.220: AAA/BIND(00001F54): Bind i/f Virtual-Access2
*Jul 16 14:49:23.220: Vi2 PPP: Using dialer call direction
*Jul 16 14:49:23.220: Vi2 PPP: Treating connection as a callout
*Jul 16 14:49:23.220: Vi2 PPP: Session handle[A60003BA] Session id[0]
*Jul 16 14:49:23.220: Vi2 PPP: Phase is ESTABLISHING, Active Open
*Jul 16 14:49:23.220: AAA/AUTHOR (00001F54): Method=None for method list id=00000000. Skip author
*Jul 16 14:49:23.220: Vi2 PPP: No remote authentication for call-out
*Jul 16 14:49:23.220: Vi2 AAA/AUTHOR/LCP: Authorization succeeds trivially
*Jul 16 14:49:23.220: Vi2 LCP: O CONFREQ [Closed] id 1 len 10
*Jul 16 14:49:23.220: Vi2 LCP: MagicNumber 0x28F2737B (0x050628F2737B)
*Jul 16 14:49:23.220: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Jul 16 14:49:23.232: Vi2 LCP: I CONFREQ [REQsent] id 1 len 15
*Jul 16 14:49:23.232: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jul 16 14:49:23.232: Vi2 LCP: MagicNumber 0x0040A20C (0x05060040A20C)
*Jul 16 14:49:23.232: Vi2 LCP: O CONFACK [REQsent] id 1 len 15
*Jul 16 14:49:23.232: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jul 16 14:49:23.232: Vi2 LCP: MagicNumber 0x0040A20C (0x05060040A20C)
*Jul 16 14:49:25.220: Vi2 LCP: Timeout: State ACKsent
*Jul 16 14:49:25.220: Vi2 LCP: O CONFREQ [ACKsent] id 2 len 10
*Jul 16 14:49:25.220: Vi2 LCP: MagicNumber 0x28F2737B (0x050628F2737B)
*Jul 16 14:49:25.220: Vi2 LCP: I CONFACK [ACKsent] id 2 len 10
*Jul 16 14:49:25.220: Vi2 LCP: MagicNumber 0x28F2737B (0x050628F2737B)
*Jul 16 14:49:25.220: Vi2 LCP: State is Open
*Jul 16 14:49:25.220: Vi2 PPP: Phase is AUTHENTICATING, by the peer
*Jul 16 14:49:25.220: Vi2 CHAP: I CHALLENGE id 65 len 27 from "ziaba"
*Jul 16 14:49:25.220: AAA/AUTHEN/PPP (00001F54): Pick method list 'default'
*Jul 16 14:49:25.224: Vi2 CHAP: Unable to authenticate for peer
*Jul 16 14:49:25.224: Vi2 PPP: Sending Acct Event[Down] id[1F54]
*Jul 16 14:49:25.224: Vi2 PPP: Phase is TERMINATING
*Jul 16 14:49:25.224: Vi2 LCP: O TERMREQ [Open] id 3 len 4
*Jul 16 14:49:25.224: Vi2 LCP: I TERMACK [TERMsent] id 3 len 4
*Jul 16 14:49:25.224: Vi2 LCP: State is Closed
*Jul 16 14:49:25.224: Vi2 PPP: Phase is DOWN
*Jul 16 14:49:25.228: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Jul 16 14:49:25.228: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to downВыходит что фаза авторизации проходит, а Аутентификация не проходит "Vi2 CHAP: Unable to authenticate for peer". Где копать?
кому интересно - проблему решил другим способом (через bba-group pppoe)
тут нашел http://www.opennet.me/openforum/vsluhforumID6/12726.htmlВот рабочий пример для 12.4:
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoebba-group pppoe global
interface Ethernet1
no ip address
duplex auto
pppoe enable group global
pppoe-client dial-pool-number 1interface Dialer0
mtu 1492
ip address negotiated
no ip proxy-arp
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pik
ppp chap password 0 password
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
dialer-list 1 protocol ip permit
bba-group pppoe global создается автоматически (при protocol pppoe), в ней конфигурируются специфические настройки для pppoe.
Ставить на эзер "ip address dhcp" нет смысла, так как принцип назначения ип следующий:
pppoe-server на стадии IPCP (negotiat'а или NCP) в CONFACK пакете отправляет ip адрес, который он берет либо от NAS'а либо из локальных настроек. IP назначается Dialler интерфейсу, от которого клонятся Virtual-Access'ы. Ether выбирает Dialer'ы из dial-pool'а который указывается в конфигурации.все работает! всем спасибо за внимание ;)