Необходимо одновременно терминировать на 7200 клиентов pppoe и pptp. Проблема в следующем: pptp клиенты не получают доступа к ресурсам интернет, если до них посидели pppoe`шники. Сам pptp тунель устанавливается, но трафик не ходит. PPPoE клиенты продолжают работать без проблем.
Перегрузка спасает, но ситуация повторяется снова если pppoe`шник посидел перед pptp`шником.
Конфигурационный файл:vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
vpdn-group 2
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 2
interface Virtual-Template1
ip unnumbered FastEthernet0/0.3
no logging event link-status
peer default ip address pool dialin_pool
ppp authentication chap pap
ppp authorization dialauth
!
interface Virtual-Template2
mtu 1492
ip unnumbered FastEthernet0/0.3
no keepalive
peer default ip address pool vpn_pool
ppp authentication chap pap
ppp authorization dialauthip local pool dialin_pool 193.161.42.96 193.161.42.127
ip local pool vpn_pool 193.161.41.80 193.161.41.95IOS: c7200-ik9o3s-mz.122-27.bin
>Конфигурационный файл:Дебаг бы посмотреть.
И IOS в общем то deffered, хотя и по другому поводу...
>Дебаг бы посмотреть.
Lada#show debugging
PPP:
PPP protocol negotiation debugging is on
VTEMPLATE:
Virtual Template debugging is on
может что ещё включить?
----------------------------------------
Vi5 VTEMPLATE: Reuse Vi5, recycle queue size 1
Vi5 VTEMPLATE: Hardware address 0010.1431.e800
Vi5 VTEMPLATE: Has a new cloneblk vtemplate, now it has vtemplate
Vi5 VTEMPLATE: ************* CLONE VACCESS5 *****************
Vi5 VTEMPLATE: Clone from Virtual-Template2
interface Virtual-Access5
default ip address
no ip address
encap ppp
mtu 1492
ip unnumbered FastEthernet0/0.3
ip mroute-cache
no keepalive
ip route-cache
no ip route-cache
ip route-cache cef
end
05:40:46: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to up
Vi5 PPP: Using default call direction
Vi5 PPP: Treating connection as a dedicated line
Vi5 PPP: Phase is ESTABLISHING, Active Open [0 sess, 0 load]
Vi5 LCP: O CONFREQ [Closed] id 3 len 19
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: AuthProto CHAP (0x0305C22305)
Vi5 LCP: MagicNumber 0x114C31BE (0x0506114C31BE)
Vi5 LCP: I CONFACK [REQsent] id 3 len 19
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: AuthProto CHAP (0x0305C22305)
Vi5 LCP: MagicNumber 0x114C31BE (0x0506114C31BE)
Vi5 LCP: TIMEout: State ACKrcvd
Vi5 LCP: O CONFREQ [ACKrcvd] id 4 len 19
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: AuthProto CHAP (0x0305C22305)
Vi5 LCP: MagicNumber 0x114C31BE (0x0506114C31BE)
Vi5 LCP: I CONFACK [REQsent] id 4 len 19
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: AuthProto CHAP (0x0305C22305)
Vi5 LCP: MagicNumber 0x114C31BE (0x0506114C31BE)
Vi5 LCP: I CONFREQ [ACKrcvd] id 1 len 21
Vi5 LCP: MRU 1400 (0x01040578)
Vi5 LCP: MagicNumber 0x2D3B2B0B (0x05062D3B2B0B)
Vi5 LCP: PFC (0x0702)
Vi5 LCP: ACFC (0x0802)
Vi5 LCP: Callback 6 (0x0D0306)
Vi5 LCP: O CONFREJ [ACKrcvd] id 1 len 7
Vi5 LCP: Callback 6 (0x0D0306)
Vi5 LCP: I CONFREQ [ACKrcvd] id 2 len 18
Vi5 LCP: MRU 1400 (0x01040578)
Vi5 LCP: MagicNumber 0x2D3B2B0B (0x05062D3B2B0B)
Vi5 LCP: PFC (0x0702)
Vi5 LCP: ACFC (0x0802)
Vi5 LCP: O CONFNAK [ACKrcvd] id 2 len 8
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: I CONFREQ [ACKrcvd] id 3 len 18
Vi5 LCP: MRU 1400 (0x01040578)
Vi5 LCP: MagicNumber 0x2D3B2B0B (0x05062D3B2B0B)
Vi5 LCP: PFC (0x0702)
Vi5 LCP: ACFC (0x0802)
Vi5 LCP: O CONFNAK [ACKrcvd] id 3 len 8
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: I CONFREQ [ACKrcvd] id 4 len 18
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: MagicNumber 0x2D3B2B0B (0x05062D3B2B0B)
Vi5 LCP: PFC (0x0702)
Vi5 LCP: ACFC (0x0802)
Vi5 LCP: O CONFACK [ACKrcvd] id 4 len 18
Vi5 LCP: MRU 1492 (0x010405D4)
Vi5 LCP: MagicNumber 0x2D3B2B0B (0x05062D3B2B0B)
Vi5 LCP: PFC (0x0702)
Vi5 LCP: ACFC (0x0802)
Vi5 LCP: State is Open
Vi5 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load]
Vi5 CHAP: O CHALLENGE id 10 len 25 from "Lada"
Vi5 LCP: I IDENTIFY [Open] id 5 len 18 magic 0x2D3B2B0B MSRASV5.10
Vi5 LCP: I IDENTIFY [Open] id 6 len 31 magic 0x2D3B2B0B MSRAS-1-MAGISTRA-3ENRDV
Vi5 CHAP: I RESPONSE id 10 len 26 from "gurbo"
Vi5 CHAP: O SUCCESS id 10 len 4
Vi5 PPP: Phase is UP [0 sess, 0 load]
Vi5 IPCP: O CONFREQ [Not negotiated] id 2 len 10
Vi5 IPCP: Address 193.161.43.66 (0x0306C1972B42)
Vi5 CCP: I CONFREQ [Not negotiated] id 7 len 10
Vi5 CCP: MS-PPC supported bits 0x01000001 (0x120601000001)
Vi5 LCP: O PROTREJ [Open] id 5 len 16 protocol CCP (0x80FD0107000A120601000001)
Vi5 IPCP: I CONFREQ [REQsent] id 8 len 34
Vi5 IPCP: Address 0.0.0.0 (0x030600000000)
Vi5 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Vi5 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Vi5 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Vi5 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Vi5 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0
Vi5 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0
Vi5 IPCP: Pool returned 193.161.41.80
Vi5 IPCP: O CONFREJ [REQsent] id 8 len 16
Vi5 IPCP: PrimaryWINS 0.0.0.0 (0x820600000000)
Vi5 IPCP: SecondaryWINS 0.0.0.0 (0x840600000000)
Vi5 IPCP: I CONFACK [REQsent] id 2 len 10
Vi5 IPCP: Address 193.161.43.66 (0x0306C1972B42)
Vi5 IPCP: I CONFREQ [ACKrcvd] id 9 len 22
Vi5 IPCP: Address 0.0.0.0 (0x030600000000)
Vi5 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
Vi5 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
Vi5 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 193.161.41.80
Vi5 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 193.161.41.80
Vi5 IPCP: O CONFNAK [ACKrcvd] id 9 len 22
Vi5 IPCP: Address 193.161.41.80 (0x0306C1972950)
Vi5 IPCP: PrimaryDNS 193.161.43.129 (0x8106C1972B81)
Vi5 IPCP: SecondaryDNS 193.202.249.22 (0x8306C1E8F802)
Vi5 IPCP: I CONFREQ [ACKrcvd] id 10 len 22
Vi5 IPCP: Address 193.161.41.80 (0x0306C1972950)
Vi5 IPCP: PrimaryDNS 193.161.43.129 (0x8106C1972B81)
Vi5 IPCP: SecondaryDNS 193.202.249.22 (0x8306C1E8F802)
Vi5 AAA/AUTHOR/IPCP: Start. Her address 193.161.41.80, we want 193.161.41.80
Vi5 AAA/AUTHOR/IPCP: Reject 193.161.41.80, using 193.161.41.80
Vi5 AAA/AUTHOR/IPCP: Done. Her address 193.161.41.80, we want 193.161.41.80
Vi5 IPCP: O CONFACK [ACKrcvd] id 10 len 22
Vi5 IPCP: Address 193.161.41.80 (0x0306C1972950)
Vi5 IPCP: PrimaryDNS 193.161.43.129 (0x8106C1972B81)
Vi5 IPCP: SecondaryDNS 193.202.249.22 (0x8306C1E8F802)
Vi5 IPCP: State is Open
Vi5 IPCP: Install route to 193.161.41.80
05:40:49: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to up
Vi5 LCP: I TERMREQ [Open] id 11 len 16 (0x2D3B2B0B003CCD7400000000)
Vi5 LCP: O TERMACK [Open] id 11 len 4
Vi5 PPP: Phase is TERMINATING [0 sess, 0 load]
05:41:10: %LINK-3-UPDOWN: Interface Virtual-Access5, changed state to down
Vi5 LCP: State is Closed
Vi5 IPCP: State is Closed
Vi5 PPP: Phase is DOWN [0 sess, 0 load]
Vi5 VTEMPLATE: Free vaccess
Vi5 VTEMPLATE: Wait for line protocol to transition to down before freeing
Vi5 VTEMPLATE: Try to free a freed vaccess
Vi5 VTEMPLATE: Try to free a freed vaccess
Vi5 IPCP: Remove route to 193.151.41.80
05:41:11: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access5, changed state to down
Vi5 VTEMPLATE: Interface and line protocol are down, proceed to free
VTEMPLATE: Clean up dirty vaccess queue, size 1
Vi5 VTEMPLATE: Found a dirty vaccess clone with vtemplate
Vi5 VTEMPLATE: ************ UNCLONE VACCESS5 **************
Vi5 VTEMPLATE: Unclone to-be-freed command#9
interface Virtual-Access5
default ip route-cache cef
default ip route-cache
default ip route-cache
default keepalive
default ip mroute-cache
default ip unnumbered FastEthernet0/0.3
default mtu 1492
default encap ppp
default ip address
end
Vi5 VTEMPLATE: Remove cloneblk vtemplate with vtemplate
Vi5 VTEMPLATE: Set default settings with no ip address
Vi5 VTEMPLATE: Add vaccess to recycle queue, queue size 2
У PPPoE 1492
А у PPTP 1480
>У PPPoE 1492
>А у PPTP 1480
Изменение mtu результатов не дают.
Проблема решилаcь заменой IOS`а.
Например 7200-ik9o3s-mz.123-14.T6.bin или c7200-ik9o3s-mz.123-17a.bin всё работает.
Да и ещё, pppoe терминировать в данном случае удобней оказалось через
bba-group pppoe ...
virtual-template ...
...
Пытаемся терминировать pppoe и pptp клиентов на Cisco UBR 7200:
vpdn enable
vpdn aaa attribute nas-port vpdn-nas
vpdn ip udp ignore checksum
!
vpdn-group PPPoE-1
description PPPoE settings for DOCSIS CPE AAA
accept-dialin
protocol pppoe
virtual-template 1
pppoe limit max-sessions 2000
lcp renegotiation always
ip mtu adjust
vpdn-group 2
! Default PPTP VPDN group
accept-dialin
protocol pptp
!
....
....
....interface Virtual-Template1
bandwidth 2000
ip unnumbered Loopback0
ip access-group 103 in
ip access-group 104 out
ip verify unicast reverse-path
ip helper-address 10.1.0.243
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip mtu 1492
ip route-cache flow
no logging event link-status
peer default ip address dhcp
ppp authentication pap
ppp timeout retry 5
!
interface Virtual-Template2
bandwidth 2000
ip unnumbered Loopback0
ip access-group 103 in
ip access-group 104 out
ip verify unicast reverse-path
ip helper-address 10.1.0.243
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip route-cache flow
ip tcp adjust-mss 1400
no logging event link-status
peer default ip address dhcp
no keepalive
ppp authentication pap
ppp timeout retry 5Как только разрешаем терминирование pptp клиентов и их появляется штук 5 или больше Cisco перезагружается. Стабильно живет когда отключаем pptp :((.
Может кто сталкивался ? Или все таки проблема здесь не в pptp ?
Поправка:
vpdn-group 2
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1