Cisco BRAS 7206 VXR + voip gateways Micronet (part 2)

Unanswered Question
May 19th, 2010

I'm sorry, I've closed previouse discussion - https://supportforums.cisco.com/message/3075308#3075308

The problem is actual yet.

Micronet voip gateway (SP5002) cant' up pppoe connection to CIsco 7206 vxr, after cisco uptime > 20 days.

I have attached wireshark dump.

IOS: c7200-advipservicesk9-mz.122-33.SRD4.bin

Config:

Current configuration : 12976 bytes
!
! Last configuration  change at 16:14:26 KGST Tue May 18 2010 by tuxper
! NVRAM config last  updated at 16:25:21 KGST Tue May 18 2010 by tuxper
!
version 12.2
service  timestamps debug uptime
service timestamps log datetime msec  localtime
service password-encryption
service counters max age 5
!
hostname  Router_PPPoE
!
boot-start-marker
boot system  disk2:c7200-advipservicesk9-mz.122-33.SRD4.bin
boot-end-marker
!
logging  buffered 64000
no logging console
enable password 7  071D294A4D101F1F1E140C061C382D74716B
!
aaa new-model

!
!
aaa  group server radius PPPOE-RADIUS-SERVER
server-private xxx.x.x.x  auth-port 3812 acct-port 3813 key 7 yyyyyyyyy
!
aaa group server  radius ISG-RADIUS-SERVER
server-private xx.x.x.x auth-port 4812  acct-port 4813 key 7 yyyyyyyyyy
!
aaa group server radius  CISCO-AAA-SERVER
server-private xxx.x.x.x auth-port 2812 acct-port  2813 key 7 yyyyyyyyyyyyyy
!
aaa group server tacacs+  ACCT-TACACS-SERVER
server-private xx.x.x.x key 7 yyyyyyyyyyyyyyyyy
!
aaa  authentication login default local group CISCO-AAA-SERVER
aaa  authentication enable default group CISCO-AAA-SERVER enable
aaa  authentication ppp PPPoE group PPPOE-RADIUS-SERVER
aaa authorization  network PPPoE group PPPOE-RADIUS-SERVER
aaa authorization  subscriber-service default local group ISG-RADIUS-SERVER
aaa  accounting update periodic 1440
aaa accounting exec default  start-stop group CISCO-AAA-SERVER
aaa accounting commands 1 default  stop-only group ACCT-TACACS-SERVER
aaa accounting commands 15 default  stop-only group ACCT-TACACS-SERVER
aaa accounting network PPPoE  start-stop group PPPOE-RADIUS-SERVER
aaa accounting network ISG  start-stop group ISG-RADIUS-SERVER
!
!
!
!
aaa server  radius dynamic-author
client xxx.x.x.x server-key 7 yyyyyyyyyyyyy
auth-type all
ignore session-key
ignore server-key
!
aaa  session-id common
clock timezone KGST 6
ip subnet-zero
ip  source-route
!
!
!
!
ip cef
ip name-server xxxxxxxxx
ip  name-server xxxxxxxxx
!
!
subscriber service password 7  xxxxxxxxxxxxxxxx
redirect server-group REDIR-SERVER
server ip  xxx.xxx.xxx.xxx port 9999
!
multilink bundle-name authenticated
!
!
archive
log config
  logging enable
  notify syslog contenttype plaintext
   hidekeys
path ftp:[email protected]/bras7206-[email protected]/bras7206-
write-memory
time-period 10080
username tuxper password 7  yyyyyyyyyyyy
username evrey password 7 yyyyyyyyyyyyy
!
!
!
!
!
!
bba-group  pppoe global
virtual-template 1
sessions max limit 8000
sessions per-vlan limit 4000
!
!
interface Loopback0
ip  address xx.xxx.xx.xx 255.255.255.255
!
interface  GigabitEthernet0/1
description 7600_Uplink
ip address  yy.yy.yy.yy 255.255.255.252
ip ospf network point-to-point
media-type rj45
speed 1000
duplex full
no negotiation auto
no cdp enable
!
interface GigabitEthernet0/2
description  7600_Uplink_pppoe_vlan
mtu 9000
no ip address
media-type  rj45
speed auto
duplex auto
no negotiation auto
vlan-range dot1q 25 26
  pppoe enable group global
   exit-vlan-config
!
vlan-range dot1q 300 399
  pppoe enable  group global
  exit-vlan-config
!
vlan-range dot1q 401 461
   pppoe enable group global
  exit-vlan-config
!
vlan-range  dot1q 600 620
  pppoe enable group global
  exit-vlan-config
!
vlan-id dot1q 20
  pppoe enable group global
  exit-vlan-config
!
!
interface GigabitEthernet0/3
no ip address
shutdown
media-type rj45
speed auto
duplex auto
no negotiation auto
!
interface  Virtual-Template1
description PPPoE
mtu 1492
ip unnumbered  Loopback0
ppp authentication chap pap PPPoE
ppp authorization  PPPoE
ppp accounting PPPoE
ppp eap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp ipcp dns zzz.zzz.zzz.zzz zzz.zzz.zzz.zzz
!
router  ospf 1
router-id yyy.yy.yy.yy
log-adjacency-changes
summary-address ii.iii.ii.0 255.255.254.0
summary-address  ttt.ttt.ttt.0 255.255.255.0
summary-address ttt.ttt.ttt.0  255.255.255.0
summary-address ttt.ttt.ttt.0 255.255.255.0
summary-address ttt.ttt.ttt.0 255.255.254.0
redistribute connected  subnets
redistribute static subnets
network uuu.uuu.uuu.uuu  0.0.0.3 area 0
default-information originate
!
ip classless
!
!
no  ip http server
no ip http secure-server
!line con 0
stopbits 1
line  aux 0
stopbits 1
line vty 0 4
session-timeout 30
exec-timeout 60 0
length 0
international
line vty 5 15
!
ntp  clock-period 17179974
ntp peer vvv.vvv.vvv.vvv
ntp peer  vvv.vvvv.vvv.vvv
end

P.S. I'm ready to provide any needed information.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Johan Denoyer Mon, 06/14/2010 - 04:28

Hello Barat,

seems from the wireshark dump that the CPE is rejecting chap with MD5 authentification that the Cisco equipment is asking for...

You should check with your CPE vendor which authentification it requires and allow that on your virtual-template (or juste remove the ppp ms-chap refuse ppp ms-chap-v2 refuse commands from your virtual-template)

Johan

m.rabidinov Tue, 06/29/2010 - 20:31

I made config like this:

interface Virtual-Template1
description PPPoE
mtu 1492
ip unnumbered Loopback0
ppp authentication chap pap ms-chap ms-chap-v2 PPPoE
ppp authorization PPPoE
ppp accounting PPPoE
ppp eap refuse
ppp ipcp dns xxx.xx.xx.xx tt.tt.tt.tt
!

But the problem is actual.

I installed new IOS: c7200-advipservicesk9-mz.122-33.SRE1.bin

But 21 days is over, and I have the same problem.

I don't understand anything.

Actions

This Discussion