ASR 1002 PPPoE/A Virtual-Access subinterface problem

Answered Question
May 3rd, 2012

Hi Guys,

i try to configure a BRAS solution for PPPoE/A termination.

When try to connect a client i receive the following error:

--------------------------------------------------------------------------------------------------------------------------------------

*May  3 00:51:25.043: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up

*May  3 00:51:25.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state to up

*May   3 00:51:25.093: %FMANRP_ESS-4-FULLVAI: Session creation failed due to  Full Virtual-Access Interfaces not being supported. Check that all  applied Virtual-Template and RADIUS features support Virtual-Access  sub-interfaces. swidb= 0x40A8D2CC, ifnum= 29

*May  3 00:51:25.098: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down

---------------------------------------------------------------------------------------------------------------------------------------

The problem is related to Virtual-Access subinterface, usually,  on standard IOS,  i work on full mode

.

In the Cisco DOC i found this:

"If the subinterface is not configured, the following error message is  displayed when creating a session with one of the RADIUS attributes:

*Mar 13 22:04:03.358: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full 
Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and 
RADIUS features support Virtual-Access sub-interfaces. swidb= 0x7FA35A42F218, ifnum= 30

To enhance the scalability of per-user configurations, in many cases,  different Cisco AV-pairs are available to place the subscriber interface  in a Virtual Routing and Forwarding (VRF) instance or to apply a policy  map to the session. For example, use the ip:vrf-id and ip:ip-unnumbered  VSAs to reconfigure a user's VRF. For information about enhancing  scalability see, "Enhancing the Scalability of Per-User Configurations" section."

Ok i try to pass in radreply the following attribute :

test    Cisco-AVPair     +=     ip:vrf-id=RACC_ULL

test    Cisco-AVPair     +=     ip:ip-unnumbered=Loopback 199

Nothing don't work same error ....

If remove a "ip-unnumbered" attribute the Virtual-Access coming up but no ip address is assigned

Any ideas ?

Many thx

----------------------

show ver

----------------------

Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.1(3)S2, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2011 by Cisco Systems, Inc.

Compiled Mon 12-Dec-11 15:15 by mcpre

Cisco IOS-XE software, Copyright (c) 2005-2011 by cisco Systems, Inc.

All rights reserved.  Certain components of Cisco IOS-XE software are

licensed under the GNU General Public License ("GPL") Version 2.0.  The

software code licensed under GPL Version 2.0 is free software that comes

with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such

GPL code under the terms of GPL Version 2.0.  For more details, see the

documentation or "License Notice" file accompanying the IOS-XE software,

or the applicable URL provided on the flyer accompanying the IOS-XE

software.

ROM: IOS-XE ROMMON

ASR-01-BS uptime is 6 days, 18 hours, 6 minutes

Uptime for this control processor is 6 days, 18 hours, 8 minutes

System returned to ROM by reload at 22:08:16 UTC Sat Mar 31 2012

System image file is "bootflash:asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin"

Last reload reason: PowerOn

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

cisco ASR1002 (2RU) processor with 1700062K/6147K bytes of memory.

4 Gigabit Ethernet interfaces

1 ATM interface

32768K bytes of non-volatile configuration memory.

4194304K bytes of physical memory.

7757823K bytes of eUSB flash at bootflash:.

Configuration register is 0x2102

----------------------

show run

----------------------

aaa new-model

!

!

aaa group server radius AAA_RACC_ULL

server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key xxxxxxx

server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key xxxxxxx

ip vrf forwarding RACC_ULL

!

aaa authentication login local_auth local

aaa authentication ppp default group AAA_RACC_ULL

aaa authorization network default group AAA_RACC_ULL

aaa accounting send stop-record authentication failure

aaa accounting update newinfo periodic 60

aaa accounting network default start-stop group AAA_RACC_ULL

aaa accounting connection default start-stop group AAA_RACC_ULL

aaa accounting resource default start-stop group AAA_RACC_ULL

!

!

aaa session-id common

aaa policy interface-config allow-subinterface

!

ip vrf RACC_ULL

description *** VRF Raccolta TEST ***

rd 1:1

!

vpdn enable

!

no virtual-template snmp

!

!

bba-group pppoe xDSL_PPPoE_ADSL

virtual-template 199

vendor-tag circuit-id service

sessions auto cleanup

!

!

interface Loopback199

description *** GW RACCOLTA IP ADSL ***

ip vrf forwarding RACC_ULL

ip address 10.0.0.1 255.255.255.255

!

!

interface GigabitEthernet0/0/0

description *** ***

no ip address

no ip proxy-arp

load-interval 30

negotiation auto

!

!

interface GigabitEthernet0/0/3.20

description *** DOWNLINK TO DSLAM VLAN ADSL ***

encapsulation dot1Q 20

ip vrf forwarding RACC_ULL

no ip proxy-arp

pppoe enable group xDSL_PPPoE_ADSL

!

!

interface Virtual-Template199

description *** PPPoE AUTH ADSL ***

mtu 1488

ip unnumbered Loopback199

peer default ip address pool DYNAMIC_ADSL

ppp authentication chap pap callin

!

!

ip local pool DYNAMIC_ADSL 192.168.20.2 192.168.20.254

ip forward-protocol nd

!

no ip http server

no ip http secure-server

ip route vrf RACC_ULL 0.0.0.0 0.0.0.0 192.168.254.1

!        

ip radius source-interface GigabitEthernet0/0/0.999 vrf RACC_ULL

!

!

radius-server vsa send accounting

radius-server vsa send authentication

!

I have this problem too.
0 votes
Correct Answer by manuelro about 1 year 11 months ago

Hi Alessandro,

I understand that you are trying to configure per-user VRF for your session, correct? Would it be possible to share the full Radius profile you are sending? Perhaps you are sending some other attribute that is trying to trigger full VAI which is not supported in ASR1k platform.

Best regards.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Correct Answer
manuelro Thu, 05/03/2012 - 06:11

Hi Alessandro,

I understand that you are trying to configure per-user VRF for your session, correct? Would it be possible to share the full Radius profile you are sending? Perhaps you are sending some other attribute that is trying to trigger full VAI which is not supported in ASR1k platform.

Best regards.

aballestriero Thu, 05/03/2012 - 07:18

Hi Manuel,

thanks for your answer.

Below the other attribute send from radius to ASR

Framed-MTU     :=     1488

MS-Primary-DNS-Server     :=     62.97.32.21

MS-Secondary-DNS-Server     :=     62.97.33.21

Framed-Protocol     :=     PPP

Service-Type     :=     Framed-User

Framed-Compression     :=     Van-Jacobsen-TCP-IP

If possible i prefer to work using only virtual-template mode without per-user VRF.

I try con configure VT using ip vrf forwarding RACC_ULL and ip unnumbered ( in the same VRF domain ) without success.

aballestriero Thu, 05/03/2012 - 08:17

I have found the problem ....

Framed-Compression     :=     Van-Jacobsen-TCP-IP

Force the virtual-access mode to full.

Many thx Manuel.

manuelro Thu, 05/03/2012 - 09:16

Hi Alessandro,

I was about to reply your previous message. Indeed, Framed-Compression attribute will force the use of full VAI. The attribute is not supported on ASR1k platform because of this. You were one step ahead of me there

Best regards.

Actions

Login or Register to take actions

This Discussion

Posted May 3, 2012 at 1:16 AM
Stats:
Replies:4 Avg. Rating:5
Views:4156 Votes:0
Shares:0

Related Content

Discussions Leaderboard