PPP IP address and virtual-access interface

Similar Messages

• Prime infrastructure 2.0 - Inventory error with Virtual-Access Interface

  Hi,
  We have recently been trying to resolve a few issues with routers which get partial inventory failures upon discovery. I have managed to narrow this down slightly with the help of the inventory.log file. (With help from this post https://supportforums.cisco.com/thread/2255346 ) I have found the following happnes when this device is added:
  [2014-03-04 14:00:27,537] [ICE Service[ 1]Thread: 29] [inventory] [ERROR] - 172.16.3.202 Object detected as SAME but DB Object obtained from the database is NULL For instance id: 0 For generated POJO: PPPEncapsulation[callBack=false,callIn=false,callOut=false,multilink=false,name=Virtual-Access1,oneTime=false,owningEntityId=69757688_172.16.3.202,preferedAuthType=NONE,deployPending=NONE,name=Virtual-Access1,owningEntityId=69757688_172.16.3.202,instanceId=0,_orderedListOEIndex=<Integer>,_creationOrderIndex=<Integer>,instanceVersion=0]
  I have highlighted above where it mentions the problem with the virtual access interface. The configuration on the router is for PPPoE and the virtual-access1 interface is bound to Dialer0.
  It then goes on to roll back the transaction:
  172.16.3.202 persistObjects called with addList size = 307, updateList size = 6
  172.16.3.202 Exception while persisting: com.cisco.xmp.persistence.common.util.DMMCRUDException:,message=errorId=12,componentName=CRUD Error Create Object Failed
  172.16.3.202 Exception occured while inventory collection for device with id 69757688: com.cisco.xmp.inventory.ice.InventoryException: errorId=12,componentName=CRUD Error Create Object Failed
  172.16.3.202 Done with collection. Total call method time: 15308
  172.16.3.202 Rolling back the transaction
  Has anyone else come accross this issue?
  I have attched the log showing just messages from this device.
  Thanks,
  Mike.

  TAC and I found a bug, CSCum05301.
  May be that is also helpfull for others.
  https://tools.cisco.com/bugsearch/bug/CSCum05301/
  Symptom:
  Inventory collection will fail if following keywords are used as part on description command on the interface config level of IOS device: 1Gbps, 10Mbps etc.
  Following error message is visible on the DWC:
  Inventory Collection Status: Partial Collection Failure
  Collection Status     Failed feature(s)
  Unable to configure DSL, Serial, POS, Ethernet, Loopback, Virtual-Interface, Tunnel, Vlan, Switchport and Service Module interfaces on ISR, ASR and Switches.
  Conditions:
  Speed keywords like 1Gbps, 10Mbps etc. available as part of descrption command in IOS interface level.
  For example:
  interface FastEthernet0/3
  description 10Mbps
  Workaround:
  Use a space character between number and unit keyword, like 1 Gbps.

• Time Capsule Loses DHCP IP Address and Cannot access Internet

  My set up: Astound Cable Modem -> Belkin Router ->TC broadcasting wireless to 2 Apple TVs, 2 AE n units. Up until recently, we were experiencing periodic loss of internet access and rebooting the cable modem and router would get us up and running. After the 7.4.1 Airport update, the TC has been losing its DHCP assigned IP (from the router) and self-assigning an invalid address. If I am tied into the router via ethernet, I can access the internet just fine. However, using the wireless from TC, that is not the case.
  I have invested a lot of time and effort into setting up a worry-free wireless network and back up solution for our two laptops, 2 iPhones and Apple TVs. Something has really gone wrong of late. I work from home quite a bit and rely on a VPN connection to remain in touch with the office. Having to restart the network every half hour or so, is not conducive to productivity!
  I have tried a number of solutions on these boards, but nothing sticks. I really do not know where to go for help. Drag all the components down to the Genius bar? How do they emulate my specific set up? I suppose they could verify my TC set up is correct? But it is pretty basic: creates a network/bridge mode/serves as a TM back up source for our laptops - works by direct ethernet connect, but not wirelessly. This last problem may be a function of the image bundle name: it includes the MAC address which is different depending on whether we are accessing by ethernet or airport. Not sure about that one…
  Anyway, we are really in need of expert advice and I just wanted the forum to know this easy stuff ain't so easy after all! And, that I appreciate all the help I can get from the good people who frequent this place that actually know what they are doing! Unlike me.
  Any advice is welcome.

  I removed the Belkin router and set up the Airport Time Capsule as the DHCP server. No problems since.

• MAC address and router access control

  My iPhone 3GS can only access the network (through my Netgear KWGR614 wireless router) when the router's MAC address access control is off. When I turn it on the phone is blocked. The MAC address I use is taken from the iPhone settings. It begins with 64. All other MAC addresses I have ever seen begins with 00. Is this MAC address correct? If it is right, could it be that the router can't handle this address?

  The first 3 bytes of the mac address identifies the manufacturer. For example, mine starts with 04:1e:64 which is Apple
  04-1E-64 (hex) Apple, Inc
  041E64 (base 16) Apple, Inc
  1 Infinite Loop
  Cupertino CA 95014
  UNITED STATES
  . if it starts with 64 then it belongs to
  64-4F-74 (hex) LENUS Co., Ltd.
  644F74 (base 16) LENUS Co., Ltd.
  18-5 Gwacheon-Dong
  Gwacheon Gyeonggi-Do 427-060
  KOREA, REPUBLIC OF
  check this list : http://standards.ieee.org/regauth/oui/index.shtml
  enter your first 3 numbers (first 3 pairs) from your wifi (settings/general/about) (don't use colons in the search)
  Not sure about the router as I never tried mac filtering. Each router will behave differently.
  Hope this helps.

• HT5622 icloud is loading my old email address and cannot access email

  hi I just done a restore and was a success, 6.1,3 but on configuring iphone, start, I noticed that I cloud does not regonise my new email address,
  in the restore I ticked to recover my saved sync choice over new start configuration , can anybody help please , I have changed my apple account details three times to no avail regards norman

  If you are trying to change your iCloud ID, go to Settings>iCloud, tap Delete Account, then sign back in with the new ID.  This deletes the account and your iCloud data from your device, but not from iCloud.  Provided you are signing back into the same account, your iCloud data will reappear on your device when you sign back in.
  To avoid losing photo stream photos, save them to your camera roll (if not already there) before deleting the account.  To do this, open your my photo stream album, tap Edit, tap the photos, tap Share, then tap Save to Camera Roll.

• ASR 1002 PPPoE/A Virtual-Access subinterface problem

  Hi Guys,
  i try to configure a BRAS solution for PPPoE/A termination.
  When try to connect a client i receive the following error:
  *May  3 00:51:25.043: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to up
  *May  3 00:51:25.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access4, changed state to up
  *May   3 00:51:25.093: %FMANRP_ESS-4-FULLVAI: Session creation failed due to  Full Virtual-Access Interfaces not being supported. Check that all  applied Virtual-Template and RADIUS features support Virtual-Access  sub-interfaces. swidb= 0x40A8D2CC, ifnum= 29
  *May  3 00:51:25.098: %LINK-3-UPDOWN: Interface Virtual-Access4, changed state to down
  The problem is related to Virtual-Access subinterface, usually,  on standard IOS,  i work on full mode
  In the Cisco DOC i found this:
  "If the subinterface is not configured, the following error message is  displayed when creating a session with one of the RADIUS attributes:
  *Mar 13 22:04:03.358: %FMANRP_ESS-4-FULLVAI: Session creation failed due to Full
  Virtual-Access Interfaces not being supported. Check that all applied Virtual-Template and
  RADIUS features support Virtual-Access sub-interfaces. swidb= 0x7FA35A42F218, ifnum= 30
  To enhance the scalability of per-user configurations, in many cases,  different Cisco AV-pairs are available to place the subscriber interface  in a Virtual Routing and Forwarding (VRF) instance or to apply a policy  map to the session. For example, use the ip:vrf-id and ip:ip-unnumbered  VSAs to reconfigure a user's VRF. For information about enhancing  scalability see, "Enhancing the Scalability of Per-User Configurations" section."
  Ok i try to pass in radreply the following attribute :
  test    Cisco-AVPair     +=     ip:vrf-id=RACC_ULL
  test    Cisco-AVPair     +=     ip:ip-unnumbered=Loopback 199
  Nothing don't work same error ....
  If remove a "ip-unnumbered" attribute the Virtual-Access coming up but no ip address is assigned
  Any ideas ?
  Many thx
  show ver
  Cisco IOS Software, IOS-XE Software (PPC_LINUX_IOSD-ADVENTERPRISEK9-M), Version 15.1(3)S2, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Mon 12-Dec-11 15:15 by mcpre
  Cisco IOS-XE software, Copyright (c) 2005-2011 by cisco Systems, Inc.
  All rights reserved.  Certain components of Cisco IOS-XE software are
  licensed under the GNU General Public License ("GPL") Version 2.0.  The
  software code licensed under GPL Version 2.0 is free software that comes
  with ABSOLUTELY NO WARRANTY.  You can redistribute and/or modify such
  GPL code under the terms of GPL Version 2.0.  For more details, see the
  documentation or "License Notice" file accompanying the IOS-XE software,
  or the applicable URL provided on the flyer accompanying the IOS-XE
  software.
  ROM: IOS-XE ROMMON
  ASR-01-BS uptime is 6 days, 18 hours, 6 minutes
  Uptime for this control processor is 6 days, 18 hours, 8 minutes
  System returned to ROM by reload at 22:08:16 UTC Sat Mar 31 2012
  System image file is "bootflash:asr1000rp1-adventerprisek9.03.04.02.S.151-3.S2.bin"
  Last reload reason: PowerOn
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  cisco ASR1002 (2RU) processor with 1700062K/6147K bytes of memory.
  4 Gigabit Ethernet interfaces
  1 ATM interface
  32768K bytes of non-volatile configuration memory.
  4194304K bytes of physical memory.
  7757823K bytes of eUSB flash at bootflash:.
  Configuration register is 0x2102
  show run
  aaa new-model
  aaa group server radius AAA_RACC_ULL
  server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key xxxxxxx
  server-private xx.xx.xx.xx auth-port 1812 acct-port 1813 key xxxxxxx
  ip vrf forwarding RACC_ULL
  aaa authentication login local_auth local
  aaa authentication ppp default group AAA_RACC_ULL
  aaa authorization network default group AAA_RACC_ULL
  aaa accounting send stop-record authentication failure
  aaa accounting update newinfo periodic 60
  aaa accounting network default start-stop group AAA_RACC_ULL
  aaa accounting connection default start-stop group AAA_RACC_ULL
  aaa accounting resource default start-stop group AAA_RACC_ULL
  aaa session-id common
  aaa policy interface-config allow-subinterface
  ip vrf RACC_ULL
  description *** VRF Raccolta TEST ***
  rd 1:1
  vpdn enable
  no virtual-template snmp
  bba-group pppoe xDSL_PPPoE_ADSL
  virtual-template 199
  vendor-tag circuit-id service
  sessions auto cleanup
  interface Loopback199
  description *** GW RACCOLTA IP ADSL ***
  ip vrf forwarding RACC_ULL
  ip address 10.0.0.1 255.255.255.255
  interface GigabitEthernet0/0/0
  description *** ***
  no ip address
  no ip proxy-arp
  load-interval 30
  negotiation auto
  interface GigabitEthernet0/0/3.20
  description *** DOWNLINK TO DSLAM VLAN ADSL ***
  encapsulation dot1Q 20
  ip vrf forwarding RACC_ULL
  no ip proxy-arp
  pppoe enable group xDSL_PPPoE_ADSL
  interface Virtual-Template199
  description *** PPPoE AUTH ADSL ***
  mtu 1488
  ip unnumbered Loopback199
  peer default ip address pool DYNAMIC_ADSL
  ppp authentication chap pap callin
  ip local pool DYNAMIC_ADSL 192.168.20.2 192.168.20.254
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip route vrf RACC_ULL 0.0.0.0 0.0.0.0 192.168.254.1
  ip radius source-interface GigabitEthernet0/0/0.999 vrf RACC_ULL
  radius-server vsa send accounting
  radius-server vsa send authentication

  Hi Manuel,
  thanks for your answer.
  Below the other attribute send from radius to ASR
  Framed-MTU     :=     1488
  MS-Primary-DNS-Server     :=     62.97.32.21
  MS-Secondary-DNS-Server     :=     62.97.33.21
  Framed-Protocol     :=     PPP
  Service-Type     :=     Framed-User
  Framed-Compression     :=     Van-Jacobsen-TCP-IP
  If possible i prefer to work using only virtual-template mode without per-user VRF.
  I try con configure VT using ip vrf forwarding RACC_ULL and ip unnumbered ( in the same VRF domain ) without success.

• LLQ on Virtual-Acces Interfaces

  I'm sure this must have been asked before but...
  Given service policies with CBWFQ and LLQ aren't allowed on virtual-access interfaces how can a service provider guarantee bandwidth and latency to VoIP or other priority traffic over a single PPP session?
  I'm looking at this from the point of view of a broadband service provider using L2TP to tunnel customer PPP sessions to the terminating router so there isn't an individual interface for each customer except the for the virtual-access interface.
  I've looked at ppp multilink but I don't see how that can be used in an environment where each customer can only initiate one PPP session?
  I'm assuming the only way to go is to use the
  "ip rtp priority" command on the virtual-template.
  Any ideas on where to look?
  Is CBWFQ likely to make it into the whole VPDN system or is it just too resource hungry?
  Richard Watson

  You can just add 'ip rtp priority' command to the virtual-template. But anyway you will have to shutdown interface and clear virtual-access interface to make it work. Here's the nice description of the command.
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iprtp.htm

• Virtual-access gets the same ip

  There is a client getting an ip from a local pool. I clear the virtual-access interface but he always gets the same ip. How can the client get a new ip address?

  Clear virtual access interface. Let few devices obtain ip address before this device so that sufficient time would have expired and this device could get a new ip address.

• What is virtual template interface

  hi all
  Please explain me what is vitual template interface and when should used.how can someone used it to bind physical intfaces under virtual templte int?

  Hi,
  A virtual template interface is used to provide the configuration for dynamically created Virtual-Access interfaces. It is created by users and can be saved in nonvolatile RAM (NVRAM).
  Once the virtual template interface is created, it can be configured in the same way as a serial interface.
  To create a virtual template interface that can be configured and applied dynamically in creating virtual access interfaces, use the interface virtual-template command in global configuration mode.
  Virtual template interfaces can be created and applied by various applications such as Virtual Profiles, virtual private dialup networks (VPDN), PPP over ATM, PPP over Frame Relay, protocol translation, and Multichassis Multilink PPP (MMP).
  Following are FR and ATM examples:
  interface Serial1/0.1 point-to-point
  bandwidth 128
  frame-relay interface-dlci 51 ppp Virtual-Template1
  class FRTS
  interface ATM1/0.52 point-to-point
  ip vrf forwarding customer
  pvc 101/52
  abr 167 167
  oam-pvc manage
  encapsulation aal5ciscoppp virtual-Template 1
  http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_reference_chapter09186a0080080d36.html#wp1017915
  HTH, please do rate all helpful replies,
  Mohammed Mahmoud.

• Best way to monitor virtual-access flaps ?

  Hi,
  I'm seeing regular virtual-access interface flaps. Is there a good way to keep a count of these? I could monitor the syslog and increment a counter however there must be a more elegant way to do this. I can't find an OID or show commands which gives me what I'm looking for. Any ideas?
  Ryan

  I think your initial idea is a good one.  If you have a syslog that you can track, count the number of flap conditions you see.  This is actually fairly elegant as you can then use that counter in other EEM policies to take additional action.

• PPP and virtual-access2 is down, please help

  Dear All,
  Since yesterday we have problems with our Cisco 878 SDSL router/modem. We make use of a standard script from our ISP (KPN.com). When we have uploaded the script by Windows Terminal, the router is unable to establish a ppp connection with our ISP. Virtual-access2 link is up, but the protocol is down.
  Please find underneath the standard script from KPN.com. Please help we have already lost 1 day with "trial and error" and the service and support is not that great from our ISP.
  Thanks in advance for your reply.
  Cheers.
  FYI
  version 12.4
  no service pad
  service timestamps debug datetime localtime
  service timestamps log datetime localtime
  service password-encryption
  no service udp-small-servers
  no service tcp-small-servers
  no service dhcp
  hostname IDSL-ADV-Cust-CPE-SDSL
  logging rate-limit console 10 except errors
  boot-start-marker
  boot-end-marker
  ip subnet-zero
  ip cef
  no ip dhcp-client network-discovery
  ip dhcp pool IAS
  import all
  origin ipcp
  ip name-server 194.151.228.18
  ip name-server 194.151.228.34
  controller DSL 0
  mode atm
  line-term cpe
  line-mode auto
  dsl-mode shdsl symmetric annex B
  interface BRI0
  no ip address
  encapsulation hdlc
  shutdown
  interface ATM0
  no ip address
  no shutdown
  no atm ilmi-keepalive
  interface ATM0.1 point-to-point
  description To IAS over ADSL Access Router
  pvc 2/32
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Vlan1
  ip address pool IAS
  ip verify unicast reverse-path
  no shutdown
  no cdp enable
  hold-queue 32 in
  interface Dialer0
  ip address negotiated
  ip verify unicast reverse-path
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  no cdp enable
  ppp authentication chap callin
  ppp chap hostname KPN
  ppp chap password xx
  ppp pap sent-username kpn password xxx
  ppp ipcp dns request
  ppp ipcp mask request
  ppp ipcp address accept
  ip classless
  ip route 0.0.0.0 0.0.0.0 Dialer0
  no ip http server
  no ip http secure-server
  control-plane
  scheduler max-task-time 5000
  end

  Hi,
  beside that the proposed config has no NAT, it appears fine. Can you send output of "show dsl interface" and "show atm PVC 2/35".

• AP Manager interface and Virtual Interface

  What do each of these interfaces do on the 526 WMAC? I am not sure I understand the functionality and did not find the answer to this in the documentation.
  Thanks

  Well from a WLC, the management is used to access and manage the wlc. It is also used for communication with the mobility group. AP-Manager is the interface the wlc and the ap's use and the virtual interface is used by internal dhcp, mobility group, webauth, etc. The virtual interface is not routable in your network, it is mainly used by the wlc's for various features.
  Here is from a Cisco Doc:
  The management interface is the default interface for in-band management of the controller and connectivity to enterprise services such as AAA server. If the service port is in use, the management interface must be on a different subnet than the service port.
  The AP-Manager interface is used as the source IP address for all Layer 3 communications between the controller and the lightweight access points. The AP-Manager must have a unique IP address and should be on the same subnet as the management interface.
  The virtual gateway interface is used to support mobility management, DHCP relay, and embedded Layer 3 security, like guest web authentication and VPN termination. The virtual interface must be configured with an unassigned and unused gateway IP address. If multiple controllers are configured in a mobility group, the virtual interface must be the same on all controllers for seamless roaming.
  The service-port interface is mapped only to the physical service port. The service port interface must have an IP address on a different subnet from the management and AP-Manager interfaces. A default-gateway cannot be assigned to the service-port interface, but static routes can be defined through the controller command-line interface for remote network access to the service port.

• I created an Apple ID for iTunes using a work email address and left that company before I had an opportunity to change the email and password for that account.  How do I change the email address to a new one that I can access?

  I created an Apple ID for iTunes using a work email address and left that company before I had an opportunity to change the email and password for that same account.  Now I can't seem to login to that account and I can't choose the option for forgot password because it will send email to the old workplace.  How do I change the email address to a new one that I can access?

  If you remeber the password to that Apple ID then follow these steps
  1 - Make sure you have an email address that is NOT an Apple ID
  2 - Go to AppleID.Apple.com
  3 - Where it reads Manage Apple ID - Sign in
  Once you are signed in want to make sure the email address you are wanting to use is NOT set up as a "Recovery/Rescue" email for this account.
  [To check this - Main page where you see Primary ID - below do you see the email address you want to use listed towards the bottom? Yes - Delete / No - Good ./. If made any adjustments "Save" Next on the left select "Password & Security" - Answer your security questions you set up "if you have any" then scroll towards the bottom and check to see if you see the email address you want to use. Yes - Delete / No - Good] <-> Also you can change your password on this page as well. Any adjustments made "Save"
  Once this is done go back to the main page where you should read "Primary ID" and change the email address that is showing to the new email address youo want. "Save" Done
  I learned this not to long ago and worked for me. Hope this helps you!

• I recently changed my email address and switched it to my primary address on my Apple ID account.  It works in iTunes, but when I open up iCloud, my old ID shows and I can't access it to change anything.  Can't ask for email change for password

  I recently changed my email address and updated my Apple ID name to the new address.  It worked for iTunes and apps, but when I bring up iCloud, my old ID name shows.  I can'tr access it to change it since my security questions don't work and when I request an email to change password, it says it sent one but I do not receive anything.  Just need to klnow how to change my Applle ID on iCloud if I can't access the old one.  I'm afraid if I delete the account and open a new one, I'll lose all of my calendar. 

  If you have 'Find My iPad' activated on the iPad it will cause this problem. You will have to contact Support for help. Go to https://expresslane.apple.com ; select 'More Products and Services', then 'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Lost or forgotten Apple ID password' and click 'Continue'.

• I had a name for my user name not an email address and now I cannot get access to my itunes account

  I had a simple user name through the itunes store. It was just a name not an email address, now when I sign in it sends me to an old itunes account which does not recognize purchases that I have made over  the last 5 years.
  Any clue as to how I can access my old account again? I tried asking the system to send me a password with my username (which is not an email address) and have yet to see an email that was on flie with that address.
  Any help would be appreciated
  Thank you.

  Have you tried calling?
  1-800-MY-APPLE (1-800-692-7753)