L2TP LNS PPP auth error

jarvar832004 · ‎10-01-2008

Hi

I have a setup as foll

PPOE client->LAC(Radius)->LNS(Radius)

I face a strange issue only at the PPP authenticating phase.

A snapshot of the debug PPP negotiation is as foll

06:32:40: ppp67 PPP: Phase is ESTABLISHING

06:32:40: ppp67 PPP: Send Message[Dynamic Bind Response]

06:32:40: ppp67 LCP: O CONFREQ [Closed] id 1 len 39

06:32:40: ppp67 LCP: ACCM 0x000A0000 (0x0206000A0000)

06:32:40: ppp67 LCP: AuthProto PAP (0x0304C023)

06:32:40: ppp67 LCP: MagicNumber 0x1ABD01EF (0x05061ABD01EF)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:40: ppp67 LCP: MRRU 1524 (0x110405F4)

06:32:40: ppp67 LCP: EndpointDisc 1 R2A-7200 (0x130B015232412D37323030)

06:32:40: ppp67 LCP: I CONFREQ [REQsent] id 5 len 20

06:32:40: ppp67 LCP: ACCM 0x00000000 (0x020600000000)

06:32:40: ppp67 LCP: MagicNumber 0x6A722D66 (0x05066A722D66)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:40: ppp67 LCP: O CONFACK [REQsent] id 5 len 20

06:32:40: ppp67 LCP: ACCM 0x00000000 (0x020600000000)

06:32:40: ppp67 LCP: MagicNumber 0x6A722D66 (0x05066A722D66)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:40: ppp67 LCP: I CONFREJ [ACKsent] id 1 len 19

06:32:40: ppp67 LCP: MRRU 1524 (0x110405F4)

06:32:40: ppp67 LCP: EndpointDisc 1 R2A-7200 (0x130B015232412D37323030)

06:32:40: ppp67 LCP: O CONFREQ [ACKsent] id 2 len 24

06:32:40: ppp67 LCP: ACCM 0x000A0000 (0x0206000A0000)

06:32:40: ppp67 LCP: AuthProto PAP (0x0304C023)

06:32:40: ppp67 LCP: MagicNumber 0x1ABD01EF (0x05061ABD01EF)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:41: ppp67 LCP: I CONFACK [ACKsent] id 2 len 24

06:32:41: ppp67 LCP: ACCM 0x000A0000 (0x0206000A0000)

06:32:41: ppp67 LCP: AuthProto PAP (0x0304C023)

06:32:41: ppp67 LCP: MagicNumber 0x1ABD01EF (0x05061ABD01EF)

06:32:41: ppp67 LCP: PFC (0x0702)

06:32:41: ppp67 LCP: ACFC (0x0802)

06:32:41: ppp67 LCP: State is Open

06:32:41: ppp67 PPP: Phase is AUTHENTICATING, by this end

06:32:41: ppp67 LCP: I IDENTIFY [Open] id 6 len 18 magic 0x6A722D66 MSRASV5.10

06:32:41: ppp67 LCP: I IDENTIFY [Open] id 7 len 21 magic 0x6A722D66 MSRAS-0-RAMYA

06:32:41: ppp67 PAP: I AUTH-REQ id 38 len 30 from "test@rw.test.tcl"

06:32:41: ppp67 PAP: Authenticating peer test@rw.test.tcl

06:32:41: ppp67 PPP: Phase is FORWARDING, Attempting Forward

06:32:41: ppp67 PPP: Phase is AUTHENTICATING, Unauthenticated User

06:32:41: ppp67 PAP: O AUTH-NAK id 38 len 26 msg is "Authentication failed"

06:32:41: ppp67 PPP: Sending Acct Event[Down] id[A2]

06:32:41: ppp67 PPP: Phase is TERMINATING

06:32:41: ppp67 LCP: O TERMREQ [Open] id 3 len 4

06:32:41: ppp67 PPP: Received Disconnect from Lower Layer

06:32:41: ppp67 LCP: O TERMREQ [TERMsent] id 3 len 4

06:32:41: ppp67 PPP: Dynamic send error, close LCP

06:32:41: ppp67 LCP: State is Closed

06:32:41: ppp67 PPP: Phase is DOWN

06:32:41: ppp67 PPP: Phase is TERMINATING

The L2TP tunnel is seen to be established for a fraction of a second, but immediately disconnects due to authentication problem.

Note : There is no username or password error in this case.

Has anyone any idea on this?

drolemc · ‎10-07-2008

If you enabled "l2tp hidden" command it causes additional security if PPP is using PAP or proxy authentication between the LAC and LNS tunnel cannot be established

If you disable "no l2tp hidden" then everything works fine

For further information click this link.

http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/l2tp.html#wp9947