l2tp tunnel authentication

kevitt · ‎09-24-2003

Hi,

I've set up a LAC with no l2tp tunnel authentication but I'm getting a challenge in the SCCRQ at the LNS.

lac conf..

vpdn enable

!

vpdn-group 1

request-dialin

protocol l2tp

no l2tp tunnel authentication

LAC is a 7206xvr running 12.2(8) ZB8

lns debug...

4w2d: Tnl 91 L2TP: GOt a challenge in SCCRQ, model-pdsn

any help would be appreciated,

cheers

paul

dbellazetin · ‎09-25-2003

Do you see the LAC send the challenge in the LAC debug ?

Daniel

kevitt · ‎09-25-2003

yes...

also noticed that changing the local name in the LAC config has no effect...the hostname is always seen in the LNS debug as the source of the SCCRQ.

When i change the local name in the LNS the changes are seen in the LAC debug as expected.

dbellazetin · ‎09-26-2003

Thats very strange. If you are running Cisco LNS, and LAC I would recommend trying to run L2F as the protocol instead of L2TP. It essentially works the same way. And if the behavior is still the same I would recommend opening a TAC case for this. The LAC is not behaving appropriately.

Daniel

kevitt · ‎09-29-2003

thanks for the advice...I've now opened a case..

I've found that nothing within the vpdn-group has any effect, in the end I used radius to assign tunnel password. I can't use l2f as the LAC could be tunelling to non-Cisco LNSs within our core network...

cheers

paul

JAN MARIS · ‎01-15-2004

Hello,

I have also noticed this in 12.2(15)T7. Has this been acknowledged by TAC?

Jan

kevitt · ‎01-15-2004

Hi,

I've since found that if you use radius authorisation it overrides anything in the vpdn-group. As we use Radius to get the tunnel endpoint the vpdn-group settings are not used. Unfortunately there is no Cisco AVP that you can send to disable tunnel authentication via RADIUS so I've been told by tac. Therefore it appears that if you use RADIUS then you MUST use tunnel Authentication.