09-24-2003 09:13 PM - edited 03-02-2019 10:34 AM
Hi,
I've set up a LAC with no l2tp tunnel authentication but I'm getting a challenge in the SCCRQ at the LNS.
lac conf..
vpdn enable
!
vpdn-group 1
request-dialin
protocol l2tp
no l2tp tunnel authentication
LAC is a 7206xvr running 12.2(8) ZB8
lns debug...
4w2d: Tnl 91 L2TP: GOt a challenge in SCCRQ, model-pdsn
any help would be appreciated,
cheers
paul
09-25-2003 06:46 AM
Do you see the LAC send the challenge in the LAC debug ?
Daniel
09-25-2003 02:57 PM
yes...
also noticed that changing the local name in the LAC config has no effect...the hostname is always seen in the LNS debug as the source of the SCCRQ.
When i change the local name in the LNS the changes are seen in the LAC debug as expected.
09-26-2003 05:35 AM
Thats very strange. If you are running Cisco LNS, and LAC I would recommend trying to run L2F as the protocol instead of L2TP. It essentially works the same way. And if the behavior is still the same I would recommend opening a TAC case for this. The LAC is not behaving appropriately.
Daniel
09-29-2003 12:48 AM
thanks for the advice...I've now opened a case..
I've found that nothing within the vpdn-group has any effect, in the end I used radius to assign tunnel password. I can't use l2f as the LAC could be tunelling to non-Cisco LNSs within our core network...
cheers
paul
01-15-2004 02:08 AM
Hello,
I have also noticed this in 12.2(15)T7. Has this been acknowledged by TAC?
Jan
01-15-2004 11:09 AM
Hi,
I've since found that if you use radius authorisation it overrides anything in the vpdn-group. As we use Radius to get the tunnel endpoint the vpdn-group settings are not used. Unfortunately there is no Cisco AVP that you can send to disable tunnel authentication via RADIUS so I've been told by tac. Therefore it appears that if you use RADIUS then you MUST use tunnel Authentication.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: