Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1812
Views
0
Helpful
2
Replies

radius l2tp

sogbetuno
Level 1
Level 1

‎05-27-2003 05:57 AM - edited ‎03-10-2019 07:19 AM

Hi all,

I am trying to set up a radius-based l2tp. I am using freeradius. What is the best way to implement this. I have read a bit of the documentation on the cisco website, some are using Tunnel-Type, Tunnel-Medium etc. While some are using "cisco-avpair=".

I have actually used the 2 methods but, the server (LNS) is not assigning ip address. which is better method to use ?

LAC (IOS) = 12.1(11)

LNS (IOS) = 12.2(3)

RADIUS = FreeRADIUS

Thanks,

Labels:
0 Helpful
2 Replies 2

sghosh
Level 1
Level 1

‎05-28-2003 11:57 AM

Hi,

I would suggest you to use the cisco av-pair to create the l2tp tunnel.

http://www.cisco.com/warp/public/480/l2tprad.html

Thanks

Sujit

0 Helpful

sogbetuno
Level 1
Level 1
In response to sghosh

‎06-03-2003 09:08 AM

Hi sghosh,

Thanks, but can pls take a look at this debug msg. I can't figure out where the problem is.

LAC: ....

Jun 3 16:55:16.672: As124 VPDN: Forwarding...

Jun 3 16:55:16.672: AAA: parse name=Async124 idb type=10 tty=124

Jun 3 16:55:16.672: AAA: name=Async124 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=124 channel=0

Jun 3 16:55:16.672: AAA: parse name=Serial0:0 idb type=13 tty=-1

Jun 3 16:55:16.672: AAA: name=Serial0:0 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=0

Jun 3 16:55:16.672: AAA/MEMORY: create_user (0x62926444) user='esat@mcos.ie' ruser='' port='Async124' rem_add

r='14326475/012437535' authen_type=CHAP service=PPP priv=1

Jun 3 16:55:16.672: As124 AAA/DISC: 1/"User Request"

Jun 3 16:55:16.672: As124 AAA/DISC/EXT: 1020/"User Request"

Jun 3 16:55:16.672: As124 VPDN: Bind interface direction=1

Jun 3 16:55:16.672: Tnl/Cl 45079/53 L2TP: Session FS enabled

Jun 3 16:55:16.672: Tnl/Cl 45079/53 L2TP: Session state change from idle to wait-for-tunnel

Jun 3 16:55:16.672: As124 Tnl/Cl 45079/53 L2TP: Create session

Jun 3 16:55:16.672: Tnl 45079 L2TP: SM State established

Jun 3 16:55:16.672: As124 Tnl/Cl 45079/53 L2TP: O ICRQ to MC_Blackrock 43363/0

Jun 3 16:55:16.676: As124 Tnl/Cl 45079/53 L2TP: Session state change from wait-for-tunnel to wait-reply

Jun 3 16:55:16.676: As124 VPDN: esat@mcos.ie is forwarded

Jun 3 16:55:16.692: As124 Tnl/Cl 45079/53 L2TP: O ICCN to MC_Blackrock 43363/649

Jun 3 16:55:16.692: As124 Tnl/Cl 45079/53 L2TP: Session state change from wait-reply to established

Jun 3 16:55:17.676: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async124, changed state to up

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: Result code(2): 2: Call disconnected, refer to error msg

Jun 3 16:55:21.132: Error code(6): Vendor specific

Jun 3 16:55:21.132: Optional msg: Disconnect from PPP

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: I CDN from MC_Blackrock tnl 43363, cl 649

Jun 3 16:55:21.132: Async124 AAA/DISC: 18/"Host Request"

Jun 3 16:55:21.132: Async124 AAA/DISC/EXT: 1028/"Host Request"

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: Destroying session

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: Session state change from established to idle

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: VPDN: Releasing idb for LAC/LNS tunnel 45079/43363 session 53

state idle

Jun 3 16:55:21.132: Tnl 45079 L2TP: Tunnel state change from established to no-sessions-left

Jun 3 16:55:21.132: Tnl 45079 L2TP: No more sessions in tunnel, shutdown (likely) in 15 seconds

Jun 3 16:55:23.132: %LINK-3-UPDOWN: Interface Async124, changed state to down

Jun 3 16:55:23.132: As124 VPDN: Reset

Jun 3 16:55:23.132: Async124 AAA/DISC: 2/"Lost Carrier"

Jun 3 16:55:23.132: Async124 AAA/DISC/EXT: 1011/"Lost Carrier"

Jun 3 16:55:23.132: As124 PPP: Phase is TERMINATING

Jun 3 16:55:23.132: As124 LCP: State is Closed

Jun 3 16:55:23.132: As124 PPP: Phase is DOWN

Jun 3 16:55:23.132: As124 VPDN: Cleanup

Jun 3 16:55:23.132: As124 VPDN: Reset

Jun 3 16:55:23.132: As124 VPDN: Unbind interface

Jun 3 16:55:23.132: Async124 AAA/DISC: 2/"Lost Carrier"

Jun 3 16:55:23.132: Async124 AAA/DISC/EXT: 1011/"Lost Carrier"

Jun 3 16:55:23.400: %ISDN-6-DISCONNECT: Interface Serial0:0 disconnected from 14326475 , call lasted 72 seco

nds

...........

LNS: ....

un 3 17:55:16.662: L2TP: I SCCRQ from New_mip_ras tnl 45079

Jun 3 17:55:16.666: L2X: Cannot use source-ip 212.2.160.43 which is not one of our addresses.

Jun 3 17:55:16.666: Tnl 43363 L2TP: Got a challenge in SCCRQ, New_mip_ras

Jun 3 17:55:16.666: Tnl 43363 L2TP: New tunnel created for remote New_mip_ras, address 212.2.160.43

Jun 3 17:55:16.666: Tnl 43363 L2TP: O SCCRP to New_mip_ras tnlid 45079

Jun 3 17:55:16.670: Tnl 43363 L2TP: Tunnel state change from idle to wait-ctl-reply

Jun 3 17:55:16.682: Tnl 43363 L2TP: I SCCCN from New_mip_ras tnl 45079

Jun 3 17:55:16.686: Tnl 43363 L2TP: Got a Challenge Response in SCCCN from New_mip_ras

Jun 3 17:55:16.686: Tnl 43363 L2TP: Tunnel Authentication success

Jun 3 17:55:16.686: Tnl 43363 L2TP: Tunnel state change from wait-ctl-reply to established

Jun 3 17:55:16.686: Tnl 43363 L2TP: SM State established

Jun 3 17:55:16.690: Tnl 43363 L2TP: I ICRQ from New_mip_ras tnl 45079

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: Session FS enabled

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: Session state change from idle to wait-connect

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: New session created

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: O ICRP to New_mip_ras 45079/53

Jun 3 17:55:16.706: Tnl/Cl 43363/649 L2TP: I ICCN from New_mip_ras tnl 45079, cl 53

Jun 3 17:55:16.706: Tnl/Cl 43363/649 L2TP: Session state change from wait-connect to established

Jun 3 17:55:16.706: Vi3 VPDN: Virtual interface created for esat@mcos.ie

Jun 3 17:55:16.706: Vi3 VPDN: Set to Async interface

Jun 3 17:55:16.710: Vi3 PPP: Phase is DOWN, Setup [0 sess, 0 load]

Jun 3 17:55:16.710: Vi3 VPDN: Clone from Vtemplate 2 filterPPP=0 blocking

Jun 3 17:55:17.106: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up

Jun 3 17:55:17.110: Vi3 PPP: Using set call direction

Jun 3 17:55:17.110: Vi3 PPP: Treating connection as a callin

Jun 3 17:55:17.110: Vi3 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

Jun 3 17:55:17.110: Vi3 LCP: State is Listen

Jun 3 17:55:17.110: Vi3 VPDN: Bind interface direction=2

Jun 3 17:55:17.110: Vi3 LCP: I FORCED CONFREQ len 20

Jun 3 17:55:17.110: Vi3 LCP: ACCM 0x000A0000 (0x0206000A0000)

Jun 3 17:55:17.114: Vi3 LCP: AuthProto PAP (0x0304C023)

Jun 3 17:55:17.114: Vi3 LCP: MagicNumber 0x486999BA (0x0506486999BA)

Jun 3 17:55:17.114: Vi3 LCP: PFC (0x0702)

Jun 3 17:55:17.114: Vi3 LCP: ACFC (0x0802)

Jun 3 17:55:17.114: Vi3 VPDN: PPP LCP accepted rcv CONFACK

Jun 3 17:55:17.114: Vi3 LCP: I FORCED CONFACK len 39

Jun 3 17:55:17.114: Vi3 LCP: ACCM 0x00000000 (0x020600000000)

Jun 3 17:55:17.114: Vi3 LCP: MagicNumber 0x4F6070A8 (0x05064F6070A8)

Jun 3 17:55:17.118: Vi3 LCP: PFC (0x0702)

Jun 3 17:55:17.118: Vi3 LCP: ACFC (0x0802)

Jun 3 17:55:17.118: Vi3 LCP: EndpointDisc 1 Local

Jun 3 17:55:17.118: Vi3 LCP: (0x13170174BA05FB327B40A69BB4697FD0)

Jun 3 17:55:17.118: Vi3 LCP: (0xEC9FA400000000)

Jun 3 17:55:17.118: Vi3 VPDN: PPP LCP accepted sent CONFACK

Jun 3 17:55:17.118: Vi3 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load]

Jun 3 17:55:17.122: Vi3 PAP: I AUTH-REQ id 103 len 22 from "esat@mcos.ie"

Jun 3 17:55:17.122: VPDN/AAA: Yield to directed-request user 'esat@mcos.ie'

Jun 3 17:55:17.122: Vi3 PAP: Authenticating peer esat@mcos.ie

Jun 3 17:55:17.122: AAA: parse name=Virtual-Access3 idb type=21 tty=-1

Jun 3 17:55:17.126: AAA: name=Virtual-Access3 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=3 channel=0

Jun 3 17:55:17.126: AAA/MEMORY: create_user (0x82089E14) user='esat@mcos.ie' ruser='NULL' port='Virtual-Acces

s3' rem_addr='14326475/012437535' authen_type=PAP service=PPP priv=1 initial_task_id='0'

Jun 3 17:55:17.126: AAA/AUTHEN/START (301809678): port='Virtual-Access3' list='vpdn' action=LOGIN service=PPP

Jun 3 17:55:17.126: AAA/AUTHEN/START (301809678): found list vpdn

Jun 3 17:55:17.126: AAA/AUTHEN/START (301809678): Method=LOCAL

Jun 3 17:55:17.126: AAA/AUTHEN (301809678): status = FAIL

Jun 3 17:55:17.126: Vi3 PAP: O AUTH-NAK id 103 len 32 msg is "Password validation failure"

Jun 3 17:55:17.130: Vi3 AAA/AUTHOR: Duplicate per-user event LCP_DOWN ignored

Jun 3 17:55:17.130: Vi3 PPP: Phase is TERMINATING [0 sess, 0 load]

Jun 3 17:55:17.130: Vi3 LCP: O TERMREQ [Open] id 1 len 4

Jun 3 17:55:17.130: AAA/MEMORY: free_user (0x82089E14) user='esat@mcos.ie' ruser='NULL' port='Virtual-Access3

' rem_addr='14326475/012437535' authen_type=PAP service=PPP priv=1

Jun 3 17:55:19.130: Vi3 LCP: TIMEout: State TERMsent

Jun 3 17:55:19.130: Vi3 LCP: O TERMREQ [TERMsent] id 2 len 4

Jun 3 17:55:21.130: Vi3 LCP: TIMEout: State TERMsent

Jun 3 17:55:21.130: Vi3 LCP: State is Closed

Jun 3 17:55:21.130: Vi3 PPP: Phase is DOWN [0 sess, 0 load]

Jun 3 17:55:21.130: Vi3 VPDN: Cleanup

Jun 3 17:55:21.130: Vi3 VPDN: Reset

Jun 3 17:55:21.130: Vi3 Tnl/Cl 43363/649 L2TP: O CDN to New_mip_ras 45079/53

Jun 3 17:55:21.134: Vi3 Tnl/Cl 43363/649 L2TP: Destroying session

Jun 3 17:55:21.134: Vi3 Tnl/Cl 43363/649 L2TP: Session state change from established to idle

Jun 3 17:55:21.134: Vi3 Tnl/Cl 43363/649 L2TP: Releasing idb for LAC/LNS tunnel 43363/45079 session 649 state

idle

Jun 3 17:55:21.134: Vi3 VPDN: Reset

Jun 3 17:55:21.134: Tnl 43363 L2TP: Tunnel state change from established to no-sessions-left

Jun 3 17:55:21.134: Tnl 43363 L2TP: No more sessions in tunnel, shutdown (likely) in 10 seconds

Jun 3 17:55:21.138: Vi3 VPDN: Unbind interface

Jun 3 17:55:21.138: Vi3 VPDN: Unbind interface

Jun 3 17:55:21.138: Vi3 VPDN: Reset

Jun 3 17:55:21.138: Vi3 VPDN: Unbind interface

Jun 3 17:55:21.138: Vi3 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

Jun 3 17:55:21.138: Vi3 LCP: State is Listen

Jun 3 17:55:21.138: Vi3 PPP: No remote authentication for call-in

Jun 3 17:55:21.342: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down

Jun 3 17:55:21.342: Vi3 LCP: State is Closed

Jun 3 17:55:21.342: Vi3 PPP: Phase is DOWN [0 sess, 0 load]

Jun 3 17:55:31.138: Tnl 43363 L2TP: O StopCCN to New_mip_ras tnlid 45079

Jun 3 17:55:31.138: Tnl 43363 L2TP: Tunnel state change from no-sessions-left to shutting-down

Jun 3 17:55:31.146: Tnl 43363 L2TP: Shutdown tunnel

......

Thanks.

Gbenga

0 Helpful
Customers Also Viewed These Support Documents