Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

radius l2tp

Hi all,

I am trying to set up a radius-based l2tp. I am using freeradius. What is the best way to implement this. I have read a bit of the documentation on the cisco website, some are using Tunnel-Type, Tunnel-Medium etc. While some are using "cisco-avpair=".

I have actually used the 2 methods but, the server (LNS) is not assigning ip address. which is better method to use ?

LAC (IOS) = 12.1(11)

LNS (IOS) = 12.2(3)

RADIUS = FreeRADIUS

Thanks,

2 REPLIES
New Member

Re: radius l2tp

Hi,

I would suggest you to use the cisco av-pair to create the l2tp tunnel.

http://www.cisco.com/warp/public/480/l2tprad.html

Thanks

Sujit

New Member

Re: radius l2tp

Hi sghosh,

Thanks, but can pls take a look at this debug msg. I can't figure out where the problem is.

LAC: ....

Jun 3 16:55:16.672: As124 VPDN: Forwarding...

Jun 3 16:55:16.672: AAA: parse name=Async124 idb type=10 tty=124

Jun 3 16:55:16.672: AAA: name=Async124 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=124 channel=0

Jun 3 16:55:16.672: AAA: parse name=Serial0:0 idb type=13 tty=-1

Jun 3 16:55:16.672: AAA: name=Serial0:0 flags=0x51 type=1 shelf=0 slot=0 adapter=0 port=0 channel=0

Jun 3 16:55:16.672: AAA/MEMORY: create_user (0x62926444) user='esat@mcos.ie' ruser='' port='Async124' rem_add

r='14326475/012437535' authen_type=CHAP service=PPP priv=1

Jun 3 16:55:16.672: As124 AAA/DISC: 1/"User Request"

Jun 3 16:55:16.672: As124 AAA/DISC/EXT: 1020/"User Request"

Jun 3 16:55:16.672: As124 VPDN: Bind interface direction=1

Jun 3 16:55:16.672: Tnl/Cl 45079/53 L2TP: Session FS enabled

Jun 3 16:55:16.672: Tnl/Cl 45079/53 L2TP: Session state change from idle to wait-for-tunnel

Jun 3 16:55:16.672: As124 Tnl/Cl 45079/53 L2TP: Create session

Jun 3 16:55:16.672: Tnl 45079 L2TP: SM State established

Jun 3 16:55:16.672: As124 Tnl/Cl 45079/53 L2TP: O ICRQ to MC_Blackrock 43363/0

Jun 3 16:55:16.676: As124 Tnl/Cl 45079/53 L2TP: Session state change from wait-for-tunnel to wait-reply

Jun 3 16:55:16.676: As124 VPDN: esat@mcos.ie is forwarded

Jun 3 16:55:16.692: As124 Tnl/Cl 45079/53 L2TP: O ICCN to MC_Blackrock 43363/649

Jun 3 16:55:16.692: As124 Tnl/Cl 45079/53 L2TP: Session state change from wait-reply to established

Jun 3 16:55:17.676: %LINEPROTO-5-UPDOWN: Line protocol on Interface Async124, changed state to up

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: Result code(2): 2: Call disconnected, refer to error msg

Jun 3 16:55:21.132: Error code(6): Vendor specific

Jun 3 16:55:21.132: Optional msg: Disconnect from PPP

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: I CDN from MC_Blackrock tnl 43363, cl 649

Jun 3 16:55:21.132: Async124 AAA/DISC: 18/"Host Request"

Jun 3 16:55:21.132: Async124 AAA/DISC/EXT: 1028/"Host Request"

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: Destroying session

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: Session state change from established to idle

Jun 3 16:55:21.132: As124 Tnl/Cl 45079/53 L2TP: VPDN: Releasing idb for LAC/LNS tunnel 45079/43363 session 53

state idle

Jun 3 16:55:21.132: Tnl 45079 L2TP: Tunnel state change from established to no-sessions-left

Jun 3 16:55:21.132: Tnl 45079 L2TP: No more sessions in tunnel, shutdown (likely) in 15 seconds

Jun 3 16:55:23.132: %LINK-3-UPDOWN: Interface Async124, changed state to down

Jun 3 16:55:23.132: As124 VPDN: Reset

Jun 3 16:55:23.132: Async124 AAA/DISC: 2/"Lost Carrier"

Jun 3 16:55:23.132: Async124 AAA/DISC/EXT: 1011/"Lost Carrier"

Jun 3 16:55:23.132: As124 PPP: Phase is TERMINATING

Jun 3 16:55:23.132: As124 LCP: State is Closed

Jun 3 16:55:23.132: As124 PPP: Phase is DOWN

Jun 3 16:55:23.132: As124 VPDN: Cleanup

Jun 3 16:55:23.132: As124 VPDN: Reset

Jun 3 16:55:23.132: As124 VPDN: Unbind interface

Jun 3 16:55:23.132: Async124 AAA/DISC: 2/"Lost Carrier"

Jun 3 16:55:23.132: Async124 AAA/DISC/EXT: 1011/"Lost Carrier"

Jun 3 16:55:23.400: %ISDN-6-DISCONNECT: Interface Serial0:0 disconnected from 14326475 , call lasted 72 seco

nds

...........

LNS: ....

un 3 17:55:16.662: L2TP: I SCCRQ from New_mip_ras tnl 45079

Jun 3 17:55:16.666: L2X: Cannot use source-ip 212.2.160.43 which is not one of our addresses.

Jun 3 17:55:16.666: Tnl 43363 L2TP: Got a challenge in SCCRQ, New_mip_ras

Jun 3 17:55:16.666: Tnl 43363 L2TP: New tunnel created for remote New_mip_ras, address 212.2.160.43

Jun 3 17:55:16.666: Tnl 43363 L2TP: O SCCRP to New_mip_ras tnlid 45079

Jun 3 17:55:16.670: Tnl 43363 L2TP: Tunnel state change from idle to wait-ctl-reply

Jun 3 17:55:16.682: Tnl 43363 L2TP: I SCCCN from New_mip_ras tnl 45079

Jun 3 17:55:16.686: Tnl 43363 L2TP: Got a Challenge Response in SCCCN from New_mip_ras

Jun 3 17:55:16.686: Tnl 43363 L2TP: Tunnel Authentication success

Jun 3 17:55:16.686: Tnl 43363 L2TP: Tunnel state change from wait-ctl-reply to established

Jun 3 17:55:16.686: Tnl 43363 L2TP: SM State established

Jun 3 17:55:16.690: Tnl 43363 L2TP: I ICRQ from New_mip_ras tnl 45079

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: Session FS enabled

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: Session state change from idle to wait-connect

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: New session created

Jun 3 17:55:16.690: Tnl/Cl 43363/649 L2TP: O ICRP to New_mip_ras 45079/53

Jun 3 17:55:16.706: Tnl/Cl 43363/649 L2TP: I ICCN from New_mip_ras tnl 45079, cl 53

Jun 3 17:55:16.706: Tnl/Cl 43363/649 L2TP: Session state change from wait-connect to established

Jun 3 17:55:16.706: Vi3 VPDN: Virtual interface created for esat@mcos.ie

Jun 3 17:55:16.706: Vi3 VPDN: Set to Async interface

Jun 3 17:55:16.710: Vi3 PPP: Phase is DOWN, Setup [0 sess, 0 load]

Jun 3 17:55:16.710: Vi3 VPDN: Clone from Vtemplate 2 filterPPP=0 blocking

Jun 3 17:55:17.106: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up

Jun 3 17:55:17.110: Vi3 PPP: Using set call direction

Jun 3 17:55:17.110: Vi3 PPP: Treating connection as a callin

Jun 3 17:55:17.110: Vi3 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

Jun 3 17:55:17.110: Vi3 LCP: State is Listen

Jun 3 17:55:17.110: Vi3 VPDN: Bind interface direction=2

Jun 3 17:55:17.110: Vi3 LCP: I FORCED CONFREQ len 20

Jun 3 17:55:17.110: Vi3 LCP: ACCM 0x000A0000 (0x0206000A0000)

Jun 3 17:55:17.114: Vi3 LCP: AuthProto PAP (0x0304C023)

Jun 3 17:55:17.114: Vi3 LCP: MagicNumber 0x486999BA (0x0506486999BA)

Jun 3 17:55:17.114: Vi3 LCP: PFC (0x0702)

Jun 3 17:55:17.114: Vi3 LCP: ACFC (0x0802)

Jun 3 17:55:17.114: Vi3 VPDN: PPP LCP accepted rcv CONFACK

Jun 3 17:55:17.114: Vi3 LCP: I FORCED CONFACK len 39

Jun 3 17:55:17.114: Vi3 LCP: ACCM 0x00000000 (0x020600000000)

Jun 3 17:55:17.114: Vi3 LCP: MagicNumber 0x4F6070A8 (0x05064F6070A8)

Jun 3 17:55:17.118: Vi3 LCP: PFC (0x0702)

Jun 3 17:55:17.118: Vi3 LCP: ACFC (0x0802)

Jun 3 17:55:17.118: Vi3 LCP: EndpointDisc 1 Local

Jun 3 17:55:17.118: Vi3 LCP: (0x13170174BA05FB327B40A69BB4697FD0)

Jun 3 17:55:17.118: Vi3 LCP: (0xEC9FA400000000)

Jun 3 17:55:17.118: Vi3 VPDN: PPP LCP accepted sent CONFACK

Jun 3 17:55:17.118: Vi3 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load]

Jun 3 17:55:17.122: Vi3 PAP: I AUTH-REQ id 103 len 22 from "esat@mcos.ie"

Jun 3 17:55:17.122: VPDN/AAA: Yield to directed-request user 'esat@mcos.ie'

Jun 3 17:55:17.122: Vi3 PAP: Authenticating peer esat@mcos.ie

Jun 3 17:55:17.122: AAA: parse name=Virtual-Access3 idb type=21 tty=-1

Jun 3 17:55:17.126: AAA: name=Virtual-Access3 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=3 channel=0

Jun 3 17:55:17.126: AAA/MEMORY: create_user (0x82089E14) user='esat@mcos.ie' ruser='NULL' port='Virtual-Acces

s3' rem_addr='14326475/012437535' authen_type=PAP service=PPP priv=1 initial_task_id='0'

Jun 3 17:55:17.126: AAA/AUTHEN/START (301809678): port='Virtual-Access3' list='vpdn' action=LOGIN service=PPP

Jun 3 17:55:17.126: AAA/AUTHEN/START (301809678): found list vpdn

Jun 3 17:55:17.126: AAA/AUTHEN/START (301809678): Method=LOCAL

Jun 3 17:55:17.126: AAA/AUTHEN (301809678): status = FAIL

Jun 3 17:55:17.126: Vi3 PAP: O AUTH-NAK id 103 len 32 msg is "Password validation failure"

Jun 3 17:55:17.130: Vi3 AAA/AUTHOR: Duplicate per-user event LCP_DOWN ignored

Jun 3 17:55:17.130: Vi3 PPP: Phase is TERMINATING [0 sess, 0 load]

Jun 3 17:55:17.130: Vi3 LCP: O TERMREQ [Open] id 1 len 4

Jun 3 17:55:17.130: AAA/MEMORY: free_user (0x82089E14) user='esat@mcos.ie' ruser='NULL' port='Virtual-Access3

' rem_addr='14326475/012437535' authen_type=PAP service=PPP priv=1

Jun 3 17:55:19.130: Vi3 LCP: TIMEout: State TERMsent

Jun 3 17:55:19.130: Vi3 LCP: O TERMREQ [TERMsent] id 2 len 4

Jun 3 17:55:21.130: Vi3 LCP: TIMEout: State TERMsent

Jun 3 17:55:21.130: Vi3 LCP: State is Closed

Jun 3 17:55:21.130: Vi3 PPP: Phase is DOWN [0 sess, 0 load]

Jun 3 17:55:21.130: Vi3 VPDN: Cleanup

Jun 3 17:55:21.130: Vi3 VPDN: Reset

Jun 3 17:55:21.130: Vi3 Tnl/Cl 43363/649 L2TP: O CDN to New_mip_ras 45079/53

Jun 3 17:55:21.134: Vi3 Tnl/Cl 43363/649 L2TP: Destroying session

Jun 3 17:55:21.134: Vi3 Tnl/Cl 43363/649 L2TP: Session state change from established to idle

Jun 3 17:55:21.134: Vi3 Tnl/Cl 43363/649 L2TP: Releasing idb for LAC/LNS tunnel 43363/45079 session 649 state

idle

Jun 3 17:55:21.134: Vi3 VPDN: Reset

Jun 3 17:55:21.134: Tnl 43363 L2TP: Tunnel state change from established to no-sessions-left

Jun 3 17:55:21.134: Tnl 43363 L2TP: No more sessions in tunnel, shutdown (likely) in 10 seconds

Jun 3 17:55:21.138: Vi3 VPDN: Unbind interface

Jun 3 17:55:21.138: Vi3 VPDN: Unbind interface

Jun 3 17:55:21.138: Vi3 VPDN: Reset

Jun 3 17:55:21.138: Vi3 VPDN: Unbind interface

Jun 3 17:55:21.138: Vi3 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]

Jun 3 17:55:21.138: Vi3 LCP: State is Listen

Jun 3 17:55:21.138: Vi3 PPP: No remote authentication for call-in

Jun 3 17:55:21.342: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down

Jun 3 17:55:21.342: Vi3 LCP: State is Closed

Jun 3 17:55:21.342: Vi3 PPP: Phase is DOWN [0 sess, 0 load]

Jun 3 17:55:31.138: Tnl 43363 L2TP: O StopCCN to New_mip_ras tnlid 45079

Jun 3 17:55:31.138: Tnl 43363 L2TP: Tunnel state change from no-sessions-left to shutting-down

Jun 3 17:55:31.146: Tnl 43363 L2TP: Shutdown tunnel

......

Thanks.

Gbenga

291
Views
0
Helpful
2
Replies
CreatePlease login to create content