cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
38218
Views
0
Helpful
1
Comments
tepatel
Cisco Employee
Cisco Employee

Introduction:

This document talks about the LNS configuration and troubleshooting which terminates PPP connection from PPPoE client over L2TP.

For PPPoE client configuration, visit

https://supportforums.cisco.com/docs/DOC-6050

For LAC configuration and troubleshooting, visit

https://supportforums.cisco.com/docs/DOC-6101

In this setup, if any user comes in with cisco.com as a domain name as a part of the username ( for exa. ParamPreet@cisco.com) , it will be tunneled to LNS via L2TP. Users with username other than using cisco.com as a domain name will be terminated locally on this router as a LAC.

Topology:

pppoe-l2tp.gif

   

C10K#sh run

Building configuration...

Current configuration : 14917 bytes

!

<snip>

aaa new-model

!

!

aaa authentication ppp default local

! Local database to be used for authentication

aaa authorization network default none

! Local authorization to be used

aaa session-id common

ip subnet-zero

no ip domain lookup

!

vpdn enable

!

vpdn-group LNS

! VPDN group config to terminate tunnel from LAC

accept-dialin

! To configure the router as LNS/HGW

  protocol l2tp

! Tunnel protocol is L2TP

  virtual-template 1

! Interface on which  PPP users will be terminated

terminate-from hostname LAC

source-ip 172.16.167.54

local name LNS

l2tp tunnel password 0 cisco

!Username and password to be used for tunnel authentication

!

!

redundancy

username cisco password 0 cisco

username C2821-CPE password 0 cisco

username ParamPreet@cisco.com password 0 cisco

username ASR1006 password 0 cisco

username LAC password 0 cisco

username LNS password 0 cisco

!

!

!

!

!        

interface Loopback0

ip address 20.20.20.1 255.255.255.0

!

interface Loopback1

no ip address

!

interface FastEthernet0/0/0

ip address 172.16.167.54 255.255.255.224

duplex full

speed 100

!

!

<snip>

interface Virtual-Template1

! Interaface on which incoming user PPP session will be terminated

ip unnumbered Loopback0

peer default ip address pool PPPoE-POOL

! Ip address pool from which the ip address will be allocated to the PPP users

ppp authentication chap callin

ppp timeout idle 600 either

!

ip local pool PPPoE-POOL 20.20.20.2 20.20.20.254

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.167.33

no ip http server

no ip http secure-server

!

!

!

cdp run

nls resp-timeout 1

cpd cr-id 1

!

!

line con 0

!

line aux 0

privilege level 15

password cisco

line vty 0 4

exec-timeout 60 0

privilege level 15

password cisco

logging synchronous

line vty 5 10

exec-timeout 60 0

privilege level 15

password cisco

logging synchronous

!

end

vpdn-steps.gif

  1. The      client calls/connects the LAC (typically using PPPoE/ATM , modem or an      ISDN card).
  2. The      client and the LAC starts the PPP phase by negotiating the LCP options      (authentication method Password Authentication Protocol [PAP] or Challenge      Handshake Authentication Protocol [CHAP], PPP multilink, compression, and      so on).
  3. Let's      suppose that CHAP has been negotiated in step 2. The LAC sends a CHAP      challenge to the client.
  4. The      LAC gets a response (for instance username@DomainName and password).
  5. Based      on the domain name received in the CHAP response or the Dialed Number      Information Service (DNIS) received in the ISDN setup message, the LAC      checks whether the client is a VPDN/L2TP user. It does this by using its      local VPDN configuration or contacting an Authentication, Authorization,      and Accounting (AAA) server.
  6. Because      the client is a VPDN user, the LAC gets some information (from its local      VPDN configuration or from an AAA server) that it uses to bring up a L2TP  tunnel with the LNS.
  7. The      LAC brings up a L2TP tunnel with the LNS.
  8. Based      on the name received in the request from the LAC, the LNS checks if the      LAC is allowed to open a tunnel (the LNS checks its local VPDN      configuration). Moreover, the LAC and the LNS authenticate each other      (they use their local database or contact an AAA server). The Tunnel is      then up between both devices. In this tunnel, several VPDN sessions can be      carried.
  9. For      the client username@DomainName, a VPDN session is triggered from the LAC      to the LNS. There is one VPDN session per client.
  10. The      LAC forwards the LCP options it has negotiated to the LNS with the client      along with the username@DomainName and password received from the client.
  11. The      LNS clones a virtual-access from a virtual-template specified in the VPDN      configuration. The LNS takes the LCP options received from the LAC and      authenticate the client locally or by contacting the AAA server.
  12. The      LNS sends a CHAP response to the client.
  13. The      IP Control Protocol (IPCP) phase is performed and then the route is      installed: the PPP session is up and running between the client and the      LNS. The LAC just forwards the PPP frames. The PPP frames are tunneled      between the LAC and the LNS.

Tunnel setup messages along with user session setup messages that are being exchanged between LAC and LNS.

vpdn_20980c.gif

The LAC decides that a tunnel must be initiated from the LAC to the LNS.

1.     The LAC sends a Start-Control-Connection-Request (SCCRQ). A CHAP challenge and AV Pairs are included in this message.

2.     The LNS responds with a Start-Control-Connection-Reply (SCCRP). A CHAP challenge, the response to LAC's challenge and AV Pairs are included in this message.

3.     The LAC sends a Start-Control-Connection-Connected (SCCCN). The CHAP response is included in this message.

4.     The LNS responds with a Zero-Length Body Acknowledgement (ZLB ACK). That acknowledgement may be carried in another message. The tunnel is up.

5.     The LAC sends an Incoming-Call-Request (ICRQ) to the LNS.

6.     The LNS responds with an Incoming-Call-Reply (ICRP) message.

7.     The LAC sends an Incoming-Call-Connected (ICCN).

8.     The LNS responds back with a ZLB ACK. That acknowledgement may also be carried in another message.

9.     The session is up.

Note: The messages above used for opening a tunnel or a session carry Attribute Value Pairs (AVPs) defined in RFC 2661. They describe properties and information (such as Bearercap, hostname, vendor name and window size). Some AV pairs are mandatory and others are optional.

Note: A Tunnel ID is used to multiplex and demultiplex tunnels between the LAC and LNS. A session ID is used to identify a particular session with the tunnel.

For L2F, the setup for tunneling a PPP session is the same as for L2TP. It involves:

1.     Establishing a tunnel between the NAS and the Home Gateway. This phase takes place only when there is no active tunnel between both devices.

2.     Establishing a session between the NAS and the Home Gateway.

C10K#sh debug

General OS:

  AAA Authentication debugging is on

  AAA Authorization debugging is on

PPP:

  PPP authentication debugging is on

  PPP protocol negotiation debugging is on

VPN:

  L2X protocol events debugging is on

  L2X control packets debugging is on

  L2X protocol errors debugging is on

  VPDN events debugging is on

  VPDN errors debugging is on

  VPDN packet debugging is on

*Sep 20 21:26:34.343: AAA/BIND(00000006): Bind i/f 

*Sep 20 21:26:34.343: AAA/AUTHEN/LOGIN (00000006): Pick method list 'Permanent Local'

C10K#

*Sep 20 21:26:36.355: AAA/AUTHOR (00000006): Method list id=0 not configured. Skip author

C10K#

*Sep 20 21:27:14.643: VPDN FS From tunnel: Received 184 byte pak

*Sep 20 21:27:14.643: VPDN FS From tunnel: Pak consumed

*Sep 20 21:27:14.643: L2X: Parse  AVP 0, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.643: L2X: Parse SCCRQ

*Sep 20 21:27:14.643: L2X: Parse  AVP 2, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.643: L2X: Protocol Ver 256

*Sep 20 21:27:14.643: L2X: Parse  AVP 3, len 10, flag 0x8000 (M)

*Sep 20 21:27:14.643: L2X: Framing Cap 0x0

*Sep 20 21:27:14.643: L2X: Parse  AVP 6, len 8, flag 0x0

*Sep 20 21:27:14.643: L2X: Firmware Ver 0x1130

*Sep 20 21:27:14.643: L2X: Parse  AVP 7, len 9, flag 0x8000 (M)

*Sep 20 21:27:14.643: L2X: Hostname LAC

*Sep 20 21:27:14.643: L2X: Parse  AVP 8, len 25, flag 0x0

*Sep 20 21:27:14.643: L2X: Vendor Name Cisco Systems, Inc.

*Sep 20 21:27:14.643: L2X: Parse  AVP 9, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.643: L2X: Assigned Tunnel ID 16382

*Sep 20 21:27:14.643: L2X: Parse  AVP 10, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.643: L2X: Rx Window Size 1024

*Sep 20 21:27:14.643: L2X: Parse  AVP 11, len 22, flag 0x8000 (M)

*Sep 20 21:27:14.643: L2X: Chlng 

            2F 57 56 FD 44 73 5E 0A 7F 6F 53 8C 0D 24 ED F2

*Sep 20 21:27:14.643: L2X: Parse  AVP 56, len 6, flag 0x0

*Sep 20 21:27:14.643: L2X: Unknown  AVP 56 in CM SCCRQ

*Sep 20 21:27:14.643: L2X: Ignoring unknown  AVP 56

*Sep 20 21:27:14.643: L2X: Unknown AVP found during length verification. AVP is 56, vendor code is 0, len is 6

*Sep 20 21:27:14.643: L2X: Ignoring unknown  AVP 56

*Sep 20 21:27:14.643: L2X: Parse  AVP 57, len 6, flag 0x0

*Sep 20 21:27:14.643: L2X: Unknown  AVP 57 in CM SCCRQ

*Sep 20 21:27:14.643: L2X: Ignoring unknown  AVP 57

*Sep 20 21:27:14.643: L2X: Unknown AVP found during length verification. AVP is 57, vendor code is 0, len is 6

*Sep 20 21:27:14.643: L2X: Ignoring unknown  AVP 57

*Sep 20 21:27:14.643: L2X: Parse Cisco AVP 110, len 6, flag 0x0

*Sep 20 21:27:14.643: L2X: Cisco AVP 110 is not for SCCRQ

*Sep 20 21:27:14.643: L2X: Unknown AVP found during length verification. AVP is 110, vendor code is 9, len is 6

*Sep 20 21:27:14.643: L2X: Ignoring unknown Cisco AVP 110

*Sep 20 21:27:14.643: L2X: Parse Cisco AVP 111, len 6, flag 0x0

*Sep 20 21:27:14.643: L2X: Cisco AVP 111 is not for SCCRQ

*Sep 20 21:27:14.643: L2X: Unknown AVP found during length verification. AVP is 111, vendor code is 9, len is 6

*Sep 20 21:27:14.643: L2X: Ignoring unknown Cisco AVP 111

*Sep 20 21:27:14.643: L2X: No missing AVPs in SCCRQ

*Sep 20 21:27:14.643: L2X: I SCCRQ, flg TLS, ver 2, len 142, tnl 0, cl 0, ns 0, nr 0

contiguous pak, size 142

            C8 02 00 8E 00 00 00 00 00 00 00 00 80 08 00 00

            00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00

            00 03 00 00 00 00 00 08 00 00 00 06 11 30 80 09

            00 00 00 07 4C 41 43 00 19 00 00 00 08 43 69 73

            63 6F 20 53 79 73 74 65 ...

*Sep 20 21:27:14.643: L2TP: I SCCRQ from LAC tnl 16382

! SCCRQ for tunnel setup received from LAC

*Sep 20 21:27:14.643:  Tnl 8468 L2TP: Got a challenge in SCCRQ, LAC

*Sep 20 21:27:14.643:  Tnl 8468 L2TP: New tunnel created for remote LAC, address 172.16.163.48

*Sep 20 21:27:14.643:  Tnl 8468 L2TP: O SCCRP  to LAC tnlid 16382

! RSCCRP sent from LNS

*Sep 20 21:27:14.643:  Tnl 8468 L2TP: O SCCRP, flg TLS, ver 2, len 150, tnl 16382, cl 0, ns 0, nr 1

            C8 02 00 96 3F FE 00 00 00 00 00 01 80 08 00 00

            00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00

            00 03 00 00 00 00 80 0A 00 00 00 04 00 00 00 00

            00 08 00 00 00 06 11 20 80 09 00 00 00 07 4C 4E

            53 00 19 00 00 00 08 ...

*Sep 20 21:27:14.643:  Tnl 8468 L2TP: Control channel retransmit delay set to 1 seconds

*Sep 20 21:27:14.643:  Tnl 8468 L2TP: Tunnel state change from idle to wait-ctl-reply

*Sep 20 21:27:14.647: VPDN FS From tunnel: Received 84 byte pak

*Sep 20 21:27:14.647: VPDN FS From tunnel: Pak consumed

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Parse SCCCN

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Parse  AVP 13, len 22, flag 0x8000 (M)

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Chlng Resp 

            31 92 AC F1 88 35 88 2C DA 97 CA 74 3F C1 E9 4D

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: No missing AVPs in SCCCN

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: I SCCCN, flg TLS, ver 2, len 42, tnl 8468, cl 0, ns 1, nr 1

! SCCN is received from LAC to complete Tunnel authentication and setup

contiguous pak, size 42

            C8 02 00 2A 21 14 00 00 00 01 00 01 80 08 00 00

            00 00 00 03 80 16 00 00 00 0D 31 92 AC F1 88 35

            88 2C DA 97 CA 74 3F C1 E9 4D

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 16382, cl 0, ns 1, nr 2

            C8 02 00 0C 3F FE 00 00 00 01 00 02

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: I SCCCN from LAC tnl 16382

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Got a Challenge Response in SCCCN from LAC

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Tunnel Authentication success

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Tunnel state change from wait-ctl-reply to established

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: SM State established

*Sep 20 21:27:14.647: VPDN FS From tunnel: Received 105 byte pak

*Sep 20 21:27:14.647: VPDN FS From tunnel: Pak consumed

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Parse ICRQ

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Parse  AVP 14, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Assigned Call ID 25529

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Parse  AVP 15, len 10, flag 0x8000 (M)

*Sep 20 21:27:14.647:  Tnl 8468 L2TP: Serial Number -1237467294

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: Parse  AVP 18, len 10, flag 0x8000 (M)

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: Bearer Type 0

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: Parse Cisco AVP 100, len 15, flag 0x0

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: Client NAS Port 

            0F 10 09 02 03 01 00 02 9A

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: No missing AVPs in ICRQ

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: I ICRQ, flg TLS, ver 2, len 63, tnl 8468, cl 0, ns 2, nr 1

contiguous pak, size 63

            C8 02 00 3F 21 14 00 00 00 02 00 01 80 08 00 00

            00 00 00 0A 80 08 00 00 00 0E 63 B9 80 0A 00 00

            00 0F B6 3D BF 62 80 0A 00 00 00 12 00 00 00 00

            00 0F 00 09 00 64 0F 10 09 02 03 01 00 02 9A

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: I ICRQ from LAC tnl 16382

! User session information is forwarded from LAC

*Sep 20 21:27:14.651:  Tnl/Sn 8468/3 L2TP: Session FS enabled

*Sep 20 21:27:14.651:  Tnl/Sn 8468/3 L2TP: Session state change from idle to wait-connect

*Sep 20 21:27:14.651:  Tnl/Sn 8468/3 L2TP: New session created

*Sep 20 21:27:14.651:  Tnl/Sn 8468/3 L2TP: O ICRP to LAC 16382/25529

*Sep 20 21:27:14.651:  Tnl/Sn 8468/3 L2TP: O ICRP, flg TLS, ver 2, len 28, tnl 16382, cl 25529, ns 1, nr 3

            C8 02 00 1C 3F FE 63 B9 00 01 00 03 80 08 00 00

            00 00 00 0B 80 08 00 00 00 0E 00 03

*Sep 20 21:27:14.651:  Tnl 8468 L2TP: Control channel retransmit delay set to 1 seconds

*Sep 20 21:27:14.651: VPDN FS From tunnel: Received 60 byte pak

*Sep 20 21:27:14.651: VPDN FS From tunnel: Pak consumed

*Sep 20 21:27:14.655: VPDN FS From tunnel: Received 213 byte pak

*Sep 20 21:27:14.655: VPDN FS From tunnel: Pak consumed

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse ICCN

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 19, len 10, flag 0x8000 (M)

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Framing Type 1

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 24, len 10, flag 0x8000 (M)

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Connect Speed 100000000

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 27, len 21, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Last Sent LCPREQ 

            01 04 05 DC 03 05 C2 23 05 05 06 24 80 DE 05

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 28, len 12, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Last Rx LCPREQ 

            05 06 1C 3F 13 95

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 29, len 8, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Proxy Auth Type 2

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 30, len 21, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Proxy Auth Name ParamPreet@cisco.com

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 31, len 22, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Proxy Auth Chal 

            A9 09 74 32 2B C5 0C 65 C9 B8 D2 42 29 31 E9 43

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 32, len 8, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Proxy Auth ID 1

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 33, len 22, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Proxy Auth Resp 

            97 54 33 E9 B2 53 2E 42 3E 1B C9 48 14 24 FE C8

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse  AVP 38, len 10, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Rx Speed 100000000

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Parse Cisco AVP 107, len 7, flag 0x0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: Fixed CHAP Challenge ID 0

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: No missing AVPs in ICCN

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: I ICCN, flg TLS, ver 2, len 171, tnl 8468, cl 3, ns 3, nr 2

contiguous pak, size 171

            C8 02 00 AB 21 14 00 03 00 03 00 02 80 08 00 00

            00 00 00 0C 80 0A 00 00 00 13 00 00 00 01 80 0A

            00 00 00 18 05 F5 E1 00 00 15 00 00 00 1B 01 04

            05 DC 03 05 C2 23 05 05 06 24 80 DE 05 00 0C 00

            00 00 1C 05 06 1C 3F 13 ...

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 16382, cl 0, ns 2, nr 4

            C8 02 00 0C 3F FE 00 00 00 02 00 04

*Sep 20 21:27:14.655:  Tnl/Sn 8468/3 L2TP: I ICCN from LAC tnl 16382, cl 25529

*Sep 20 21:27:14.659: ParamPreet@cisco.com Tnl/Sn 8468/3 L2TP: Session state change from wait-connect to wait-for-service-selection

*Sep 20 21:27:14.659: AAA/BIND(00000007): Bind i/f Virtual-Template1

*Sep 20 21:27:14.659: AAA/AUTHOR (00000007): Method=None for method list id=00000000. Skip author

*Sep 20 21:27:14.659: ppp2 PPP: Authorization NOT required

*Sep 20 21:27:14.659: ppp2 PPP: Phase is ESTABLISHING

*Sep 20 21:27:14.659: ppp2 PPP: Send Message[Dynamic Bind Response]

*Sep 20 21:27:14.659: ppp2 LCP: I FORCED rcvd CONFACK len 15

*Sep 20 21:27:14.659: ppp2 LCP:    MRU 1500 (0x010405DC)

*Sep 20 21:27:14.659: ppp2 LCP:    AuthProto CHAP (0x0305C22305)

*Sep 20 21:27:14.659: ppp2 LCP:    MagicNumber 0x2480DE05 (0x05062480DE05)

*Sep 20 21:27:14.659: ppp2 LCP: I FORCED sent CONFACK len 6

*Sep 20 21:27:14.659: ppp2 LCP:    MagicNumber 0x1C3F1395 (0x05061C3F1395)

! Forced LCP from LNS in the event of mismatch on LCP parameters negotiated by LAC

*Sep 20 21:27:14.659: ppp2 PPP: Phase is FORWARDING, Attempting Forward

*Sep 20 21:27:14.659: ppp2 PPP: Phase is AUTHENTICATING, Unauthenticated User

*Sep 20 21:27:14.659: AAA/AUTHEN/PPP (00000007): Pick method list 'default'

*Sep 20 21:27:14.659: ppp2 PPP: Sent CHAP LOGIN Request

*Sep 20 21:27:14

C10K#.659: ppp2 PPP: Received LOGIN Response PASS

*Sep 20 21:27:14.659: ppp2 PPP: Phase is FORWARDING, Attempting Forward

*Sep 20 21:27:14.659: ppp2 PPP: Send Message[Connect Local]

*Sep 20 21:27:14.659: Vi2.1 Tnl/Sn 8468/3 L2TP: Virtual interface created for ParamPreet@cisco.com, bandwidth 100000 Kbps

*Sep 20 21:27:14.659: ppp2 PPP: Bind to [Virtual-Access2.1]

*Sep 20 21:27:14.659: AAA/BIND(00000007): Bind i/f Virtual-Access2.1

*Sep 20 21:27:14.659: Vi2.1 PPP: Send Message[Static Bind Response]

*Sep 20 21:27:14.659: Vi2.1 Tnl/Sn 8468/3 L2TP: VPDN session up

*Sep 20 21:27:14.659: Vi2.1 Tnl/Sn 8468/3 L2TP: Session state change from wait-for-service-selection to established

*Sep 20 21:27:14.659: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User

*Sep 20 21:27:14.659: Vi2.1 CHAP: O SUCCESS id 1 len 4

! Authentication succeeded  for incoming user

*Sep 20 21:27:14.659: Vi2.1 VPDN FS Network to tunnel: Punted 44 byte pak to l2x process queue

*Sep 20 21:27:14.659: Vi2.1 PPP: Phase is UP

*Sep 20 21:27:14.659: Vi2.1 AAA/AUTHOR/FSM: We can start IPCP

*Sep 20 21:27:14.663: Vi2.1 IPCP: O CONFREQ [Closed] id 1 len 10

! IPCP phase started for IP address negotiation for incoming user

*Sep 20 21:27:14.663: Vi2.1 IPCP:    Address 20.20.20.1 (0x030614141401)

*Sep 20 21:27:14.663: Vi2.1 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue

*Sep 20 21:27:14.663: Vi2.1 PPP: Process pending ncp packets

*Sep 20 21:27:14.663: Vi2.1 VPDN PROCESS Into tunnel: Sending 44 byte pak

*Sep 20 21:27:14.663: Vi2.1 VPDN PROCESS Into tunnel: Sending 50 byte pak

*Sep 20 21:27:14.663: VPDN FS From tunnel: Received 64 byte pak

*Sep 20 21:27:14.663: Vi2.1 VPDN FS Tunnel to network: Sending 14 byte pak

*Sep 20 21:27:14.663: Vi2.1 VPDN FS Tunnel to network: Fastswitching failed, punting pkt to process

*Sep 20 21:27:14.663: Vi2.1 VPDN FS From tunnel: Punted 14 byte pak to ppp parse and iqueue

*Sep 20 21:27:14.663: VPDN FS From tunnel: Received 60 byte pak

*Sep 20 21:27:14.663: Vi2.1 VPDN FS Tunnel to network: Sending 8 byte pak

*Sep 20 21:27:14.663: Vi2.1 VPDN FS Tunnel to network: Fastswitching failed, punting pkt to process

*Sep 20 21:27:14.663: Vi2.1 VPDN FS From tunnel: Punted 8 byte pak to ppp parse and iqueue

*Sep 20 21:27:14.663: VPDN FS From tunnel: Received 64 byte pak

*Sep 20 21:27:14.663: Vi2.1 VPDN FS Tunnel to network: Sending 14 byte pak

*Sep 20 21:27:14.663: Vi2.1 VPDN FS Tunnel to network: Fastswitching failed, punting pkt to process

*Sep 20 21:27:14.663: Vi2.1 VPDN FS From tunnel: Punted 14 byte pak to ppp parse and iqueue

*Sep 20 21:27:14.663: Vi2.1 IPCP: I CONFREQ [REQsent] id 1 len 10

*Sep 20 21:27:14.663: Vi2.1 IPCP:    Address 0.0.0.0 (0x030600000000)

*Sep 20 21:27:14.667: Vi2.1 IPCP: Pool returned 20.20.20.2

*Sep 20 21:27:14.667: Vi2.1 IPCP: O CONFNAK [REQsent] id 1 len 10

*Sep 20 21:27:14.667: Vi2.1 IPCP:    Address 20.20.20.2 (0x030614141402)

*Sep 20 21:27:14.667: Vi2.1 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue

*Sep 20 21:27:14.667: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10

*Sep 20 21:27:14.667: Vi2.1 IPCP:    Address 20.20.20.1 (0x030614141401)

*Sep 20 21:27:14.667: Vi2.1 CDPCP: I CONFREQ [Not negotiated] id 1 len 4

*Sep 20 21:27:14.667: Vi2.1 LCP: O PROTREJ [Open] id 1 len 10 protocol CDPCP (0x820701010004)

*Sep 20 21:27:14.667: Vi2.1 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue

*Sep 20 21:27:14.667: Vi2.1 VPDN PROCESS Into tunnel: Sending 50 byte pak

*Sep 20 21:27:14.667: Vi2.1 VPDN PROCESS Into tunnel: Sending 50 byte pak

*Sep 20 21:27:14.667: VPDN FS From tunnel: Received 64 byte pak

*Sep 20 21:27:14.667: Vi2.1 VPDN FS Tunnel to network: Sending 14 byte pak

*Sep 20 21:27:14.667: Vi2.1 VPDN FS Tunnel to network: Fastswitching failed, punting pkt to process

*Sep 20 21:27:14.667: Vi2.1 VPDN FS From tunnel: Punted 14 byte pak to ppp parse and iqueue

*Sep 20 21:27:14.667: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 2 len 10

*Sep 20 21:27:14.667: Vi2.1 IPCP:    Address 20.20.20.2 (0x030614141402)

*Sep 20 21:27:14.667: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 2 len 10

*Sep 20 21:27:14.667: Vi2.1 IPCP:    Address 20.20.20.2 (0x030614141402)

*Sep 20 21:27:14.667: Vi2.1 VPDN FS Network to tunnel: Punted 50 byte pak to l2x process queue

*Sep 20 21:27:14.667: Vi2.1 IPCP: State is Open

*Sep 20 21:27:14.667: Vi2.1 VPDN PROCESS Into tunnel: Sending 50 byte pak

*Sep 20 21:27:14.667: Vi2.1 IPCP: Install route to 20.20.20.2

C10K#sh users

    Line       User       Host(s)              Idle       Location

   0 con 0                idle                 01:28:14  

   2 vty 0     cisco      idle                 00:08:57 10.82.211.163

*  3 vty 1     cisco      idle                 00:00:00 171.69.89.47

   4 vty 2     cisco      idle                 00:00:48 10.82.248.114

  Interface    User               Mode         Idle     Peer Address

  Vi2.1        ParamPreet@cisco.com    PPPoVPDN     00:00:26 20.20.20.2

C10K#sh int virtual-a2.1

Virtual-Access2.1 is up, line protocol is up

  Hardware is Virtual Access interface

  Interface is unnumbered. Using address of Loopback0 (20.20.20.1)

  MTU 1500 bytes, BW 100000 Kbit, DLY 100000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation PPP, LCP Open

  Open: IPCP

  PPPoVPDN vaccess, cloned from Virtual-Template1

  Vaccess status 0x0

  Protocol l2tp, tunnel id 64102, session id 5

  Keepalive set (10 sec)

     43 packets input, 1466 bytes

     40 packets output, 1064 bytes idle 00:07:49

  Last clearing of "show interface" counters never

C10K#sh caller timeouts

  Line           User               Limit     Remaining Timer Type

  con 0          -                  -         -         -        

  vty 3          cisco              01:00:00  00:59:59  Idle Exec

  Vi2.1          ParamPreet@cisco.com    00:10:00  00:09:20  PPP idle

C10K#sh caller user ParamPreet@cisco.com detailed

  User: ParamPreet@cisco.com, line Vi2.1, service PPPoVPDN

        Connected for 00:04:18, Idle for 00:01:18

  Timeouts:    Limit     Remaining Timer Type

               00:10:00  00:08:41  PPP idle

  PPP: LCP Open, CHAP (<-), IPCP

  LCP: -> peer, MRU, AuthProto, MagicNumber

       <- peer, MagicNumber

  NCP: Open IPCP

  IPCP: <- peer, Address

        -> peer, Address

  IP: Local 20.20.20.1, remote 20.20.20.2

  Counts: 70 packets input, 2338 bytes

          67 packets output, 1936 bytes

C10K#

*Sep 20 21:40:09.983: Vi2.1 VPDN FS Tunnel to network: Fastswitching failed, punting pkt to process

*Sep 20 21:40:09.983: Vi2.1 VPDN FS From tunnel: Punted 16 byte pak to ppp parse and iqueue

C10K#sh caller user ParamPreet@cisco.com detailed

  User: ParamPreet@cisco.com, line Vi2.1, service PPPoVPDN

        Connected for 00:08:41, Idle for 00:05:40

  Timeouts:    Limit     Remaining Timer Type

               00:10:00  00:04:19  PPP idle

  PPP: LCP Open, CHAP (<-), IPCP

  LCP: -> peer, MRU, AuthProto, MagicNumber

       <- peer, MagicNumber

  NCP: Open IPCP

  IPCP: <- peer, Address

        -> peer, Address

  IP: Local 20.20.20.1, remote 20.20.20.2

  Counts: 120 packets input, 3138 bytes

          117 packets output, 2736 bytes

Disconnecting user session:

*Sep 20 21:48:48.755: VPDN FS From tunnel: Received 130 byte pak

*Sep 20 21:48:48.755: VPDN FS From tunnel: Pak consumed

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Parse CDN

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Parse  AVP 1, len 38, flag 0x8000 (M)

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Result code(2): 2: Call disconnected, refer to error msg

*Sep 20 21:48:48.755:      Error code(6): Vendor specific

*Sep 20 21:48:48.755:      Optional msg: user-request/Call Disconnect

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Parse  AVP 14, len 8, flag 0x8000 (M)

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Assigned Call ID 44667

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Parse  AVP 46, len 11, flag 0x0

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: disconnected, code 3, direction local for CP 0x0

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Parse Cisco AVP 104, len 11, flag 0x0

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: PPP Disconnect Cause Code (Cisco) Already rcvd IETF version, ignoring

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: No missing AVPs in CDN

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: I CDN, flg TLS, ver 2, len 88, tnl 64102, cl 5, ns 15, nr 2

contiguous pak, size 88

            C8 02 00 58 FA 66 00 05 00 0F 00 02 80 08 00 00

            00 00 00 0E 80 26 00 00 00 01 00 02 00 06 75 73

            65 72 2D 72 65 71 75 65 73 74 2F 43 61 6C 6C 20

            44 69 73 63 6F 6E 6E 65 63 74 80 08 00 00 00 0E

            AE 7B 00 0B 00 00 00 2E ...

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 45050, cl 0, ns 2, nr 16

            C8 02 00 0C AF FA 00 00 00 02 00 10

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: I CDN from LAC tnl 45050, cl 44667

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: disconnect (L2X) IETF: 18/host-request Ascend: 66/VPDN Local PPP Disconnect

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Destroying session

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Session state change from established to idle

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Accounting stop sent

*Sep 20 21:48:48.755: Vi2.1 Tnl/Sn 64102/5 L2TP: Unbinding session from idb

*Sep 20 21:48:48.759: Vi2.1 VPDN: Resetting interface

*Sep 20 21:48:48.759: Vi2.1 PPP: Block vaccess from being freed [0x19]

*Sep 20 21:48:48.759:  Tnl 64102 L2TP: Tunnel state change from established to no-sessions-left

*Sep 20 21:48:48.759:  Tnl 64102 L2TP: No more sessions in tunnel, shutdown (likely) in 10 seconds

*Sep 20 21:48:49.151: Vi2.1 PPP: Missed link down notification

*Sep 20 21:48:49.151: Vi2.1 PPP: Sending Acct Event[Down] id[9]

*Sep 20 21:48:49.151: Vi2.1 IPCP: State is Closed

*Sep 20 21:48:49.151: Vi2.1 PPP: Unlocked by [0x1] Still Locked by [0x18]

*Sep 20 21:48:49.151: Vi2.1 PPP: Unlocked by [0x10] Still Locked by [0x8]

*Sep 20 21:48:49.151: Vi2.1 PPP: Phase is TERMINATING

*Sep 20 21:48:49.151: Vi2.1 LCP: State is Closed

*Sep 20 21:48:49.151: Vi2.1 PPP: Phase is DOWN

*Sep 20 21:48:49.151: Vi2.1 PPP: Send Message[Disconnect]

*Sep 20 21:48:49.151: Vi2.1 PPP: Unlocked by [0x8] Still Locked by [0x0]

C10K#

*Sep 20 21:48:49.151: Vi2.1 PPP: Free previously blocked vaccess

*Sep 20 21:48:49.151: Vi2.1 IPCP: Remove route to 20.20.20.2

C10K#

*Sep 20 21:48:58.759:  Tnl 64102 L2TP: O StopCCN  to LAC tnlid 45050

*Sep 20 21:48:58.759:  Tnl 64102 L2TP: O StopCCN, flg TLS, ver 2, len 38, tnl 45050, cl 0, ns 2, nr 16

            C8 02 00 26 AF FA 00 00 00 02 00 10 80 08 00 00

            00 00 00 04 80 08 00 00 00 09 FA 66 80 0A 00 00

            00 01 00 01 00 00

*Sep 20 21:48:58.759:  Tnl 64102 L2TP: Control channel retransmit delay set to 1 seconds

*Sep 20 21:48:58.759:  Tnl 64102 L2TP: Tunnel state change from no-sessions-left to shutting-down

*Sep 20 21:48:58.759: VPDN FS From tunnel: Received 60 byte pak

C10K#

*Sep 20 21:48:58.759: VPDN FS From tunnel: Pak consumed

*Sep 20 21:48:59.759:  Tnl 64102 L2TP: Control channel retransmit delay set to 1 seconds

C10K#

*Sep 20 21:49:03.759:  Tnl 64102 L2TP: Shutdown tunnel

*Sep 20 21:49:03.759:  Tnl 64102 L2TP: Tunnel state change from shutting-down to idle

Comments
ar
Level 1
Level 1

hi.

You mentioned AV pairs are included in the LAC message. How can we get this value frpm LNS? Particluarly the type 38/24 attribute for the TX/RX speed?

Is there a show command or via SNMP?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: