Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

L2TP LNS PPP auth error

Hi

I have a setup as foll

PPOE client->LAC(Radius)->LNS(Radius)

I face a strange issue only at the PPP authenticating phase.

A snapshot of the debug PPP negotiation is as foll

06:32:40: ppp67 PPP: Phase is ESTABLISHING

06:32:40: ppp67 PPP: Send Message[Dynamic Bind Response]

06:32:40: ppp67 LCP: O CONFREQ [Closed] id 1 len 39

06:32:40: ppp67 LCP: ACCM 0x000A0000 (0x0206000A0000)

06:32:40: ppp67 LCP: AuthProto PAP (0x0304C023)

06:32:40: ppp67 LCP: MagicNumber 0x1ABD01EF (0x05061ABD01EF)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:40: ppp67 LCP: MRRU 1524 (0x110405F4)

06:32:40: ppp67 LCP: EndpointDisc 1 R2A-7200 (0x130B015232412D37323030)

06:32:40: ppp67 LCP: I CONFREQ [REQsent] id 5 len 20

06:32:40: ppp67 LCP: ACCM 0x00000000 (0x020600000000)

06:32:40: ppp67 LCP: MagicNumber 0x6A722D66 (0x05066A722D66)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:40: ppp67 LCP: O CONFACK [REQsent] id 5 len 20

06:32:40: ppp67 LCP: ACCM 0x00000000 (0x020600000000)

06:32:40: ppp67 LCP: MagicNumber 0x6A722D66 (0x05066A722D66)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:40: ppp67 LCP: I CONFREJ [ACKsent] id 1 len 19

06:32:40: ppp67 LCP: MRRU 1524 (0x110405F4)

06:32:40: ppp67 LCP: EndpointDisc 1 R2A-7200 (0x130B015232412D37323030)

06:32:40: ppp67 LCP: O CONFREQ [ACKsent] id 2 len 24

06:32:40: ppp67 LCP: ACCM 0x000A0000 (0x0206000A0000)

06:32:40: ppp67 LCP: AuthProto PAP (0x0304C023)

06:32:40: ppp67 LCP: MagicNumber 0x1ABD01EF (0x05061ABD01EF)

06:32:40: ppp67 LCP: PFC (0x0702)

06:32:40: ppp67 LCP: ACFC (0x0802)

06:32:41: ppp67 LCP: I CONFACK [ACKsent] id 2 len 24

06:32:41: ppp67 LCP: ACCM 0x000A0000 (0x0206000A0000)

06:32:41: ppp67 LCP: AuthProto PAP (0x0304C023)

06:32:41: ppp67 LCP: MagicNumber 0x1ABD01EF (0x05061ABD01EF)

06:32:41: ppp67 LCP: PFC (0x0702)

06:32:41: ppp67 LCP: ACFC (0x0802)

06:32:41: ppp67 LCP: State is Open

06:32:41: ppp67 PPP: Phase is AUTHENTICATING, by this end

06:32:41: ppp67 LCP: I IDENTIFY [Open] id 6 len 18 magic 0x6A722D66 MSRASV5.10

06:32:41: ppp67 LCP: I IDENTIFY [Open] id 7 len 21 magic 0x6A722D66 MSRAS-0-RAMYA

06:32:41: ppp67 PAP: I AUTH-REQ id 38 len 30 from "test@rw.test.tcl"

06:32:41: ppp67 PAP: Authenticating peer test@rw.test.tcl

06:32:41: ppp67 PPP: Phase is FORWARDING, Attempting Forward

06:32:41: ppp67 PPP: Phase is AUTHENTICATING, Unauthenticated User

06:32:41: ppp67 PAP: O AUTH-NAK id 38 len 26 msg is "Authentication failed"

06:32:41: ppp67 PPP: Sending Acct Event[Down] id[A2]

06:32:41: ppp67 PPP: Phase is TERMINATING

06:32:41: ppp67 LCP: O TERMREQ [Open] id 3 len 4

06:32:41: ppp67 PPP: Received Disconnect from Lower Layer

06:32:41: ppp67 LCP: O TERMREQ [TERMsent] id 3 len 4

06:32:41: ppp67 PPP: Dynamic send error, close LCP

06:32:41: ppp67 LCP: State is Closed

06:32:41: ppp67 PPP: Phase is DOWN

06:32:41: ppp67 PPP: Phase is TERMINATING

The L2TP tunnel is seen to be established for a fraction of a second, but immediately disconnects due to authentication problem.

Note : There is no username or password error in this case.

Has anyone any idea on this?

1 REPLY
Silver

Re: L2TP LNS PPP auth error

If you enabled "l2tp hidden" command it causes additional security if PPP is using PAP or proxy authentication between the LAC and LNS tunnel cannot be established

If you disable "no l2tp hidden" then everything works fine

For further information click this link.

http://www.cisco.com/en/US/docs/ios/11_3/feature/guide/l2tp.html#wp9947

852
Views
0
Helpful
1
Replies