[cisco-bba] cisco av-pair ( l2tp)
Paul Horrocks (phorrock)
phorrock at cisco.com
Wed Apr 7 09:03:22 EDT 2004
Hello
Are you looking for the below:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft
/122limit/122b/122b_15/ftunauth.htm
>From my lab:
LNS config:
===========
aaa group server radius locally
server 10.52.216.2 auth-port 1645 acct-port 1646
!
aaa authorization network LNS_RADIUS group locally
!
vpdn enable
vpdn tunnel authorization network LNS_RADIUS
Radius profile:
===============
LAC Password = "cisco"
Service-Type = Outbound,
Tunnel-Type = :0:L2TP,
Tunnel-Medium-Type = :0:IP,
Tunnel-Client-Auth-ID = :0:"LAC",
Tunnel-Password = :0:"hello",
Cisco:Avpair = "vpdn:vpdn-vtemplate=1"
49.346: L2TP: I SCCRQ from LAC tnl 14209
49.346: Tnl24355 L2TP: Got a challenge in SCCRQ, LAC
49.346: Tnl24355 L2TP: New tunnel created for remote LAC, address
10.52.221.91
49.346: AAA/AUTHOR (0x4A): Pick method list 'LNS_RADIUS'
49.346: Tnl24355 L2TP: Tunnel Authorization started for host LAC
49.346: RADIUS(0000004A): Send to unknown id 21645/78 10.52.216.2:1645,
Access-Request, len 55
49.346: RADIUS: authenticator 79 88 71 55 5D 25 14 BA - 27 04 2B 23 FB
4A 74 DC
49.346: RADIUS: User-Name [1] 5 "LAC"
49.346: RADIUS: User-Password [2] 18 *
49.346: RADIUS: Service-Type [6] 6 Outbound
[5]
49.346: RADIUS: NAS-IP-Address [4] 6 10.52.221.83
49.358: RADIUS: Received from id 21645/78 10.52.216.2:1645,
Access-Accept, len 81
49.358: RADIUS: Service-Type [6] 6 Outbound
[5]
49.358: RADIUS: Tunnel-Type [64] 6 00:L2TP
[3]
49.358: RADIUS: Tunnel-Medium-Type [65] 6 00:IPv4
[1]
49.358: RADIUS: Tunnel-Client-Auth-I[90] 6 00:"LAC"
49.358: RADIUS: Tunnel-Password [69] 8 *
49.358: RADIUS: Vendor, Cisco [26] 29
49.358: RADIUS: Cisco AVpair [1] 23 "vpdn:vpdn-vtemplate=1"
49.358: RADIUS: Tunnel-Password processed as clear text
49.358: L2X: Tunnel author reply found L2X info
49.358: Tnl24355 L2TP: O SCCRP to LAC tnlid 14209
49.358: Tnl24355 L2TP: O SCCRP, flg TLS, ver 2, len 160, tnl 14209, cl
0, ns 0, nr 1
C8 02 00 A0 37 81 00 00 00 00 00 01 80 08 00 00
00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00
00 03 00 00 00 00 80 0A 00 00 00 04 00 00 00 00
00 08 00 00 00 06 11 20 80 13 00 00 00 07 37 32
30 30 2D 4D 75 6C 74 ...
49.362: Tnl24355 L2TP: Control channel retransmit delay set to 1
seconds
49.362: Tnl24355 L2TP: Tunnel state change from idle to wait-ctl-reply
49.366: Tnl24355 L2TP: Parse AVP 0, len 8, flag 0x8000 (M)
49.366: Tnl24355 L2TP: Parse SCCCN
49.366: Tnl24355 L2TP: Parse AVP 13, len 22, flag 0x8000 (M)
49.366: Tnl24355 L2TP: Chlng Resp
97 4A 1D D1 19 E6 A9 37 DB 6B EE 1A E0 BB F3 62
49.366: Tnl24355 L2TP: No missing AVPs in SCCCN
49.366: Tnl24355 L2TP: I SCCCN, flg TLS, ver 2, len 42, tnl 24355, cl
0, ns 1, nr 1contiguous pak, size 42
49.366: Tnl24355 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl
14209, cl 0, ns 1, nr 3
C8 02 00 0C 37 81 00 00 00 01 00 03
49.366: Tnl24355 L2TP: I SCCCN from LAC tnl 14209
49.366: Tnl24355 L2TP: Got a Challenge Response in SCCCN from LAC
49.366: Tnl24355 L2TP: Tunnel Authentication success
49.366: Tnl24355 L2TP: Tunnel state change from wait-ctl-reply to
established
49.366: Tnl24355 L2TP: SM State established
49.366: Tnl24355 L2TP: Parse AVP 0, len 8, flag 0x8000 (M)
49.366: Tnl24355 L2TP: Parse ICRQ
Regards
Paul.
-----Original Message-----
From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of
adama.faye at bell.ca
Sent: 07 April 2004 13:50
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] cisco av-pair ( l2tp)
Hi all,
Somebody know the cisco-av pair to be used to push all vpdn
configuration to the LNS by the Radius.
vpdn-group 100
accept-dialin
protocol l2tp
virtual-template 1
session-limit 3
terminate-from hostname cisco
local name PE1-C7204-10
l2tp hidden
l2tp tunnel password 0 cisco
I 'm using a Cisco 7206VXR IOS 12.3(6).
Do you know where I can find all the cisco-av pair used by Cisco ?
Thanks for your helps.
More information about the cisco-bba
mailing list