[cisco-bba] cisco av-pair ( l2tp)

Paul Horrocks (phorrock) phorrock at cisco.com
Wed Apr 7 09:03:22 EDT 2004


Hello

Are you looking for the below:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft
/122limit/122b/122b_15/ftunauth.htm

>From my lab:

LNS config:
===========
aaa group server radius locally
 server 10.52.216.2 auth-port 1645 acct-port 1646
!
aaa authorization network LNS_RADIUS group locally 
!
vpdn enable
vpdn tunnel authorization network LNS_RADIUS

Radius profile:
===============
LAC Password = "cisco" 
       Service-Type = Outbound,
       Tunnel-Type = :0:L2TP,
       Tunnel-Medium-Type = :0:IP,
       Tunnel-Client-Auth-ID = :0:"LAC",
       Tunnel-Password = :0:"hello",
       Cisco:Avpair = "vpdn:vpdn-vtemplate=1"


49.346: L2TP: I SCCRQ from LAC tnl 14209
49.346:   Tnl24355 L2TP: Got a challenge in SCCRQ, LAC
49.346:   Tnl24355 L2TP: New tunnel created for remote LAC, address
10.52.221.91
49.346: AAA/AUTHOR (0x4A): Pick method list 'LNS_RADIUS'
49.346:   Tnl24355 L2TP: Tunnel Authorization started for host LAC
49.346: RADIUS(0000004A): Send to unknown id 21645/78 10.52.216.2:1645,
Access-Request, len 55
49.346: RADIUS:  authenticator 79 88 71 55 5D 25 14 BA - 27 04 2B 23 FB
4A 74 DC
49.346: RADIUS:  User-Name           [1]   5   "LAC"
49.346: RADIUS:  User-Password       [2]   18  *
49.346: RADIUS:  Service-Type        [6]   6   Outbound
[5]
49.346: RADIUS:  NAS-IP-Address      [4]   6   10.52.221.83

49.358: RADIUS: Received from id 21645/78 10.52.216.2:1645,
Access-Accept, len 81
49.358: RADIUS:  Service-Type        [6]   6   Outbound
[5]
49.358: RADIUS:  Tunnel-Type         [64]  6   00:L2TP
[3]
49.358: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4
[1]
49.358: RADIUS:  Tunnel-Client-Auth-I[90]  6   00:"LAC"
49.358: RADIUS:  Tunnel-Password     [69]  8   *
49.358: RADIUS:  Vendor, Cisco       [26]  29  
49.358: RADIUS:   Cisco AVpair       [1]   23  "vpdn:vpdn-vtemplate=1"
49.358: RADIUS: Tunnel-Password processed as clear text
49.358: L2X: Tunnel author reply found L2X info
49.358:   Tnl24355 L2TP: O SCCRP  to LAC tnlid 14209
49.358:   Tnl24355 L2TP: O SCCRP, flg TLS, ver 2, len 160, tnl 14209, cl
0, ns 0, nr 1
         C8 02 00 A0 37 81 00 00 00 00 00 01 80 08 00 00
         00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00
         00 03 00 00 00 00 80 0A 00 00 00 04 00 00 00 00
         00 08 00 00 00 06 11 20 80 13 00 00 00 07 37 32
         30 30 2D 4D 75 6C 74 ...
49.362:   Tnl24355 L2TP: Control channel retransmit delay set to 1
seconds
49.362:   Tnl24355 L2TP: Tunnel state change from idle to wait-ctl-reply
49.366:   Tnl24355 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)
49.366:   Tnl24355 L2TP: Parse SCCCN
49.366:   Tnl24355 L2TP: Parse  AVP 13, len 22, flag 0x8000 (M)
49.366:   Tnl24355 L2TP: Chlng Resp  
         97 4A 1D D1 19 E6 A9 37 DB 6B EE 1A E0 BB F3 62
49.366:   Tnl24355 L2TP: No missing AVPs in SCCCN
49.366:   Tnl24355 L2TP: I SCCCN, flg TLS, ver 2, len 42, tnl 24355, cl
0, ns 1, nr 1contiguous pak, size 42
49.366:   Tnl24355 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl
14209, cl 0, ns 1, nr 3
         C8 02 00 0C 37 81 00 00 00 01 00 03
49.366:   Tnl24355 L2TP: I SCCCN from LAC tnl 14209
49.366:   Tnl24355 L2TP: Got a Challenge Response in SCCCN from LAC
49.366:   Tnl24355 L2TP: Tunnel Authentication success
49.366:   Tnl24355 L2TP: Tunnel state change from wait-ctl-reply to
established
49.366:   Tnl24355 L2TP: SM State established
49.366:   Tnl24355 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)
49.366:   Tnl24355 L2TP: Parse ICRQ

Regards
Paul.

-----Original Message-----
From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of
adama.faye at bell.ca
Sent: 07 April 2004 13:50
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] cisco av-pair ( l2tp)


Hi all,
 
Somebody know the cisco-av pair to be used to push all vpdn
configuration to the LNS by the Radius. 
 
vpdn-group 100
  accept-dialin
  protocol l2tp
  virtual-template 1
 session-limit 3
 terminate-from hostname cisco
 local name PE1-C7204-10
 l2tp hidden
 l2tp tunnel password 0 cisco
 
 
I 'm using a Cisco 7206VXR   IOS 12.3(6). 
 
Do you know where I can find all the cisco-av pair  used by Cisco ?  
 
Thanks for your helps.
 
 



More information about the cisco-bba mailing list