[cisco-bba] cisco av-pair ( l2tp)

Paul Horrocks (phorrock) phorrock at cisco.com
Wed Apr 7 10:39:34 EDT 2004


There is no av-pair available for this, can you apply globally?

>-----Original Message-----
>From: adama.faye at bell.ca [mailto:adama.faye at bell.ca] 
>Sent: 07 April 2004 14:32
>To: Paul Horrocks (phorrock)
>Cc: cisco-bba at puck.nether.net
>Subject: RE: [cisco-bba] cisco av-pair ( l2tp)
>
>
>
>Thanks,
>
>Do you know the cisco av-pair for the session-limit  ...
>
>
>
>-----Original Message-----
>From: Paul Horrocks (phorrock) [mailto:phorrock at cisco.com] 
>Sent: Wednesday, April 07, 2004 9:03 AM
>To: Faye, Adama (P010495); cisco-bba at puck.nether.net
>Subject: RE: [cisco-bba] cisco av-pair ( l2tp)
>
>Hello
>
>Are you looking for the below:
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios122
>/122newft
>/122limit/122b/122b_15/ftunauth.htm
>
>From my lab:
>
>LNS config:
>===========
>aaa group server radius locally
> server 10.52.216.2 auth-port 1645 acct-port 1646
>!
>aaa authorization network LNS_RADIUS group locally 
>!
>vpdn enable
>vpdn tunnel authorization network LNS_RADIUS
>
>Radius profile:
>===============
>LAC Password = "cisco" 
>       Service-Type = Outbound,
>       Tunnel-Type = :0:L2TP,
>       Tunnel-Medium-Type = :0:IP,
>       Tunnel-Client-Auth-ID = :0:"LAC",
>       Tunnel-Password = :0:"hello",
>       Cisco:Avpair = "vpdn:vpdn-vtemplate=1"
>
>
>49.346: L2TP: I SCCRQ from LAC tnl 14209
>49.346:   Tnl24355 L2TP: Got a challenge in SCCRQ, LAC
>49.346:   Tnl24355 L2TP: New tunnel created for remote LAC, address
>10.52.221.91
>49.346: AAA/AUTHOR (0x4A): Pick method list 'LNS_RADIUS'
>49.346:   Tnl24355 L2TP: Tunnel Authorization started for host LAC
>49.346: RADIUS(0000004A): Send to unknown id 21645/78 10.52.216.2:1645,
>Access-Request, len 55
>49.346: RADIUS:  authenticator 79 88 71 55 5D 25 14 BA - 27 04 2B 23 FB
>4A 74 DC
>49.346: RADIUS:  User-Name           [1]   5   "LAC"
>49.346: RADIUS:  User-Password       [2]   18  *
>49.346: RADIUS:  Service-Type        [6]   6   Outbound
>[5]
>49.346: RADIUS:  NAS-IP-Address      [4]   6   10.52.221.83
>
>49.358: RADIUS: Received from id 21645/78 10.52.216.2:1645,
>Access-Accept, len 81
>49.358: RADIUS:  Service-Type        [6]   6   Outbound
>[5]
>49.358: RADIUS:  Tunnel-Type         [64]  6   00:L2TP
>[3]
>49.358: RADIUS:  Tunnel-Medium-Type  [65]  6   00:IPv4
>[1]
>49.358: RADIUS:  Tunnel-Client-Auth-I[90]  6   00:"LAC"
>49.358: RADIUS:  Tunnel-Password     [69]  8   *
>49.358: RADIUS:  Vendor, Cisco       [26]  29  
>49.358: RADIUS:   Cisco AVpair       [1]   23  "vpdn:vpdn-vtemplate=1"
>49.358: RADIUS: Tunnel-Password processed as clear text
>49.358: L2X: Tunnel author reply found L2X info
>49.358:   Tnl24355 L2TP: O SCCRP  to LAC tnlid 14209
>49.358:   Tnl24355 L2TP: O SCCRP, flg TLS, ver 2, len 160, tnl 
>14209, cl
>0, ns 0, nr 1
>         C8 02 00 A0 37 81 00 00 00 00 00 01 80 08 00 00
>         00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00
>         00 03 00 00 00 00 80 0A 00 00 00 04 00 00 00 00
>         00 08 00 00 00 06 11 20 80 13 00 00 00 07 37 32
>         30 30 2D 4D 75 6C 74 ...
>49.362:   Tnl24355 L2TP: Control channel retransmit delay set to 1
>seconds
>49.362:   Tnl24355 L2TP: Tunnel state change from idle to 
>wait-ctl-reply
>49.366:   Tnl24355 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)
>49.366:   Tnl24355 L2TP: Parse SCCCN
>49.366:   Tnl24355 L2TP: Parse  AVP 13, len 22, flag 0x8000 (M)
>49.366:   Tnl24355 L2TP: Chlng Resp  
>         97 4A 1D D1 19 E6 A9 37 DB 6B EE 1A E0 BB F3 62
>49.366:   Tnl24355 L2TP: No missing AVPs in SCCCN
>49.366:   Tnl24355 L2TP: I SCCCN, flg TLS, ver 2, len 42, tnl 24355, cl
>0, ns 1, nr 1contiguous pak, size 42
>49.366:   Tnl24355 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl
>14209, cl 0, ns 1, nr 3
>         C8 02 00 0C 37 81 00 00 00 01 00 03
>49.366:   Tnl24355 L2TP: I SCCCN from LAC tnl 14209
>49.366:   Tnl24355 L2TP: Got a Challenge Response in SCCCN from LAC
>49.366:   Tnl24355 L2TP: Tunnel Authentication success
>49.366:   Tnl24355 L2TP: Tunnel state change from wait-ctl-reply to
>established
>49.366:   Tnl24355 L2TP: SM State established
>49.366:   Tnl24355 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)
>49.366:   Tnl24355 L2TP: Parse ICRQ
>
>Regards
>Paul.
>
>-----Original Message-----
>From: cisco-bba-bounces at puck.nether.net
>[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of
>adama.faye at bell.ca
>Sent: 07 April 2004 13:50
>To: cisco-bba at puck.nether.net
>Subject: [cisco-bba] cisco av-pair ( l2tp)
>
>
>Hi all,
> 
>Somebody know the cisco-av pair to be used to push all vpdn
>configuration to the LNS by the Radius. 
> 
>vpdn-group 100
>  accept-dialin
>  protocol l2tp
>  virtual-template 1
> session-limit 3
> terminate-from hostname cisco
> local name PE1-C7204-10
> l2tp hidden
> l2tp tunnel password 0 cisco
> 
> 
>I 'm using a Cisco 7206VXR   IOS 12.3(6). 
> 
>Do you know where I can find all the cisco-av pair  used by Cisco ?  
> 
>Thanks for your helps.
> 
> 
>
>



More information about the cisco-bba mailing list