[cisco-bba] Fw: l2tp problem

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Tue Jan 9 02:19:59 EST 2007 

Hi,

I can't tell why the ERX doesn't build a tunnel when you use a "Default VPDN Group" (i.e. without any "terminate-from hostname" statement in it).  But if it works with a hostname, and you need to use more than one LAC, try configuring a generic name (like "ERX-LAC" or something like this) as local name on the ERX (using the "client-name" command) and reference the same name on the LNS' "terminate-from hostname").. 

	oli

cisco-bba-bounces at puck.nether.net <> wrote on Tuesday, January 09, 2007 2:31 AM:

> 					hello!
> 
> 
> 	i have a l2tp problem about juniper erx and cisco 7401.
> 
> 
> 	                 radius
> 	                  |
> 	                  |
> 	pppoe client----LAC(erx)----LNS(cisco7401)
> 
> 	only CISCO7401 configure command terminate-from
> hostname LAC,the tunnel created。
> 	if have multi lac to LNS?this is a problem.scalability
> is very bad。
> 
> 	ERX use default configuration.no any specific configuration.
> 
> 	CISCO configuration example
> 
> 	vpdn-group zju.com!ZJ
> 	 accept-dialin
> 	  protocol l2tp
> 	  virtual-template 2
> 	 lcp renegotiation always
> 	 no l2tp tunnel authentication
> 	 l2tp tunnel password 0 cisco
> 	 ip precedence immediate
> 
> 	the configuration result in the tunnelcan't created.if use
> 	 vpdn-group zju.com!ZJ accept-dialin
> 	  protocol l2tp
> 	  virtual-template 2
> 	 terminate-from hostname HZCNC-100-BRAS-01
> 	 lcp renegotiation always
> 	 no l2tp tunnel authentication
> 	 l2tp tunnel password 0 cisco
> 	 ip precedence immediate
> 
> 	the tunnel can created.
> 
> 	debug information
> 
> 	ERX
> 
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (): Authenticate configuration
> 	data: tag = 0, type = 1, transport = ipUdp, routerId = Router
> 0x80000001, address = 
> 	58.100.228.66, tName = default, tSecret = ,
> tLocalHostName = HZCNC-100-BRAS-01,
> 	tPeerHostName = HZCNC-88-BRAS-02, tLocalAddress = 58.100.228.16
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*):
> Update IP transport config:
> 	local address = 58.100.228.16, remote address = 58.100.228.66
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= message, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= protocolVersion, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= hostName, length = 23, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= framingCapabilities, length = 10, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= assignedTunnelId, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= receiveWindowSize, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= firmwareRevision, length = 8, flags = ‾M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= vendorName, length = 28, flags = ‾M ‾H
> 	NOTICE 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*):
> Changing mibState from
> 	idle to connecting
> 	NOTICE 01/09/2007 00:46:02 [l2tp] l2tp (15000024,*):
> Changing effective
> 	adminState from disabled to enabled
> 	INFO 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*):
> Processing incoming
> 	in-sequence sccrp from vr default, remote address
> 58.100.228.66 -
> 	controlHeader.Ns = 0
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= message, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= protocolVersion, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= firmwareRevision, length = 8, flags = ‾M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= hostName, length = 22, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= vendorName, length = 25, flags = ‾M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= receiveWindowSize, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= challenge, length = 22, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= assignedTunnelId, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= framingCapabilities, length = 10, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= bearerCapabilities, length = 10, flags = M ‾H
> 	ERROR 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): Configuration
> 	error processing incoming sccrp from vr default, remote
> address 58.100.228.66 -
> 	challenge with no local secret
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= message, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= assignedTunnelId, length = 8, flags = M ‾H
> 	DEBUG 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*): AVP Header: type
> 	= resultCode, length = 34, flags = M ‾H
> 	NOTICE 01/09/2007 00:46:02 [l2tp] l2tp (): No more configuration
> 	records NOTICE 01/09/2007 00:46:02 [l2tp] l2tp (1400000A,*):
> Changing mibState from
> 	connecting to disconnecting
> 
> 	CISCO:
> 
> 	an  9 00:31:51:  Tnl 51399 L2TP: Control channel
> retransmit delay set to 1 seconds
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: Tunnel state change
> from idle to wait-ctl-reply
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: Parse  AVP 0, len 8,
> flag 0x8000 (M)
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: Parse StopCCN
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: Parse  AVP 9, len 8,
> flag 0x8000 (M)
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: Assigned Tunnel ID 35
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: Parse  AVP 1, len 34, flag 0x8000
> (M) 
> 	*Jan  9 00:31:51: L2X: Result code(2): 2: General error - refer to
> error code 
> 	*Jan  9 00:31:51:      Error code(6): Vendor specific
> 	*Jan  9 00:31:51:      Optional msg: challenge with no secret
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: No missing AVPs in StopCCN
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: I StopCCN, flg TLS,
> ver 2, len 62, tnl 51399, ns 1, nr 1
> 	contiguous pak, size 62
> 	         C8 02 00 3E C8 C7 00 00 00 01 00 01 80 08 00 00
> 	         00 00 00 04 80 08 00 00 00 09 00 23 80 22 00 00
> 	         00 01 00 02 00 06 63 68 61 6C 6C 65 6E 67 65 20
> 	         77 69 74 68 20 6E 6F 20 73 65 63 72 65 74
> 	*Jan  9 00:31:51:  Tnl 51399 L2TP: O ZLB ctrl ack, flg
> TLS, ver 2, len 12, tnl 35, ns 1, nr 2
> 
> 	problem
> 	if have multi lac to LNS?this is a problem.scalability
> is very bad。 I have multi ERX AS LAC,how do?
> 
> 
> 
> 	CAN any body help me ?
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> = = = = = = = = = = = = = = = = = = = =
>         致
> 礼!
>                           zxd
>                           zxd at chinahcn.com
>                           2007-01-09

More information about the cisco-bba mailing list