[cisco-bba] Cisco as L2TP Access Concentrator (LAC)

Rado Vasilev rado at dev.magnet.ie
Tue Mar 4 08:47:06 EST 2008


Hi Oliver,

I added the global configuration command ``vpdn multihop’’ but that didn’t
help.
Did you mean to recommend some additional command(s) under the vpdn-group
too?


Current configuration:

------------------ 7206 conf -------------------

hostname lac

aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local

vpdn enable
vpdn multihop
vpdn search-order domain dnis

vpdn-group 1
 request-dialin
  protocol l2tp
  domain deckland.com
 initiate-to ip 2.2.2.2
 no l2tp tunnel authentication

! 2.2.2.2 is the IP of the remote LNS server

interface FastEthernet2/0.5
 description PPPoE Test
 encapsulation dot1Q 5
 pppoe enable
 pppoe max-sessions 100

--------------------------------------------------

Log file still looks the same:
*Mar  4 04:17:33.582: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 04:17:33.582: PPPoE 0: No info L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 04:17:41.582: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 04:17:41.582: PPPoE 0: No info L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 04:17:57.586: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 04:17:57.586: PPPoE 0: No info L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 04:17:59.582: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 04:17:59.582: PPPoE 0: No info L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5



Regards,
Rado

________________________________________
From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com] 
Sent: 04 March 2008 12:36
To: Rado Vasilev; cisco-bba at puck.nether.net
Subject: RE: [cisco-bba] Cisco as L2TP Access Concentrator (LAC)

Rado,
 
you may want to go back to your LNS configuration, then add "vpdn multihop"
and put in your vpdn-group which initiates a tunnel (i.e. the one you showed
below). This should do what you want. The 7200 will terminate the pppoe
session, but once it receives the PPP authentication request, "vpdn
multihop" will trigger a search if the session is to be forwarded or locally
terminated. As the user domain matches, it will forward it.
 
    oli

________________________________________
From: cisco-bba-bounces at puck.nether.net
[mailto:cisco-bba-bounces at puck.nether.net] On Behalf Of Rado Vasilev
Sent: Tuesday, March 04, 2008 1:20 PM
To: cisco-bba at puck.nether.net
Subject: [cisco-bba] Cisco as L2TP Access Concentrator (LAC)
Hi group,

I'm trying to configure a 7206VXR as a LAC (L2TP Access Concentrator)
without any success.
Here's my testlab setup - any view of what I might be doing wrong much
appreciated!



DSL modem configured with PPPoE and username rado at deckland.com is connected
to a Layer2 transparent DSLAM.
DSLAM port is mapped to vlan 5 which is terminated with a subinterface on
the 7206.

If I configure the router as LNS (vpdn group and virtual template
interface), the PPPoE session gets locally terminated
and I have connectivity to the modem. This basically proves the VLAN
connectivity from the DSLAM port to the Cisco router.
What my end goal is to use the device as LAC and not LNS. I have a second
router that's already configured as LNS and
this is where I want the PPP session terminated at.



[DSL modem] <-- dsl_line ---> [vlan_5 DSLAM dot1q_trunk] <--- uplink --->
[fa2/0.5 C7206VXR fa0/0] <--- IP ---> [LNS router]

Here's my configuration on the 7206:

------------------ 7206 conf -------------------

hostname lac

aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local

vpdn enable
vpdn search-order domain dnis

vpdn-group 1
 request-dialin
  protocol l2tp
  domain deckland.com
 initiate-to ip 2.2.2.2
 no l2tp tunnel authentication

! 2.2.2.2 is the IP of the remote LNS server

interface FastEthernet2/0.5
 description PPPoE Test
 encapsulation dot1Q 5
 pppoe enable
 pppoe max-sessions 100

--------------------------------------------------


The above configuration basically tries to manually establish L2TP tunnel to
the remote LNS.
Debbuging while the modem tries to connect shows in the logs:

*Mar  4 02:49:33.531: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 02:49:33.531: PPPoE 0: No info L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 02:49:41.531: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 02:49:41.531: PPPoE 0: No info L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 02:49:57.535: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 02:49:57.535: PPPoE 0: No info L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5
*Mar  4 02:49:59.531: PPPoE 0: I PADI L:ffff.ffff.ffff R:0002.cf65.e602 5
Fa2/0.5

It looks that Cisco doesn't want to respond on the incoming PADI messages...

sh version
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-JK9S-M), Version 12.2(46a), RELEASE SOFTWARE
(fc1)
Copyright (c) 1986-2007 by cisco Systems, Inc.
Compiled Thu 12-Jul-07 00:38 by pwade
Image text-base: 0x60008940, data-base: 0x617A4110

ROM: System Bootstrap, Version 12.0(19990210:195103) [12.0XE 105],
DEVELOPMENT SOFTWARE
BOOTLDR: 7200 Software (C7200-BOOT-M), Version 12.0(10)S, EARLY DEPLOYMENT
RELEASE SOFTWARE (fc1)

d-magneto-pe1 uptime is 18 hours, 45 minutes
System returned to ROM by reload at 08:04:11 UTC Mon Mar 3 2008
System image file is "slot1:c7200-jk9s-mz.122-46a.bin"



Any help appreciated!
Rado



More information about the cisco-bba mailing list