[cisco-bba] Cisco as L2TP Access Concentrator (LAC)
Tom Storey
tom at snnap.net
Wed Mar 5 04:10:50 EST 2008
Hi Oli,
Funny you should mention that. Ive never seen a session show up as
"terminated" on a LAC, even on older 12.2 IOSes.
Im thinking that by (un)numbering his virtual-template the router is
somewhat "terminating" the session, but also forwarding it on.
Could be wrong though. :-)
Cheers,
Tom
On 05/03/2008, at 7:06 PM, Oliver Boehmer (oboehmer) wrote:
> Tom,
>
> I guess this is due to the IOS version deployed on the box. 12.2
> mainline doesn't have the newer infrastructure as in 12.2SB/12.3/12.4.
> As we don't start IPCP, IP address or pool information are ignored
> anyway..
>
> oli
>
>
> Tom Storey <mailto:tom at snnap.net> wrote on Wednesday, March 05, 2008
> 9:25 AM:
>
>> Why does your LAC show the user as being connected via Virtual-
>> interface 1?
>>
>> Ideally a LAC would not show any terminated users, only forwarded
>> sessions. In your case, it appears you have both.
>>
>> In your virtual template, change "ip unnumbered Loopback1" to "no ip
>> address" and add "no peer default ip address".
>>
>> On 05/03/2008, at 1:55 AM, Rado Vasilev wrote:
>>
>>> Hi Oliver,
>>>
>>> Thanks for your help - I got it working now!!!
>>>
>>> --- Minimal Cisco LAC configuration ---
>>>
>>> aaa new-model
>>> aaa authentication login default local
>>> aaa authentication ppp default local
>>>
>>>
>>> vpdn enable
>>> vpdn multihop
>>> !
>>> vpdn-group 1
>>> accept-dialin
>>> protocol pppoe
>>> virtual-template 1
>>> !
>>>
>>> vpdn-group 2
>>> request-dialin
>>> protocol l2tp
>>> domain deckland.com
>>> initiate-to ip 2.2.2.2
>>> local name deckland.com
>>> no l2tp tunnel authentication
>>> source-ip 1.1.1.1
>>>
>>> interface FastEthernet2/0.5
>>> description PPPoE Test
>>> encapsulation dot1Q 5
>>> pppoe enable
>>> pppoe max-sessions 100
>>>
>>>
>>> interface Virtual-Template1
>>> description PPPoE Test
>>> ip unnumbered Loopback1
>>> keepalive 30
>>> ppp authentication chap
>>>
>>> ----------------------------------------
>>>
>>> lac#sh vpdn tunnel
>>>
>>> L2TP Tunnel Information Total tunnels 1 sessions 1
>>>
>>> LocID RemID Remote Name State Remote Address Port Sessions
>>> 21754 33850 d-test-lns1 est 2.2.2.2 1701 1
>>>
>>> lac#sh users
>>> Line User Host(s) Idle Location
>>> * 2 vty 0 admin idle 00:00:00 3.3.3.3
>>>
>>> Interface User Mode Idle Peer
>>> Address Vi1 rado at deckl Virtual PPP (PPPoE ) 00:00:00
>>>
>>> Regards,
>>> Rado
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Oliver Boehmer (oboehmer) [mailto:oboehmer at cisco.com]
>>> Sent: 04 March 2008 14:04
>>> To: Rado Vasilev; cisco-bba at puck.nether.net
>>> Subject: RE: [cisco-bba] Cisco as L2TP Access Concentrator (LAC)
>>>
>>> Rado Vasilev <mailto:rado at dev.magnet.ie> wrote on Tuesday, March 04,
>>> 2008 2:47 PM:
>>>
>>>> Hi Oliver,
>>>>
>>>> I added the global configuration command ``vpdn multihop'' but that
>>>> didn't help. Did you mean to recommend some additional command(s)
>>>> under the vpdn-group too?
>>>
>>> Well, I meant to configure a pppoe vpdn-group (or bba-group,
>>> depending on version) and a virtual-template just as you did
>>> initially (you mentioned that you successfully terminated the pppoe
>>> sessions on the 7200). This is required to accept pppoe sessions.
>>> The "vpdn multihop" along with the addtl. vpdn-group will take care
>>> of L2TP forwarding. So the 7200 will act as LNS as well as LAC
>>> (sometimes referred to as "multihop LNS")..
>>>
>>> you might want to consider upgrading to 12.3M or 12.4M to get addtl.
>>> functionality for this type of application..
>>>
>>> oli
>>>
>>>
>>>
>>> No virus found in this incoming message.
>>> Checked by AVG Free Edition.
>>> Version: 7.5.516 / Virus Database: 269.21.4/1309 - Release Date:
>>> 03/03/2008 18:50
>>>
>>>
>>> _______________________________________________
>>> cisco-bba mailing list
>>> cisco-bba at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-bba
More information about the cisco-bba
mailing list