[cisco-nas] cisco/redback l2tp failure

jlewis at lewis.org jlewis at lewis.org
Thu Nov 6 13:57:51 EST 2003 

We've been having some odd problems with DSL delivered via l2tp from the
ILEC's redbacks.  In several cases, we've found that a cisco 827 as CPE 
will not properly authenticate with our 3640.  A cheaper (zyxel) CPE will.  
Also, once the zyxel has authenticated, if it's unplugged and quickly 
replaced with an 827, the 827 works.  This seems to be some problem 
between the ILEC's redback and our 3640, but I don't see the problem and 
didn't find much searching for various terms from the debug output.

The 827 on its own (without the zyxel jumpstart) doesn't even get as far 
as having our 3640 send a radius auth request to our radius servers.  
Version info and debug output is below.  I've tried adding:

 lcp renegotiation on-mismatch
or
 lcp renegotiation always
to the relevant vpdn group with no effect.  Anyone know what's going on?

System image file is "flash:c3640-js-mz.122-17a.bin"
#sh deb
General OS:
  AAA Authorization debugging is on
PPP:
  PPP authentication debugging is on
VPN:
  L2X protocol events debugging is on
  L2X data packets debugging is on
  L2X control packets debugging is on
  L2X protocol errors debugging is on
  VPDN events debugging is on
  VPDN errors debugging is on
  VPDN packet errors debugging is on
  L2TP data sequencing debugging is on
VTEMPLATE:
  Virtual Template debugging is on


Nov  6 13:44:24: Tnl 55591 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)
Nov  6 13:44:24: Tnl 55591 L2TP: Parse ICRQ
Nov  6 13:44:24: Tnl 55591 L2TP: Parse  AVP 14, len 8, flag 0x8000 (M)
Nov  6 13:44:24: Tnl 55591 L2TP: Assigned Call ID 38866
Nov  6 13:44:24: Tnl 55591 L2TP: Parse  AVP 15, len 10, flag 0x8000 (M)
Nov  6 13:44:24: Tnl 55591 L2TP: Serial Number 32453
Nov  6 13:44:24: Tnl 55591 L2TP: Parse  AVP 18, len 10, flag 0x8000 (M)
Nov  6 13:44:24: Tnl 55591 L2TP: Bearer Type 1
Nov  6 13:44:24: Tnl 55591 L2TP: Parse  AVP 25, len 10, flag 0x0
Nov  6 13:44:24: Tnl 55591 L2TP: Phy Channel ID 537657620
Nov  6 13:44:24: Tnl 55591 L2TP: Parse Vendor 2352 AVP 44, len 10, flag 0x0
Nov  6 13:44:24: Tnl 55591 L2TP: Unknown Vendor 2352 AVP 44 in CM ICRQ
Nov  6 13:44:24: Tnl 55591 L2TP: Ignoring unknown Vendor 2352 AVP 44
Nov  6 13:44:24: Tnl 55591 L2TP: No missing AVPs in ICRQ
Nov  6 13:44:24: Tnl 55591 L2TP: I ICRQ, flg TLS, ver 2, len 68, tnl 55591, cl 0, ns 57400, nr 4721
         C8 02 00 44 D9 27 00 00 E0 38 12 71 80 08 00 00
         00 00 00 0A 80 08 00 00 00 0E 97 D2 80 0A 00 00
         00 0F 00 00 7E C5 80 0A 00 00 00 12 00 00 00 ...
Nov  6 13:44:24: Tnl 55591 L2TP: I ICRQ from RBFLFTWB01 tnl 28202
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Session FS enabled
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Session state change from idle to wait-connect
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: New session created
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: O ICRP to RBFLFTWB01 28202/38866
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: O ICRP, flg TLS, ver 2, len 28, tnl 28202, cl 38866, ns 4721, nr 57401
         C8 02 00 1C 6E 2A 97 D2 12 71 E0 39 80 08 00 00
         00 00 00 0B 80 08 00 00 00 0E FE 7D
Nov  6 13:44:24: Tnl 55591 L2TP: Clean Queue packet 4721
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 0, len 8, flag 0x8000 (M)
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse ICCN
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 26, len 16, flag 0x0
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Initial LCPREQ
         01 04 00 C0 05 06 B1 2F CB C5
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 27, len 21, flag 0x0
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Last Sent LCPREQ
         01 04 05 DC 03 05 C2 23 05 05 06 43 96 65 87
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 28, len 16, flag 0x0
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Last Rx LCPREQ
         01 04 00 C0 05 06 B1 2F CB C5
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 29, len 8, flag 0x0
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Proxy Auth Type 2
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 32, len 8, flag 0x0
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Proxy Auth ID 53
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 36, len 46, flag 0x8000 (M)Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Random Vector
         CF 6E 5D 1D B8 0D 1F 5C F7 E3 2D 04 F7 7E 97 C9
         BA 86 BF D2 29 17 38 76 52 6C 16 94 DC 81 52 AD
         EF B0 4A 29 3D E8 85 35
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 30, len 32, flag 0x4000 (H)Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Proxy Auth Name XXXXXX at atlantic.net
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 33, len 22, flag 0x0
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Proxy Auth Resp
         68 14 0A 87 1B B7 98 4B 83 C2 C0 40 06 F3 4D 45
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 31, len 22, flag 0x0
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Proxy Auth Chal
         13 D0 14 52 3C EE F5 98 A1 D7 E5 CD 3A 34 20 C2
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 19, len 10, flag 0x8000 (M)Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Framing Type 1
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Parse  AVP 24, len 10, flag 0x8000 (M)Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Connect Speed 155520000
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: No missing AVPs in ICCN
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: I ICCN, flg TLS, ver 2, len 231, tnl 55591, cl 65149, ns 57401, nr 4722
         C8 02 00 E7 D9 27 FE 7D E0 39 12 72 80 08 00 00
         00 00 00 0C 00 10 00 00 00 1A 01 04 00 C0 05 06
         B1 2F CB C5 00 15 00 00 00 1B 01 04 05 DC 03 ...
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 28202, cl 0, ns 4722, nr 57402
         C8 02 00 0C 6E 2A 00 00 12 72 E0 3A
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: I ICCN from RBFLFTWB01 tnl 28202, cl 38866
Nov  6 13:44:24: Tnl/Cl 55591/65149 L2TP: Session state change from wait-connect to established
Nov  6 13:44:24: Vt1 VTEMPLATE: Unable to create and clone vaccess
Nov  6 13:44:24: Vi62 VTEMPLATE: Reuse Vi62, recycle queue size 5
Nov  6 13:44:24: Vi62 VTEMPLATE: Hardware address 0010.7b92.9d41
Nov  6 13:44:24: Vi62 VTEMPLATE: Has a new cloneblk vtemplate, now it has vtemplate
Nov  6 13:44:24: Vi62 VTEMPLATE: ************* CLONE VACCESS62 *****************Nov  6 13:44:24: Vi62 VTEMPLATE: Clone from Virtual-Template1
interface Virtual-Access62
default ip address
no ip address
encap ppp
ip unnumbered FastEthernet0/0
ip mroute-cache
load-interval 30
no logging event link-status
no snmp trap link-status
end
 
Nov  6 13:44:24: Vi62 VTEMPLATE: Free vaccess
Nov  6 13:44:24: XXXXXX at atlantic.net Tnl/Cl 55591/65149 L2TP: ICCN Error getting virtual interface
Nov  6 13:44:24: XXXXXX at atlantic.net Tnl/Cl 55591/65149 L2TP: O CDN to RBFLFTWB01 28202/38866
Nov  6 13:44:24: XXXXXX at atlantic.net Tnl/Cl 55591/65149 L2TP: O CDN, flg TLS, ver 2, len 38, tnl 28202, cl 38866, ns 4722, nr 57402
         C8 02 00 26 6E 2A 97 D2 12 72 E0 3A 80 08 00 00
         00 00 00 0E 80 08 00 00 00 0E FE 7D 80 0A 00 00
         00 01 00 04 00 00
Nov  6 13:44:24: XXXXXX at atlantic.net Tnl/Cl 55591/65149 L2TP: Destroying sessionNov  6 13:44:24: XXXXXX at atlantic.net Tnl/Cl 55591/65149 L2TP: Session state change from established to idle
Nov  6 13:44:24: XXXXXX at atlantic.net Tnl/Cl 55591/65149 L2TP: Session state change from established to idle
Nov  6 13:44:24: Vi62 VTEMPLATE: Interface and line protocol are down, proceed to free
Nov  6 13:44:24: VTEMPLATE: Clean up dirty vaccess queue, size 1
Nov  6 13:44:24: Vi62 VTEMPLATE: Found a dirty vaccess clone with vtemplate
Nov  6 13:44:24: Vi62 VTEMPLATE: ************ UNCLONE VACCESS62 **************
Nov  6 13:44:24: Vi62 VTEMPLATE: Unclone to-be-freed command#7
interface Virtual-Access62
default snmp trap link-status
default logging event link-status
default load-interval 30
default ip mroute-cache
default ip unnumbered FastEthernet0/0
default encap ppp
default ip address
end
 
Nov  6 13:44:24: Vi62 VTEMPLATE: Remove cloneblk vtemplate with vtemplate
Nov  6 13:44:24: Vi62 VTEMPLATE: Set default settings with no ip address
Nov  6 13:44:24: Tnl 55591 L2TP: Clean Queue packet 4722
Nov  6 13:44:24: Tnl 55591 L2TP: I ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 55591, cl 0, ns 57402, nr 4723
Nov  6 13:44:24: Vi62 VTEMPLATE: Add vaccess to recycle queue, queue size 6

----------------------------------------------------------------------
 Jon Lewis *jlewis at lewis.org*|  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |  
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nas mailing list