[c-nsp] terminating l2 ADSL customers

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Sun Mar 4 05:38:49 EST 2007 

Not sure if you ever received a reply, but see inline:

> 
> I am using cisco 3660 router V-12.2 terminating DSL L2TP VPDN over
> ATM and freeradius.
> 
> my configuration is as follows
> 
> aaa authentication login default local
> aaa authentication ppp default if-needed group radius
> aaa authorization network default group radius
> aaa session-id common
> 
> vpdn enable
> !
> vpdn-group 1
>  accept-dialin
>   protocol l2tp
>   virtual-template 1
>  terminate-from hostname hostname
> source-ip sourcename
>  lcp renegotiation always
>  l2tp tunnel password 7 xxxxxxxxxxxxxxxxxxx
> !
> interface Virtual-Template1
> mtu 1492
> ip unnumbered FastEthernet0/0.1
> ppp authentication chap pap
> 
> this is my configuration to run l2 on ATM(AGVC).
> 
> I can ping the LAC's. LAC'S can ping me.
> 
> Tunnel gets created and it gets tunnel id and then it shutsdown. Can
> you please suggest where i am wrong or can you please point me in the
> right direction. following is the debug information from "debug
> l2x-event". Any suggestion is much appreciated.   
> 

> Feb 28 09:02:53 210.80.157.1 30576: 16:04:33:   Tnl59502 L2TP: O
> SCCRP  to nxxxxxxxk-vez8 tnlid 668 
> Feb 28 09:02:53 210.80.157.1 30577: 16:04:33:   Tnl59502 L2TP: O
> SCCRP, flg TLS, ver 2, len 152, tnl 668, cl 0, ns 0, nr 1 
[...]
> Feb 28 09:02:54 210.80.157.1 30583: 16:04:34:   Tnl59502 L2TP: O
> Resend SCCRP, flg TLS, ver 2, len 152, tnl 668, cl 0, ns 0, nr 1 
[...]
> Feb 28 09:03:00 210.80.157.1 30649: 16:04:40:   Tnl59502 L2TP: O
> Resend SCCRP, flg TLS, ver 2, len 152, tnl 668, cl 0, ns 0, nr 1 
[...]
> Feb 28 09:03:08 210.80.157.1 30682: 16:04:48:   Tnl59502 L2TP: O
> Resend SCCRP, flg TLS, ver 2, len 152, tnl 668, cl 0, ns 0, nr 1 
[...]
> Feb 28 09:03:17 210.80.157.1 30714: 16:04:56:   Tnl59502 L2TP: O
> Resend SCCRP, flg TLS, ver 2, len 152, tnl 668, cl 0, ns 0, nr 1 
> Feb 28 09:03:24 210.80.157.1 30715: 16:05:04:   Tnl59502 L2TP: O
> Resend SCCRP, flg TLS, ver 2, len 152, tnl 668, cl 0, ns 0, nr 1 

Problem is seen above, the LAC is no ACK'ing your SCCRP's and causes you
to resend them, and eventually you (and the LAC) gives up.. 
can you configure a "vpdn source-ip x.x.x.x" which matches the L2TP
tunnel destination the LAC uses to build the tunnel?

	oli

More information about the cisco-nsp mailing list