[c-nsp] multihop VPDN Problem
Oliver Boehmer (oboehmer)
oboehmer at cisco.com
Wed Jun 18 01:34:35 EDT 2008
Edi,
exactly, your debug shows
*Jun 18 00:04:08.983: Vi2.1 IPCP: Received AAA AUTHOR Response FAIL
*Jun 18 00:04:08.983: Vi2.1 IPCP: Event[CLOSE] New State[Initial]
because you are authenticating against local user, but authorize with
Radius..
Glad it works now,
oli
Edi Guntoro <mailto:igoen99 at yahoo.com> wrote on Wednesday, June 18, 2008
4:23 AM:
> Dear Oli,
> I try to remove aaa configuration and found that the problem is
> regarding the Authorization, so I reconfigure the AAA authorization
> part. And now my vpdn multihop is work. thanks for your support.
>
>
> Edi
>
>
>
> ----- Original Message ----
> From: Edi Guntoro <igoen99 at yahoo.com>
> To: Oliver Boehmer (oboehmer) <oboehmer at cisco.com>;
> cisco-nsp at puck.nether.net
> Sent: Wednesday, June 18, 2008 8:33:12 AM
> Subject: Re: [c-nsp] multihop VPDN Problem
>
>
> Attached is the sh run and debug ppp,
> thank you very much.
>
> regards
> edi
>
>
>
>
> ----- Original Message ----
> From: Oliver Boehmer (oboehmer) <oboehmer at cisco.com>
> To: Edi Guntoro <igoen99 at yahoo.com>; cisco-nsp at puck.nether.net
> Sent: Tuesday, June 17, 2008 4:17:03 PM
> Subject: RE: [c-nsp] multihop VPDN Problem
>
> I don't know why IPCP fails.. vtemplate config looks fine (very
> basic)..
> can you show the full PPP debug and config on LNS2?
>
> oli
>
> Edi Guntoro <mailto:igoen99 at yahoo.com> wrote on Tuesday, June 17, 2008
> 10:46 AM:
>
>> Hi Oli,
>> Thanks for your input, now the lns1 can triger l2tp connection to
>> lns2 (tunnel status established), but now the lns2 stuck on "IPCP:
>> Currently stalled packet." I thought this is a matter of layer3
>> connectivity and supplying IP address, I have check the ip pool.
>> Regards
>>
>> interface Virtual-Template13
>> ip unnumbered GigabitEthernet0/2
>> peer default ip address pool multihop
>> ppp mtu adaptive
>> ppp authentication chap callin
>> end
>> #sh ip local pool
>>
>> Pool Begin End Free In use
>> multihop 192.168.1.2 192.168.1.254 253 0
>>
>> *Jun 17 07:33:31.487: Vi2.1 IPCP: I CONFREQ [Initial] id 10 len 34
>> *Jun 17 07:33:31.487: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
>> *Jun 17 07:33:31.487: Vi2.1 IPCP: PrimaryDNS 0.0.0.0
>> (0x810600000000)
>> *Jun 17 07:33:31.487: Vi2.1 IPCP: PrimaryWINS 0.0.0.0
>> (0x820600000000)
>> *Jun 17 07:33:31.487: Vi2.1 IPCP: SecondaryDNS 0.0.0.0
>> (0x830600000000)
>> *Jun 17 07:33:31.487: Vi2.1 IPCP: SecondaryWINS 0.0.0.0
>> (0x840600000000)
>> *Jun 17 07:33:31.487: Vi2.1 IPCP: Update stall packet id [9] to [10]
>> *Jun 17 07:33:35.491: Vi2.1 IPCP: I CONFREQ [Initial] id 11 len 10
>> *Jun 17 07:33:35.491: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
>> *Jun 17 07:33:35.495: Vi2.1 IPCP: Currently stalled packet. Discard
>> incoming packet
>> *Jun 17 07:33:39.547: Vi2.1 IPCP: I CONFREQ [Initial] id 12 len 10
>> *Jun 17 07:33:39.547: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
>> *Jun 17 07:33:39.547: Vi2.1 IPCP: Currently stalled packet. Discard
>> incoming packet
>> *Jun 17 07:33:43.607: Vi2.1 IPCP: I CONFREQ [Initial] id 13 len 10
>> *Jun 17 07:33:43.607: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
>> *Jun 17 07:33:43.607: Vi2.1 IPCP: Currently stalled packet. Discard
>> incoming packet
>> *Jun 17 07:33:47.607: Vi2.1 IPCP: I CONFREQ [Initial] id 14 len 10
>> *Jun 17 07:33:47.607: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
>> *Jun 17 07:33:47.607: Vi2.1 IPCP: Currently stalled packet. Discard
>> incoming packet
>> *Jun 17 07:33:51.611: Vi2.1 IPCP: I CONFREQ [Initial] id 15 len 10
>> *Jun 17 07:33:51.611: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
>> *Jun 17 07:33:51.611: Vi2.1 IPCP: Currently stalled packet. Discard
>> incoming packet
>> *Jun 17 07:33:56.103: Vi2.1 IPCP: I CONFREQ [Initial] id 16 len 10
>> *Jun 17 07:33:56.103: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000)
>> *Jun 17 07:33:56.103: Vi2.1 IPCP: Currently stalled packet. Discard
>> incoming packet
>> *Jun 17 07:34:00.127: Vi2.1 LCP: I TERMREQ [Open] id 17 len 16
>> *Jun 17 07:34:00.127: Vi2.1 LCP: (0x57BC108C003CCD7400000000)
>> *Jun 17 07:34:00.127: Vi2.1 IPCP: Event[DOWN] New State[Initial]
>> *Jun 17 07:34:00.127: Vi2.1 IPCP: Event[CLOSE] New State[Initial]
>> *Jun 17 07:34:00.127: Vi2.1 LCP: O TERMACK [Open] id 17 len 4
>> *Jun 17 07:34:00.127: Vi2.1 LCP: Event[Receive TermReq] New
>> State[Stopping]
>> *Jun 17 07:34:00.127: Vi2.1 PPP DISC: Received LCP TERMREQ from peer
>> *Jun 17 07:34:00.127: Vi2.1 PPP: Sending Acct Event[Down] id[F]
>> *Jun 17 07:34:00.127: Vi2.1 PPP: Phase is TERMINATING
>> *Jun 17 07:34:00.143: Tnl 3162 L2TP: Perform early message digest
>> validation for CDN
>> *Jun 17 07:34:00.143: Tnl 3162 L2TP: Control connection
>> authentication skipped/passed.
>> *Jun 17 07:34:00.143: Tnl 3162 L2TP: Tunnel auth counter, Overall
>> Skipped, now 6
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: I CDN from MY-ISG
>> tnl 52436, cl 107
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: disconnect (AAA)
>> IETF: 1/user-request Ascend: 28/PPP Receive Term
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: Destroying session
>> *Jun 17 07:34:00.143: L2X Session DB (Tnl/Sn: 3162/3): Removed the
>> control session from the session DB
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: Session state change
>> from established to idle
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: PW-MGMT: PW peer
>> 124.81.78.242, vcid 0
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: PW-MGMT: Reason
>> [Protocol DOWN]
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: PW-MGMT: Local VC
>> DOWN, Remote VC DOWN
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: PW-MGMT:
>> Provisioned NO, Established NO
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: PW-MGMT: No change
>> in PW state
>> *Jun 17 07:34:00.143: Vi2.1 LCP: Event[CLOSE] New State[Closing]
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: L2X request teardown
>> data plane
>> *Jun 17 07:34:00.143: Vi2.1 Tnl/Sn 3162/3 L2TP: Unbinding session
>> from idb
>> *Jun 17 07:34:00.143: Vi2.1 VPDN: Resetting interface
>> *Jun 17 07:34:00.143: Vi2.1 PPP: Block vaccess from being freed
>> [0x10]
>> *Jun 17 07:34:00.143: Tnl 3162 L2TP: Tunnel state change from
>> established to no-sessions-left
>> *Jun 17 07:34:00.143: Tnl 3162 L2TP: No more sessions in tunnel,
>> shutdown (likely) in 10 seconds
>> *Jun 17 07:34:00.143: Vi2.1 LCP: Event[DOWN] New State[Initial]
>> *Jun 17 07:34:00.143: Vi2.1 PPP: Unlocked by [0x10] Still Locked by
>> [0x0]
>> *Jun 17 07:34:00.143: Vi2.1 PPP: Free previously blocked vaccess
>> *Jun 17 07:34:00.143: Vi2.1 PPP: Phase is DOWN
>> *Jun 17 07:34:00.143: L2TP:(Tnl3162:Sn3)L2X s/w switching session
>> unprovisioned
>> *Jun 17 07:34:00.143: L2X Session DB (Tnl/Sn: 3162/3): Removed the
>> switching session from the session DB
>> *Jun 17 07:34:00.387: Vi2.1 PPP: Free Context [4652E08]
>> *Jun 17 07:34:10.143: Tnl 3162 L2TP: O StopCCN to MY-ISG tnlid
>> 52436
>> *Jun 17 07:34:10.143: Tnl 3162 L2TP: Control channel retransmit
>> delay set to 1 seconds
>> *Jun 17 07:34:10.143: Tnl 3162 L2TP: Tunnel state change from
>> no-sessions-left to shutting-down
>> *Jun 17 07:34:10.143: Tnl 3162 L2TP: Early authen passing ZLB
>> *Jun 17 07:34:10.143: Tnl 3162 L2TP: Shutdown tunnel
>>
>>
>>
>> ----- Original Message ----
>> From: Oliver Boehmer (oboehmer) <oboehmer at cisco.com>
>> To: Edi Guntoro <igoen99 at yahoo.com>; cisco-nsp at puck.nether.net
>> Sent: Tuesday, June 17, 2008 1:24:44 PM
>> Subject: RE: [c-nsp] multihop VPDN Problem
>>
>> Edi Guntoro <> wrote on Tuesday, June 17, 2008 3:52 AM:
>>
>>> DA,
>>> I'm trying to setup multihop vpdn using cisco router, here are the
>>> network diagram; PC<--pppoe-->LAC<--L2TP-->LNS1<--L2TP-->LNS2
>>> But, I have a problem with the connection, LNS1 never triger L2tp
>>> connection to LNS2. And on LNS2, I suspect the debug message "ppp48
>>> PPP: LCP Jam failed on [MRU] option"
>>
>> I assume an MTU mismatch issue which can be resolved via "ppp mtu
>> adaptive" on LNS2's vtemplate or by enabling LCP renegotiation on
>> LNS2's vpdn-group ("lcp reneg on-mismatch"). Or set the MTU to 1492
>> on all involved vtemplates (assuming you're using this MTU on the
>> client).
>>
>> oli
More information about the cisco-nsp
mailing list