[c-nsp] Problem with L2TP !!

Asad Ul-Islam asad747 at cyber.net.pk
Wed Apr 1 03:56:04 EDT 2009 

Dear friends!

 

I am trying to establish a L2TP tunnel between a LAC (Which is also Acting
as BRAS) and LNS (Which is also acting as BRAS). 

 

User ---------[Cisco 3640 LAC]----- IP Cloud-------[Cisco 3845 LNS]

 

The problem I am facing is that the scenario is working fine as long as I am
using user account created locally on LNS.  However as soon as I enable
radius parameters, LAC stops establishing tunnel with LNS and connects the
user on LAC as pppoe user. After investigation I have found that If I remove
following line from the configuration L2TP Tunnels works perfectly fine; 

 

aaa authorization network default group radius

 

Can someone tell me Why its happening?? Since I am using @domain in user ids
for L2TP users, LAC should not even refer to Radius.  And I need this aaa
authorization parameter since both my LAC and LNS also have PPPoE users
terminated on them.

 

Following is my LAC and LNS configuration after including my radius
parameteres, same configuration works fine without radius parameters.

 

LAC Configuration

 

aaa authentication login default local

aaa authentication ppp default group radius local

aaa authorization network default group radius local

aaa accounting delay-start 

aaa accounting session-duration ntp-adjusted

aaa accounting update periodic 15

aaa accounting network default start-stop group radius

aaa nas port extended

aaa session-id common

!

ip cef

vpdn enable

vpdn multihop

!

vpdn-group 1

 request-dialin

  protocol l2tp

  multihop hostname DSL-LNS

  domain cybernet

 initiate-to ip 1.1.1.1 

 source-ip 2.2.2.2

 local name DSL-LAC

 no l2tp tunnel authentication

!

bba-group pppoe global

 virtual-template 1

!

interface Serial2/1

 description *** Connected to LNS ***

 ip address 2.2.2.2 255.255.255.252

 encapsulation ppp

 

interface ATM3/0.2 multipoint

 pvc vpdn 0/36 

  encapsulation aal5snap

  protocol pppoe group global

 

interface Virtual-Template1

 ip unnumbered Serial2/1

 peer default ip address pool home-dsl

 ppp authentication pap

 

 

LNS Configuration

 

aaa authentication login default local

aaa authentication ppp default group radius local

aaa authorization network default group radius 

aaa accounting delay-start 

aaa accounting session-duration ntp-adjusted

aaa accounting update periodic 15

aaa session-id common

!

vpdn enable

vpdn multihop

!

vpdn-group 1

 accept-dialin

  protocol l2tp

  virtual-template 1

 terminate-from hostname DSL-LAC

 local name DSL-LNS

 lcp renegotiation on-mismatch

 no l2tp tunnel authentication

!

interface GigabitEthernet0/1.7

 description *** LAC Management ***

 encapsulation dot1Q 7

 ip address 1.1.1.1 255.255.255.252

!

interface Virtual-Template1

 ip unnumbered GigabitEthernet0/1.7

 peer default ip address pool PPPoE

 ppp authentication pap

More information about the cisco-nsp mailing list