Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) L2TP and Max
Hi folks,
I tried it. but I'm confused ...
> I have L2TP working between the MAX(LAC running 6.1.7 ) and the
> Cisco ( LNS running 12.0(1)T) before ..
* Items:
Ascend MAX2000 TAOS 6.1.24 LAC(L2TP Access Concentrator)
Cisco 2514 IOS 12.0(2a)T LNS(L2TP Network Server)
DTC RADIUS RADIUS version DTC 2.03 p6
* the diagram :
10.10.10.10 192.168.108.17
mobile PC ---> MAX(LAC) Radius Cisco2514(LNS)
(PIAFS32K) |___________|__________| ethernet
* Here are my configurations :
1/ The Max :
Sys Config > Name : max
Mod Condig > DNS > Domain Name : my.domain
L2 Tunneling Options :
L2TP Mode = LAC
L2TP auth enable = Yes
L2TP RX window = 0
2/ Radius user profile :
/etc/raddb/users
#
# For L2TP Tunneling TEST
#
LNS User-Password = ""
l2tp Password = "pass",
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Ascend-Link-Compression = Link-Comp-None,
Tunnel-Type = Tunnel-L2TP,
Tunnel-Medium-Type = Tunnel-IP,
Tunnel-Password = "secret",
Tunnel-Server-Endpoint = 192.168.108.17
3/Cisco ( LNS)
username l2tp password 7 XXXX ("pass" :same Password = "pass")
vpdn enable
!
vpdn-group 1
accept dialin l2tp virtual-template 1 remote max.my.domain (same MAX entry ?)
local name LNS (LNS :same LNS User-Password = "")
l2tp tunnel password 7 XXXXX ("secret" :same Tunnel-Password = "secret")
!
!
interface Ethernet1
ip address 192.168.108.17 255.255.255.240
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
!
interface Virtual-Template1
ip unnumbered Ethernet1
no ip directed-broadcast
peer default ip address pool test
ppp authentication chap
!
ip local pool test 192.168.108.24
* debug:
[BAD CASE!]
PPP L2TP user start is ....
MAX(LAC)> l2tpcm
L2TPCM debug is now ON
>
*(l2tp user connect to MAX(LAC))
L2TPCM: calling getHostByNameAsync for server 192.168.108.17
L2TPCM: Looking for server [192.168.108.17] at address 192.168.108.17
L2TPCM: CMStart called for [192.168.108.17:1701]
L2TPCM-54: Event = LocalStartReq
L2TPCM-54: sending StartControlConnectionRequest
L2TPCM-54: Session state chg from Down to Local-Start
L2TPCM-54: transportRxCallback from [192.168.110.52:1701/54]
L2TPCM-54: Event = RxStartRep
L2TPCM-54: ParseStartControlConRep
L2TPCM-54: Protocol Version = 0x0100
L2TPCM-54: Framing Cap = 0x00000003
L2TPCM-54: Bearer Cap = 0x00000003
L2TPCM-54: Firmware Revision = 0x1120
L2TPCM-54: Name = LNS
L2TPCM-54: Vendor Name = Cisco Systems, Inc.
L2TPCM-54: TunnelID = 173 (0x00ad)
L2TPCM-54: Receive Window Size = 4
L2TPCM-54: Peer is challenging me!
L2TPCM-54: Peer sent challenge response!
L2TPCM-54: looking for 'LNS' shared secret...
L2TPCM-54: waiting for RADIUS callback
L2TPCM: _radiusCallback: status = 2
L2TPCM-54: re-queueing last event
L2TPCM-54: Event = RxStartRep
L2TPCM-54: ParseStartControlConRep
L2TPCM-54: Protocol Version = 0x0100
L2TPCM-54: Framing Cap = 0x00000003
L2TPCM-54: Bearer Cap = 0x00000003
L2TPCM-54: Firmware Revision = 0x1120
L2TPCM-54: Name = LNS
L2TPCM-54: Vendor Name = Cisco Systems, Inc.
L2TPCM-54: TunnelID = 173 (0x00ad)
L2TPCM-54: Receive Window Size = 4
L2TPCM-54: Peer is challenging me!
L2TPCM-54: Peer sent challenge response!
! L2TPCM-54: shared secret with 'LNS' is ''
! ^^^^ ^ ?? NULL What's happen?
! L2TPCM-54: authentication failed!
! ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
L2TPCM-54: sending StopControlConnectionNotification
* RADIUS debug log (failed Tunnel Authentication)
RADIUS #/usr/etc/radiusd -L -p -d /etc/raddb -Sl -a /var/log/radacct -x
Apr 11 17:33:34.429 radiusd[26294] Debugging enabled
Apr 11 17:33:54.678 radiusd[26294] New request: max.my.domain.1025, id=155
Apr 11 17:33:54.679 radiusd[26294] handle_radius_request: max.my.domain.1025,....
Apr 11 17:33:54.680 radiusd[26294] fork in rad_spawn_child (parent)
Apr 11 17:33:54.681 radiusd[26296] fork in rad_spawn_child (child)
request: User-Name = "l2tp"
request: CHAP-Password = "\001+}\344,\230\304\374\335\207\013\255\012\211\260\314\370"
request: NAS-IP-Address = 10.10.10.10
request: NAS-Port = 10120
request: NAS-Port-Type = 6
request: Service-Type = Framed-User
request: Framed-Protocol = PPP
request: State = ""
request: Calling-Station-Id = "0#043719343"
request: Acct-Session-Id = "292683824"
Apr 11 17:33:54.687 radiusd[26296] Authenticate: NAS is Ascend Box
user_parse: Password = "pass"
user_parse: Service-Type = Framed-User
user_parse: Framed-Protocol = PPP
user_parse: Framed-IP-Netmask = 255.255.255.255
user_parse: Framed-Routing = Listen
user_parse: Ascend-Link-Compression = Link-Comp-None
user_parse: Tunnel-Type = Tunnel-L2TP
user_parse: Tunnel-Medium-Type = Tunnel-IP
user_parse: Tunnel-Password = "secret"
user_parse: Tunnel-Server-Endpoint = "192.168.108.17"
cut_attribute: Password = "pass"
Apr 11 17:33:54.692 radiusd[26296] User record PASSWORD type is Radius
Apr 11 17:33:54.692 radiusd[26296] send_accept: max.my.domain.1025, id=155
reply: Service-Type = Framed-User
reply: Framed-Protocol = PPP
reply: Framed-IP-Netmask = 255.255.255.255
reply: Framed-Routing = Listen
reply: Ascend-Link-Compression = Link-Comp-None
reply: Tunnel-Type = Tunnel-L2TP
reply: Tunnel-Medium-Type = Tunnel-IP
reply: Tunnel-Password = "secret"
reply: Tunnel-Server-Endpoint = "192.168.108.17"
* (l2tp user Authentication is good. but,next Tunnel(?) authentication is ....)
Apr 11 17:33:54.909 radiusd[26294] New request: max.my.domain.1025, id=156
Apr 11 17:33:54.909 radiusd[26294] handle_radius_request: max.my.domain.1025,...
Apr 11 17:33:54.910 radiusd[26294] fork in rad_spawn_child (parent)
Apr 11 17:33:54.911 radiusd[26297] fork in rad_spawn_child (child)
! request: User-Name = "LNS"
! request: User-Password = ""
! ^^ NULL ?? Whats's happen?
request: NAS-IP-Address = 10.10.10.10
request: NAS-Port = 0
request: NAS-Port-Type = Virtual
request: Service-Type = Outbound-User
! user_parse: User-Password = ""
! cut_attribute: User-Password = ""
Apr 11 17:33:54.920 radiusd[26297] User record PASSWORD type is Radius
Apr 11 17:33:54.920 radiusd[26297] send_accept: max.my.domain.1025, id=156
! [GOOD CASE!]
* But manual l2tpstart command is ...
MAX(LAC)> l2tpstart 192.168.108.17 secret
L2TPCM: Connecting to host [192.168.108.17], password = secret
L2TPCM: CMStart called for [192.168.108.17:1701]
L2TPCM-56: Event = LocalStartReq
L2TPCM-56: sending StartControlConnectionRequest
L2TPCM-56: Session state chg from Down to Local-Start
L2TPCM-56: transportRxCallback from [192.168.110.52:1701/56]
L2TPCM-56: Event = RxStartRep
L2TPCM-56: ParseStartControlConRep
L2TPCM-56: Protocol Version = 0x0100
L2TPCM-56: Framing Cap = 0x00000003
L2TPCM-56: Bearer Cap = 0x00000003
L2TPCM-56: Firmware Revision = 0x1120
L2TPCM-56: Name = LNS
L2TPCM-56: Vendor Name = Cisco Systems, Inc.
L2TPCM-56: TunnelID = 175 (0x00af)
L2TPCM-56: Receive Window Size = 4
L2TPCM-56: Peer is challenging me!
L2TPCM-56: Peer sent challenge response!
! L2TPCM-56: shared secret with 'LNS' is 'secret'
* ^^^^ ^^^^^^^ share secert is available.
! L2TPCM-56: sending StartControlConnectionConnected
! L2TPCM-56: Session state chg from Local-Start to Up
* Establish L2TP sesssion
* L2TP Session is successfull.
Cisco(LNS)#show vpdn tunnel
L2TP Tunnel Information (Total tunnels=1 sessions=0)
LocID RemID Remote Name State Remote Address Port Sessions
176 57 max.my.domai est 10.10.10.10 1701 0
Umm... It's a Interoperability Problem ?
Thanks
==
[IRI] Internet Research Institute,Inc.
Department of Networking,Senior Researcher
Naoto MATSUMOTO <not@iri.co.jp>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>