RE: (ASCEND) L2TP and Max

To: Naoto MATSUMOTO <not@iri.co.jp>, matt@ascend.com
Subject: RE: (ASCEND) L2TP and Max
From: "Hubbard, Dan" <dhubbard@netpartners.com>
Date: Tue, 20 Apr 1999 11:08:27 -0700
Cc: ascend-users@max.bungi.com
Sender: owner-ascend-users@max.bungi.com

The Radius Server has to support CHAP authentication.

-----Original Message-----
From: Naoto MATSUMOTO [mailto:not@iri.co.jp]
Sent: Tuesday, April 20, 1999 4:37 AM
To: matt@ascend.com
Cc: ascend-users@max.bungi.com; not@iri.co.jp
Subject: Re: (ASCEND) L2TP and Max



  Hi, Folks

  The connection by L2TP succeeded between MAX and CISCO.  

> >> Briefly it seems like a problem with your Radius server. What kind is
it?
> >
> > DTC RADIUS is based on ascend RADIUS.
> > What kind of RADIUS did you use in your environment? 
> 
> Ascend's Navis Radius.
> 
> >> You must use a server that encrypts the L2TP shared secret.
> >
> > I wonder how to configuration RADIUS entry.
> > Will you show me configuration sample of RADIUS? 
> 
> It's not a configuration issue. I believe you had it configured correctly.
> But you need to see if your DTC Radius server can encrypt the L2TP shared
> secret.

 The environment is as follows.  

* Items:
	  Ascend MAX2000 TAOS 6.1.24    LAC(L2TP Access Concentrator)
	  Cisco 2514     IOS 12.0(2a)T	LNS(L2TP Network Server)
	  DTC RADIUS     version DTC 2.03 p6
				&
	  Ascend RADIUS  version 1.16 (plus Ascend extensions) 1998/18/06
          (Both were tried in the stern.)

* the diagram :
                10.10.10.10                    192.168.108.17 
  mobile PC ---> MAX(LAC)         Radius       Cisco2514(LNS)
   (PIAFS32K)           |___________|__________| ethernet 

*  Here are my configurations :

  1/ The Max : 
  	Sys Config > Name : max
	Ethernet > Mod Condig > DNS > Domain Name : my.domain
  	L2 Tunneling Options : 
  		L2TP Mode = LAC
  		L2TP auth enable = Yes
  		L2TP RX window = 0

!	Ethernet > Names / Passwords
!		Name=LNS
!		Active=Yes
!		Recv PW=****** ( secret )
!		Template Connection #=0 

  2/ Radius user profile : 

    /etc/raddb/users
    #
    # For L2TP Tunneling TEST
    #
    #LNS     User-Password = ""		not use!

    l2tp    Password = "pass",
	    Service-Type = Framed-User,
	    Framed-Protocol = PPP,
	    Framed-IP-Netmask = 255.255.255.255,
	    Framed-Routing = None,
	    Ascend-Link-Compression = Link-Comp-None,
	    Tunnel-Type = Tunnel-L2TP,
	    Tunnel-Medium-Type = Tunnel-IP,
	    Tunnel-Password = "secret",
	    Tunnel-Server-Endpoint = 192.168.108.17

  3/Cisco ( LNS)

    username l2tp password 7 XXXX ("pass" :same Password = "pass")
    vpdn enable
    !         
    vpdn-group 1
     accept dialin l2tp virtual-template 1 remote max.my.domain (same MAX
entry ?)
     local name LNS               (LNS :same Name/Password
     l2tp tunnel password 7 XXXXX ("secret" :same Name/Password )
    !         
    !         
    interface Ethernet1
     ip address 192.168.108.17 255.255.255.240
     no ip directed-broadcast
     no ip route-cache
     no ip mroute-cache
    !         
    interface Virtual-Template1
     ip unnumbered Ethernet1
     no ip directed-broadcast
     peer default ip address pool test
     ppp authentication chap
    !
    ip local pool test 192.168.108.24

  4/show users infomation

    LAC% show user			(MAX2000)
         I Session   Line: Slot: Tx    Rx    Service      Host      User
         O ID        Chan  Port  Data  Rate  Type[mpID]   Address   Name
         I 292684343 1:19  5:1   64K   64K   PPP          N/A       l2tp


    LNS#show user			(Cisco2514)
	    Line     User      Host(s)                  Idle Location
	  Vi1        l2tp      Virtual PPP (L2TP  ) 00:00:00

	LNS#show vpdn

	L2TP Tunnel and Session Information (Total tunnels=1 sessions=1)

	LocID RemID Remote Name   State  Remote Address  Port  Sessions
	243   67    max.my.domain est    192.168.108.10  1701  1

	LocID RemID TunID Intf    Username      State  Last Chg
	1     84    243   Vi1                   est    00:08:09

    LNS#show vpdn session all

	L2TP Session Information (Total tunnels=1 sessions=1)

	Call id 1 is up on tunnel id 243
	Remote tunnel name is max.my.domain
	  Internet Address is 10.10.10.10
	  Session username is , state is established
	    Time since change 00:08:26, interface Vi1
	    Remote call id is 84
	    493 packets sent, 505 received, 33600 bytes sent, 53321 received
	      Sequencing is off
	      Remote has not requested congestion control

	% No active L2F tunnels

  Question: 
    Are doing, and configuring firmly as TMS(Tunnel Managemnet Server)
    only NavisRADIUS? 

    I want to know the NavisRadius user entry configurations.

		/etc/raddb/users
		LNS	Password = "??????"
			   or
			 ??????

  Thanks.

==
[IRI] Internet Research Institute,Inc.
 Department of Networking,Senior Researcher
    Naoto MATSUMOTO <not@iri.co.jp>

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) Busy Tones
Next by Date: (ASCEND) Pipeline 25-Px
Prev by thread: Re: (ASCEND) L2TP and Max
Next by thread: (ASCEND) 7.0.4 pausing
Index(es):
- Date
- Thread