用于拨入和拨出的基本 L2TP 虚拟专用拨号网络 (VPDN)

简介

本文档提供用于拨入和拨出呼叫的第2层隧道协议(L2TP)的示例配置。

注意：此设置不涉及身份验证、授权和记帐(AAA)服务器。

先决条件

要求

本文档没有任何特定的要求。

使用的组件

本文档中的信息基于 Cisco IOS® 软件版本 12.1。

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您使用的是真实网络，请确保您已经了解所有命令的潜在影响。

规则

有关文件规则的更多信息请参见“ Cisco技术提示规则”。

配置

本部分提供有关如何配置本文档所述功能的信息。

注：要查找有关本文档中所用命令的其他信息，请使用命令查找工具(仅限注册用户)(仅限注册客户)。

网络图

本文档使用以下网络设置：

配置

本文档使用以下配置：

• 路由器remote1:

  Loopback0: 17.17.17.1/32用户名： remote1@cisco.com ISDN号码(BRI 0): 6122

• 路由器remote2:

  环回：17.17.17.2/32用户名：remote2@cisco.com ISDN号码(BRI 0):6121

• 路由器LAC:

  环回：18.18.18.1/32 ISDN编号(E1 0):8211串行接口(S0):18.18.18.6/30

• 路由器LNS:

  环回：18.18.18.2/32串行接口(S0):18.18.18.5/30以太网接口(E0):10.200.20.24/24

• 路由器local1:

  环回：17.17.17.3/32以太网接口(E0):10.200.20.32/24

路由器remote1@cisco.com和remote2@cisco.com使用ISDN访问L2TP访问集中器(LAC)。背靠背串行链路在此设置中连接LAC和L2TP网络服务器(LNS)。本地1路由器和LNS共享同一以太网链路

流程如下：

1. L2TP拨入:remote1@cisco.com客户端希望与local1路由器通信。客户端生成到LAC的ISDN呼叫，这会启动到LNS的L2TP隧道，然后启动L2TP会话。LAC使用域名建立与LNS的隧道。LNS在本地对远程用户进行身份验证。

2. L2TP拨出：本地1路由器希望与remote2@cisco.com远程客户端通信。LNS使用LAC的现有隧道并创建新的L2TP会话。

注意：这些配置将被截断，以显示相关信息。

hostname LAC 
! 
! 
ip subnet-zero 
no ip domain-lookup 
! 
vpdn enable 
no vpdn logging 
vpdn search-order domain 

!--- VPDN tunnel authorization is based on the domain only.

! 
vpdn-group 1 
request-dialin 

!--- Enables the LAC to make requests to the LNS for dialin.

protocol l2tp 
domain cisco.com 
accept-dialout 

!--- Enables the LAC to accept requests from the LNS for dialout.

protocol l2tp 
dialer 1 

!--- Specifies the dialer used to dial out.

terminate-from hostname LNS 
initiate-to ip 18.18.18.2 
local name LAC 
l2tp tunnel password l2tptunnel 
source-ip 18.18.18.1 
! 
isdn switch-type primary-net5 
! 
! 
controller E1 0 
clock source line primary 
pri-group timeslots 1-31 
! 
interface Loopback0 
ip address 18.18.18.1 255.255.255.255 
! 
interface Ethernet0 
ip address 10.200.20.34 255.255.255.0 
no ip route-cache 
no ip mroute-cache 
no cdp enable 
! 
! 
interface Serial0 
description -- Connection to the LNS 
ip address 18.18.18.6 255.255.255.252 
no fair-queue 
clockrate 64000 
no cdp enable 
! 
interface Serial0:15 
no ip address 
encapsulation ppp 
dialer rotary-group 1 
isdn switch-type primary-net5 
no cdp enable 
ppp authentication chap 
ppp chap hostname LAC 
! 
interface Dialer1 
ip unnumbered Loopback0 
encapsulation ppp 
dialer in-band 
dialer aaa 

!--- L2TP dialout functionality requires this command even if you do not use AAA.
  
dialer-group 1 
no cdp enable 
ppp authentication chap 
ppp chap hostname LAC 
ppp chap password 7 1511021F0725 
! 
no ip http server 
ip classless 
ip route 18.18.18.2 255.255.255.255 18.18.18.5 
! 
dialer-list 1 protocol ip permit 
no cdp run

hostname LNS
!
vpdn enable
vpdn-group 1 
accept-dialin

!--- Enables the LNS to accept request from the LAC for dialin.
 
protocol l2tp 
virtual-template 1 

!--- For each user, a virtual-access is cloned from this virtual-template.
 
request-dialout 

!--- Enables the LNS to request the LAC for dialout.
 
protocol l2tp 
pool-member 1 

!--- Specifies the dialer profile to be used to dial out.
 
terminate-from hostname LAC 
initiate-to ip 18.18.18.1 
local name LNS 
l2tp tunnel password l2tptunnel 
source-ip 18.18.18.2 
! 
! 
interface Loopback0 
ip address 18.18.18.2 255.255.255.255 
! 
interface Ethernet0 
ip address 10.200.20.24 255.255.255.0 
no ip route-cache 
no ip mroute-cache 
! 
interface Virtual-Template1 
ip unnumbered Loopback0 
no peer default ip address 
ppp chap hostname LNS 
! 
interface Serial0 
description -- Connection to the LAC 
ip address 18.18.18.5 255.255.255.252 
no ip route-cache 
no ip mroute-cache 
! 
interface Dialer1 

!--- For each user, a dialer profile is configured.
 
ip unnumbered Loopback0 
encapsulation ppp 
dialer pool 1 

!--- "dialer pool 1" must match "pool-member 1" in the VPDN-group.
 
dialer remote-name remote1@cisco.com 
dialer string 6122 

!--- ISDN number that the LAC uses to dialout the remote client remote1@cisco.com.

dialer vpdn 

!--- Enables the dialer profile to use L2TP dialout, and so place a VPDN call.
 
dialer-group 1 
ppp authentication chap callin 
ppp chap hostname LNS 
! 
interface Dialer2 
ip unnumbered Loopback0 
encapsulation ppp 
dialer pool 1 
dialer remote-name remote2@cisco.com 
dialer string 6121 
dialer vpdn 
dialer-group 1 
no cdp enable 
ppp authentication chap callin 
ppp chap hostname LNS 
! 
no ip http server 
ip classless 
ip route 10.200.16.26 255.255.255.255 10.200.20.1 
ip route 17.17.17.1 255.255.255.255 Dialer1 
ip route 17.17.17.2 255.255.255.255 Dialer2 
ip route 17.17.17.3 255.255.255.255 10.200.20.32 
ip route 18.18.18.1 255.255.255.255 18.18.18.6 
! 
dialer-list 1 protocol ip permit 
no cdp run

验证

本部分所提供的信息可用于确认您的配置是否正常工作。

命令输出解释程序工具（仅限注册用户）支持某些 show 命令，使用此工具可以查看对 show 命令输出的分析。

• show vpdn — 显示有关虚拟专用拨号网络(VPDN)中活动的第2级转发(L2F)协议隧道和消息标识符的信息。

  LAC#show debug 
  Dial on demand:   
    Dial on demand events debugging is on 
  VPN:   
    L2X protocol events debugging is on   
    VPDN events debugging is on 
  PPP:   
    PPP authentication debugging is on   
    PPP protocol negotiation debugging is on 
  ISDN:   
    ISDN events debugging is on 
    
    ISDN events debug DSLs. (On/Off/No DSL:1/0/-) 
     DSL 0 --> 1 
     1 - 
  
  LNS#show debug 
  Dial on demand:   
    Dial on demand events debugging is on 
  VPN:   
    L2X protocol events debugging is on   
    VPDN events debugging is on 
  PPP:   
    PPP authentication debugging is on   
    PPP protocol negotiation debugging is on 
  VTEMPLATE:   
    Virtual Template debugging is on

确认

拨入

remote1@cisco.com路由器发起对local1路由器的呼叫。

LAC# 

ISDN呼叫进入LAC。

Sep 29 02:25:42.923: ISDN Se0:15: Incoming call id = 0x011B, dsl 0 
Sep 29 02:25:42.927: Negotiated CCB->int_id 0 B-chan 0, req->int_id 0, B-chan 18 
Sep 29 02:25:42.931: CCPRI_ReleaseChan CCB->B_Chan zero 
Sep 29 02:25:42.939: ISDN Se0:15: received CALL_INCOMING call_id 0x11B 
Sep 29 02:25:42.939: ISDN Se0:15: CALL_INCOMING: call type is DATA , bchan = 17 
Sep 29 02:25:42.943: ISDN Se0:15: Event: Received a DATA call from 6122 on B17
 at 64 Kb/s 
Sep 29 02:25:42.947: ISDN Se0:15: RM returned call_type 0 resource type 0      
Sep 29 02:25:42.959: ISDN Se0:15: isdn_send_connect(): msg 74, call id 0x11B,
 ces 1 bchan 17, call type DATA 
Sep 29 02:25:43.031: %LINK-3-UPDOWN: Interface Serial0:17, changed state to up 
Sep 29 02:25:43.059: Se0:17 PPP: Treating connection as a callin 
Sep 29 02:25:43.063: Se0:17 PPP: Phase is ESTABLISHING, Passive Open 
Sep 29 02:25:43.067: Se0:17 LCP: State is Listen 
Sep 29 02:25:43.127: ISDN Se0:15: received CALL_PROGRESSing call_id 0x11B      
Sep 29 02:25:43.199: Se0:17 LCP: I CONFREQ [Listen] id 125 len 10 
Sep 29 02:25:43.203: Se0:17 LCP: MagicNumber 0xEB818699 (0x0506EB818699) 
Sep 29 02:25:43.207: Se0:17 LCP: O CONFREQ [Listen] id 7 len 15 
Sep 29 02:25:43.211: Se0:17 LCP: AuthProto CHAP (0x0305C22305) 
Sep 29 02:25:43.215: Se0:17 LCP: MagicNumber 0x6BDE50CC (0x05066BDE50CC) 
Sep 29 02:25:43.219: Se0:17 LCP: O CONFACK [Listen] id 125 len 10 
Sep 29 02:25:43.223: Se0:17 LCP: MagicNumber 0xEB818699 (0x0506EB818699) 
Sep 29 02:25:43.247: Se0:17 LCP: I CONFACK [ACKsent] id 7 len 15 
Sep 29 02:25:43.251: Se0:17 LCP: AuthProto CHAP (0x0305C22305) 
Sep 29 02:25:43.255: Se0:17 LCP: MagicNumber 0x6BDE50CC (0x05066BDE50CC) 
Sep 29 02:25:43.259: Se0:17 LCP: State is Open 
Sep 29 02:25:43.259: Se0:17 PPP: Phase is AUTHENTICATING, by this end 

LAC 将 CHAP 质询发送到客户端。

Sep 29 02:25:43.263: Se0:17 CHAP: Using alternate hostname LAC 
Sep 29 02:25:43.267: Se0:17 CHAP: O CHALLENGE id 7 len 24 from "LAC" 

LAC收到CHAP响应，但不对用户进行身份验证。LNS执行身份验证。

Sep 29 02:25:43.295: Se0:17 CHAP: I RESPONSE id 7 len 38 from "remote1@cisco.com"    
Sep 29 02:25:43.303: Se0:17 PPP: Phase is FORWARDING 
Sep 29 02:25:43.303: Se0:17 VPDN: Got DNIS string 211

LAC检查域“cisco.com”是否存在，然后收集与LNS建立隧道所需的信息。

Sep 29 02:25:43.307: Se0:17 VPDN: Looking for tunnel -- cisco.com -- 
Sep 29 02:25:43.347: Se0:17 VPDN/LAC/1: Got tunnel info for cisco.com 
Sep 29 02:25:43.351: Se0:17 VPDN/LAC/1: LAC LAC 
Sep 29 02:25:43.351: Se0:17 VPDN/LAC/1: source-ip 18.18.18.1 
Sep 29 02:25:43.355: Se0:17 VPDN/LAC/1: l2tp-busy-disconnect yes 
Sep 29 02:25:43.359: Se0:17 VPDN/LAC/1: l2tp-tunnel-password xxxxxx 
Sep 29 02:25:43.359: Se0:17 VPDN/LAC/1: IP 18.18.18.2 
Sep 29 02:25:43.371: Se0:17 VPDN/1: curlvl 1 Address 0: 18.18.18.2, priority 1 
Sep 29 02:25:43.375: Se0:17 VPDN/1: Select non-active address 18.18.18.2, priority 1 
Sep 29 02:25:43.379: Tnl 45029 L2TP: SM State idle 

LAC与LNS建立隧道。

Sep 29 02:25:43.383: Tnl 45029 L2TP: O SCCRQ 
Sep 29 02:25:43.391: Tnl 45029 L2TP: Tunnel state change from idle to 
   wait-ctl-reply    
Sep 29 02:25:43.395: Tnl 45029 L2TP: SM State wait-ctl-reply 
Sep 29 02:25:43.399: Se0:17 VPDN: Find LNS process created 
Sep 29 02:25:43.403: Se0:17 VPDN: Forward to address 18.18.18.2 
Sep 29 02:25:43.403: Se0:17 VPDN: Pending 
Sep 29 02:25:43.411: Se0:17 VPDN: Process created 
Sep 29 02:25:43.463: Tnl 45029 L2TP: I SCCRP from LNS 
Sep 29 02:25:43.467: Tnl 45029 L2TP: Got a challenge from remote peer, LNS 
Sep 29 02:25:43.471: Tnl 45029 L2TP: Got a response from remote peer, LNS 
Sep 29 02:25:43.475: Tnl 45029 L2TP: Tunnel Authentication success 
Sep 29 02:25:43.479: Tnl 45029 L2TP: Tunnel state change from wait-ctl-reply 
   to established 
Sep 29 02:25:43.483: Tnl 45029 L2TP: O SCCCN to LNS tnlid 11407 
Sep 29 02:25:43.487: Tnl 45029 L2TP: SM State established 
Sep 29 02:25:43.495: Se0:17 VPDN: Forwarding... 
Sep 29 02:25:43.499: Se0:17 DDR: Authenticated host remote1@cisco.com with no 
   matching dialer map 
Sep 29 02:25:43.503: Se0:17 VPDN: Bind interface direction=1 
Sep 29 02:25:43.507: Tnl/Cl 45029/291 L2TP: Session FS enabled 
Sep 29 02:25:43.511: Tnl/Cl 45029/291 L2TP: Session state change from idle to 
   wait-for-tunnel 
Sep 29 02:25:43.515: Se0:17 Tnl/Cl 45029/291 L2TP: Create session 
Sep 29 02:25:43.519: Tnl 45029 L2TP: SM State established 

LAC启动用户remote1@cisco.com的会话。

Sep 29 02:25:43.523: Se0:17 Tnl/Cl 45029/291 L2TP: O ICRQ to LNS 11407/0 
Sep 29 02:25:43.531: Se0:17 Tnl/Cl 45029/291 L2TP: Session state change from 
   wait-for-tunnel to wait-reply 
Sep 29 02:25:43.535: Se0:17 VPDN: remote1@cisco.com is forwarded 
Sep 29 02:25:43.635: Se0:17 Tnl/Cl 45029/291 L2TP: O ICCN to LNS 11407/303 
Sep 29 02:25:43.639: Se0:17 Tnl/Cl 45029/291 L2TP: Session state change from 
   wait-reply to established 
Sep 29 02:25:44.535: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:17, 
   changed state to up 
Sep 29 02:25:49.055: %ISDN-6-CONNECT: Interface Serial0:17 is now connected to 
6122 remote1@cisco.com 
   
LAC#show vpdn 

L2TP Tunnel and Session Information Total tunnels 1 sessions 1 

LocID RemID Remote Name State Remote Address Port Sessions 
45029 11407 LNS est 18.18.18.2 1701 1 

LocID RemID TunID Intf Username State Last Chg Fastswitch 
291 303 45029 Se0:17 remote1@cisco.com est 00:00:14 enabled 

% No active L2F tunnels

拨出

local1路由器发起对remote2@cisco.com路由器的呼叫。

LAC# 

LAC收到来自LNS的请求，要求启动用于拨出的新会话。

Sep 29 02:26:19.479: Tnl 45029 L2TP: I OCRQ from LNS tnl 11407 
Sep 29 02:26:19.483: Tnl/Cl 45029/292 L2TP: Session FS enabled 
Sep 29 02:26:19.487: Tnl/Cl 45029/292 L2TP: New session created 
Sep 29 02:26:19.491: 1D4C: Same state, 0 
Sep 29 02:26:19.495: DSES 1D4C: Session create 
Sep 29 02:26:19.499: L2TP: Send OCRP 
Sep 29 02:26:19.503: Tnl/Cl 45029/292 L2TP: Session state change from 
idle to wait-cs-answer 

LAC使用ISDN呼叫号码6121。

Sep 29 02:26:19.511: DSES 0x1D4C: Building dialer map 
Sep 29 02:26:19.511: Dialout 0x1D4C: Next hop name is 6121 
Sep 29 02:26:19.515: Se0:15 DDR: rotor dialout [priority] 
Sep 29 02:26:19.519: Se0:15 DDR: Dialing cause dialer session 0x1D4C 
Sep 29 02:26:19.523: Se0:15 DDR: Attempting to dial 6121 
Sep 29 02:26:19.523: ISDN Se0:15: Outgoing call id = 0x8055, dsl 0 
Sep 29 02:26:19.527: ISDN Se0:15: Event: Call to 6121 at 64 Kb/s 
Sep 29 02:26:19.531: ISDN Se0:15: process_pri_call(): call id 0x8055, 
   number 6121, speed 64, call type DATA 
Sep 29 02:26:19.539: building outgoing channel id for call nfas_int is 0 len is 0 
Sep 29 02:26:19.623: ISDN Se0:15: received CALL_ACCEPT call_id 0x8055 
Sep 29 02:26:19.623: ISDN Se0:15: PRI Event: CALL_ACCEPT, bchan = 30, 
   call type = DATA 
Sep 29 02:26:20.043: ISDN Se0:15: received CALL_CONNECT call_id 0x8055 
Sep 29 02:26:20.115: %LINK-3-UPDOWN: Interface Serial0:30, changed state to up 
Sep 29 02:26:20.147: Di1: Session free, 1D4C 
Sep 29 02:26:20.151: : 0 packets unqueued and discarded 
Sep 29 02:26:20.155: Se0:30 VPDN: Bind interface direction=1 
Sep 29 02:26:20.159: Se0:30 Tnl/Cl 45029/292 L2TP: Session state change 
   from wait-cs-answer to established 
Sep 29 02:26:20.163: L2TP: Send OCCN 

LAC将ISDN会话se0:30与VPDN会话绑定。

Sep 29 02:26:20.167: Se0:30 VPDN: bound to vpdn session 
Sep 29 02:26:20.175: ISDN Se0:15: received CALL_PROGRESSing call_id 0x8055 
Sep 29 02:26:26.143: %ISDN-6-CONNECT: Interface Serial0:30 is now connected to 6121
LAC# 
LAC#show vpdn 

L2TP Tunnel and Session Information Total tunnels 1 sessions 2 

LocID RemID Remote Name State Remote Address Port Sessions 
45029 11407 LNS est 18.18.18.2 1701 2 

LocID RemID TunID Intf Username State Last Chg Fastswitch 
291 303 45029 Se0:17 remote1@cisco.com est 00:00:57 enabled 
292 304 45029 Se0:30 est 00:00:20 enabled 

% No active L2F tunnels 
LAC#

故障排除

本部分提供的信息可用于对配置进行故障排除。

故障排除命令

命令输出解释程序工具（仅限注册用户）支持某些 show 命令，使用此工具可以查看对 show 命令输出的分析。

注：在发出debug命令之前，请参阅有关Debug命令的重要信息。

• debug dialer events — 显示有关拨号程序接口上接收的数据包的调试信息。

• debug vpdn l2x-events — 显示有关正常隧道建立或关闭过程中的事件的消息。

• debug vpdn l2x-packets — 显示交换的每个协议数据包。此命令可能会导致大量调试消息。仅在具有单个活动会话的debug机箱上使用此命令。

• debug vpdn l2x-errors — 显示阻止建立隧道的错误或导致已建立的隧道关闭的错误。

• debug ppp negotiation — 使debug ppp命令显示PPP启动期间传输的PPP数据包，在此启动期间会协商PPP选项。

• debug ppp authentication — 使debug ppp命令显示身份验证协议消息。消息包括质询握手身份验证协议(CHAP)数据包交换和密码身份验证协议(PAP)交换。

• debug isdn events — 显示ISDN接口用户端（路由器上）发生的集成多业务数字网络(ISDN)事件。

• debug isdn q931 — 显示本地路由器（用户端）与网络之间的ISDN网络连接（第3层）的呼叫建立与断开的相关信息。

• debug vtemplate - 显示从虚拟模板克隆虚拟访问接口时到虚拟访问接口因呼叫结束而关闭时虚拟访问接口的克隆信息。

在LNS上调试

拨入

remote1@cisco.com路由器发起对local1路由器的呼叫。

LNS收到来自LAC的建立隧道的请求。

Sep 29 02:25:44.531: L2TP: I SCCRQ from LAC tnl 45029 
Sep 29 02:25:44.539: Tnl 11407 L2TP: Got a challenge in SCCRQ, LAC 
Sep 29 02:25:44.543: Tnl 11407 L2TP: New tunnel created for remote LAC, 
   address 18.18.18.1 
Sep 29 02:25:44.547: Tnl 11407 L2TP: O SCCRP to LAC tnlid 45029 
Sep 29 02:25:44.555: Tnl 11407 L2TP: Tunnel state change from idle to 
   wait-ctl-reply    
Sep 29 02:25:44.623: Tnl 11407 L2TP: I SCCCN from LAC tnl 45029 
Sep 29 02:25:44.627: Tnl 11407 L2TP: Got a Challenge Response in SCCCN from LAC 
Sep 29 02:25:44.631: Tnl 11407 L2TP: Tunnel Authentication success 
Sep 29 02:25:44.635: Tnl 11407 L2TP: Tunnel state change from wait-ctl-reply 
   to established 
Sep 29 02:25:44.639: Tnl 11407 L2TP: SM State established

LNS从LAC接收启动会话的请求。

Sep 29 02:25:44.667: Tnl 11407 L2TP: I ICRQ from LAC tnl 45029 
Sep 29 02:25:44.671: Tnl/Cl 11407/303 L2TP: Session FS enabled 
Sep 29 02:25:44.679: Tnl/Cl 11407/303 L2TP: Session state change from idle 
   to wait-connect 
Sep 29 02:25:44.679: Tnl/Cl 11407/303 L2TP: New session created 
Sep 29 02:25:44.683: Tnl/Cl 11407/303 L2TP: O ICRP to LAC 45029/291 
Sep 29 02:25:44.791: Tnl/Cl 11407/303 L2TP: I ICCN from LAC tnl 45029, cl 291    
Sep 29 02:25:44.799: Tnl/Cl 11407/303 L2TP: Session state change from wait-connect 
   to established 

LNS为用户remote1@cisco.com克隆虚拟访问。

Sep 29 02:25:44.803: Vt1 VTEMPLATE: Unable to create and clone vaccess 
Sep 29 02:25:44.803: Vi2 VTEMPLATE: Reuse Vi2, recycle queue size 1 
Sep 29 02:25:44.807: Vi2 VTEMPLATE: Hardware address 0060.4780.ac23 
Sep 29 02:25:44.807: Vi2 VPDN: Virtual interface created for remote1@cisco.com    
Sep 29 02:25:44.811: Vi2 PPP: Phase is DOWN, Setup 
Sep 29 02:25:44.815: Vi2 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking 
Sep 29 02:25:44.819: Vi2 VTEMPLATE: Has a new cloneblk vtemplate, 
   now it has vtemplate 
Sep 29 02:25:44.827: Vi2 VTEMPLATE: ********** CLONE VACCESS2 **************    
Sep 29 02:25:44.827: Vi2 VTEMPLATE: Clone from Virtual-Template1 interface 
Virtual-Access2    
encapsulation ppp 
ip unnumbered loopback 0 
ppp chap hostname LNS 
ppp authentication chap 
end 

Sep 29 02:25:46.975: %LINK-3-UPDOWN: Interface Virtual-Access2, 
   changed state to up
Sep 29 02:25:46.995: Vi2 PPP: Using set call direction 
Sep 29 02:25:46.999: Vi2 PPP: Treating connection as a callin 
Sep 29 02:25:46.999: Vi2 PPP: Phase is ESTABLISHING, Passive Open 
Sep 29 02:25:47.003: Vi2 LCP: State is Listen 
Sep 29 02:25:47.007: Vi2 VPDN: Bind interface direction=2 
Sep 29 02:25:47.007: Vi2 LCP: I FORCED CONFREQ len 11 
Sep 29 02:25:47.011: Vi2 LCP: AuthProto CHAP (0x0305C22305) 
Sep 29 02:25:47.015: Vi2 LCP: MagicNumber 0x6BDE50CC (0x05066BDE50CC)

LNS接收LAC与remote1@cisco.com客户端协商的LCP层。因此，LNS不会与客户端重新协商LCP。

Sep 29 02:25:47.019: Vi2 VPDN: PPP LCP accepted rcv CONFACK 
Sep 29 02:25:47.019: Vi2 VPDN: PPP LCP accepted sent CONFACK 
Sep 29 02:25:47.023: Vi2 PPP: Phase is AUTHENTICATING, by this end 
Sep 29 02:25:47.023: Vi2 CHAP: Using alternate hostname LNS 
Sep 29 02:25:47.027: Vi2 CHAP: O CHALLENGE id 8 len 24 from "LNS"    
Sep 29 02:25:47.039: Vi2 CHAP: I RESPONSE id 7 len 38 from "remote1@cisco.com"    
Sep 29 02:25:47.051: Vi2 CHAP: O SUCCESS id 7 len 4 
Sep 29 02:25:47.055: Vi2 PPP: Phase is UP 
Sep 29 02:25:47.059: Vi2 IPCP: O CONFREQ [Not negotiated] id 1 len 10 
Sep 29 02:25:47.063: Vi2 IPCP: Address 18.18.18.2 (0x030612121202) 
Sep 29 02:25:47.111: Vi2 IPCP: I CONFREQ [REQsent] id 110 len 10 
Sep 29 02:25:47.115: Vi2 IPCP: Address 17.17.17.1 (0x030611111101) 
Sep 29 02:25:47.119: Vi2 IPCP: O CONFACK [REQsent] id 110 len 10 
Sep 29 02:25:47.123: Vi2 IPCP: Address 17.17.17.1 (0x030611111101) 
Sep 29 02:25:47.127: Vi2 IPCP: I CONFACK [ACKsent] id 1 len 10 
Sep 29 02:25:47.131: Vi2 IPCP: Address 18.18.18.2 (0x030612121202) 
Sep 29 02:25:47.135: Vi2 IPCP: State is Open 
Sep 29 02:25:47.143: Vi2 IPCP: Install route to 17.17.17.1 
Sep 29 02:25:48.131: %LINEPROTO-5-UPDOWN: Line protocol on 
Interface Virtual-Access2, changed state to up 

LNS#show vpdn 

L2TP Tunnel and Session Information Total tunnels 1 sessions 1 

LocID RemID Remote Name State Remote Address Port Sessions 
11407 45029 LAC est 18.18.18.1 1701 1 

LocID RemID TunID Intf Username State Last Chg Fastswitch 
303 291 11407 Vi2 remote1@cisco.com est 00:00:22 enabled 

% No active L2F tunnels

拨出

local1路由器发起对remote2@cisco.com路由器的呼叫。

LNS# 
Sep 29 02:26:20.531: Vi1 VTEMPLATE: Reuse Vi1, recycle queue size 0 
Sep 29 02:26:20.531: Vi1 VTEMPLATE: Hardware address 0060.4780.ac23 
Sep 29 02:26:20.535: Vi1 PPP: Phase is DOWN, Setup 
Sep 29 02:26:20.543: Vi1 VTEMPLATE: Has a new cloneblk dialer, now it has dialer    
Sep 29 02:26:20.547: Vi1 DDR: Dialing cause ip (s=10.200.20.32, d=17.17.17.2)    
Sep 29 02:26:20.551: Vi1 DDR: Attempting to dial 6121 
Sep 29 02:26:20.555: Tnl/Cl 11407/304 L2TP: Session FS enabled 
Sep 29 02:26:20.559: Tnl/Cl 11407/304 L2TP: Session state change from idle 
   to wait-for-tunnel 
Sep 29 02:26:20.563: Tnl/Cl 11407/304 L2TP: Create dialout session 
Sep 29 02:26:20.567: Tnl 11407 L2TP: SM State established 

LNS向LAC发送拨出请求。

Sep 29 02:26:20.571: L2TP: O OCRQ 
Sep 29 02:26:20.575: Vi1 Tnl/Cl 11407/304 L2TP: Session state change from 
   wait-for-tunnel to wait-reply 
Sep 29 02:26:20.579: Vi1 VPDN: Bind interface direction=2 
Sep 29 02:26:20.635: Vi1 Tnl/Cl 11407/304 L2TP: I OCRP from LAC tnl 45029, cl 0 
Sep 29 02:26:20.639: Vi1 Tnl/Cl 11407/304 L2TP: Session state change from 
   wait-reply to wait-connect 
Sep 29 02:26:21.299: Vi1 Tnl/Cl 11407/304 L2TP: I OCCN from LAC tnl 45029, cl 292 
Sep 29 02:26:21.303: Vi1 Tnl/Cl 11407/304 L2TP: Session state change from 
   wait-connect to established 
Sep 29 02:26:21.307: Vi1 VPDN: Connection is up, start LCP negotiation now 
Sep 29 02:26:21.315: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
Sep 29 02:26:21.335: Vi1 DDR: Dialer statechange to up 

虚拟访问1绑定到remote2@cisco.com的配置所在的配置文件拨号程序2。

Sep 29 02:26:21.335: %DIALER-6-BIND: Interface Vi1 bound to profile Di2 
Sep 29 02:26:21.339: Vi1 DDR: Dialer call has been placed 

PPP阶段开始于LNS和remote2@cisco.com客户端之间。

Sep 29 02:26:21.343: Vi1 PPP: Treating connection as a callout 
Sep 29 02:26:21.343: Vi1 PPP: Phase is ESTABLISHING, Active Open 
Sep 29 02:26:21.347: Vi1 PPP: No remote authentication for call-out 
Sep 29 02:26:21.351: Vi1 LCP: O CONFREQ [Closed] id 1 len 10 
Sep 29 02:26:21.355: Vi1 LCP: MagicNumber 0x6F87121F (0x05066F87121F) 
Sep 29 02:26:21.427: Vi1 LCP: I CONFREQ [REQsent] id 79 len 39 
Sep 29 02:26:21.431: Vi1 LCP: AuthProto CHAP (0x0305C22305) 
Sep 29 02:26:21.435: Vi1 LCP: MagicNumber 0x059935DB (0x0506059935DB) 
Sep 29 02:26:21.435: Vi1 LCP: MRRU 1524 (0x110405F4) 
Sep 29 02:26:21.439: Vi1 LCP: EndpointDisc 1 Local 
Sep 29 02:26:21.443: Vi1 LCP: (0x13140172656D6F74653240636973636F) 
Sep 29 02:26:21.447: Vi1 LCP: (0x2E636F6D) 
Sep 29 02:26:21.451: Vi1 LCP: O CONFREJ [REQsent] id 79 len 28 
Sep 29 02:26:21.455: Vi1 LCP: MRRU 1524 (0x110405F4) 
Sep 29 02:26:21.455: Vi1 LCP: EndpointDisc 1 Local 
Sep 29 02:26:21.459: Vi1 LCP: (0x13140172656D6F74653240636973636F) 
Sep 29 02:26:21.463: Vi1 LCP: (0x2E636F6D) 
Sep 29 02:26:21.467: Vi1 LCP: I CONFACK [REQsent] id 1 len 10 
Sep 29 02:26:21.471: Vi1 LCP: MagicNumber 0x6F87121F (0x05066F87121F) 
Sep 29 02:26:21.559: Vi1 LCP: I CONFREQ [ACKrcvd] id 80 len 15 
Sep 29 02:26:21.563: Vi1 LCP: AuthProto CHAP (0x0305C22305) 
Sep 29 02:26:21.567: Vi1 LCP: MagicNumber 0x059935DB (0x0506059935DB) 
Sep 29 02:26:21.571: Vi1 LCP: O CONFACK [ACKrcvd] id 80 len 15 
Sep 29 02:26:21.575: Vi1 LCP: AuthProto CHAP (0x0305C22305) 
Sep 29 02:26:21.579: Vi1 LCP: MagicNumber 0x059935DB (0x0506059935DB) 
Sep 29 02:26:21.583: Vi1 LCP: State is Open 
Sep 29 02:26:21.583: Vi1 PPP: Phase is AUTHENTICATING, by the peer 
Sep 29 02:26:21.647: Vi1 CHAP: I CHALLENGE id 8 len 38 from "remote2@cisco.com"    
Sep 29 02:26:21.651: Vi1 CHAP: Using alternate hostname LNS 
Sep 29 02:26:21.655: Vi1 CHAP: O RESPONSE id 8 len 24 from "LNS" 
Sep 29 02:26:21.699: Vi1 CHAP: I SUCCESS id 8 len 4 
Sep 29 02:26:21.703: Vi1 PPP: Phase is UP 
Sep 29 02:26:21.707: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10 
Sep 29 02:26:21.711: Vi1 IPCP: Address 18.18.18.2 (0x030612121202) 
Sep 29 02:26:21.715: Vi1 IPCP: I CONFREQ [REQsent] id 40 len 10 
Sep 29 02:26:21.719: Vi1 IPCP: Address 17.17.17.2 (0x030611111102) 
Sep 29 02:26:21.723: Vi1 IPCP: O CONFACK [REQsent] id 40 len 10 
Sep 29 02:26:21.727: Vi1 IPCP: Address 17.17.17.2 (0x030611111102) 
Sep 29 02:26:21.775: Vi1 IPCP: I CONFACK [ACKsent] id 1 len 10 
Sep 29 02:26:21.779: Vi1 IPCP: Address 18.18.18.2 (0x030612121202) 
Sep 29 02:26:21.783: Vi1 IPCP: State is Open 

Sep 29 02:26:21.791: Vi1 DDR: dialer protocol up 
Sep 29 02:26:21.795: Di2 IPCP: Install route to 17.17.17.2 
Sep 29 02:26:22.703: %LINEPROTO-5-UPDOWN: Line protocol on 
Interface Virtual-Access1, changed state to up 

LNS#show vpdn 

L2TP Tunnel and Session Information Total tunnels 1 sessions 2 

LocID RemID Remote Name State Remote Address Port Sessions 
11407 45029 LAC est 18.18.18.1 1701 2 

LocID RemID TunID Intf Username State Last Chg Fastswitch 
304 292 11407 Vi1 est 00:00:16 enabled 
303 291 11407 Vi2 remote1@cisco.com est 00:00:52 enabled 

% No active L2F tunnels

相关信息

• 拨号技术支持页
• 技术支持和文档 - Cisco Systems