多跳虛擬專用撥接網路(VPDN)允許您在從L2TP存取集中器(LAC)到L2TP網路伺服器(LNS)的路上設定多個躍點。最多支援四跳。通道會在每個躍點(LNS)中終止,並重新發起到下一躍點目的地。此程式允許通道交換。可以在ISP之間使用多跳來提供批次訪問虛擬專用網路(VPN)服務。
此案例同時支援第2層轉送(L2F)和第2層通道通訊協定(L2TP)。然而,由於L2TP正在成為行業標準,因此本文重點討論L2TP。
如需文件慣例的詳細資訊,請參閱思科技術提示慣例。
本文件沒有特定先決條件。
有關VPDN進程的說明,請參閱瞭解VPDN。
本檔案中的資訊是根據以下軟體和硬體版本。
Cisco IOS®軟體版本12.3(6)
L2TP訪問集中器(LAC):思科AS5400接入伺服器
L2TP網路伺服器(LNS):思科7200路由器
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您在即時網路中工作,請確保在使用任何命令之前瞭解其潛在影響。
本節提供用於設定本文件中所述功能的資訊。
注意:要查詢有關本文檔中使用的命令的其他資訊,請使用命令查詢工具(僅限註冊客戶)。
本文檔使用下圖所示的網路設定。
在此設定中:
使用者端使用ISDN撥入LAC(例如,可以使用DSL代替)。
LAC使用E1主速率介面(PRI)來接受呼叫。
L2TP裝置之間沒有隧道已開啟。
隧道和會話設定基於域名。沒有用於身份驗證或授權的AAA伺服器。
它使用兩個LNS。
具體過程如下:
客戶端撥入LAC。客戶端和LAC協商LCP選項。執行身份驗證階段,LAC獲取使用者名稱(user@cisco.com)和密碼。根據域名(在我們的示例中為cisco.com),它會開啟一個隧道,然後是到LNS1的會話。
在LAC和LNS1之間開啟L2TP會話後,LNS1將獲得LAC和客戶端之間協商的LCP選項以及使用者名稱和密碼(user@cisco.com,密碼)。
LNS1的VPDN組在其配置中具有相同的域(cisco.com)。它會開啟到LNS2的隧道和會話。如果它沒有此類配置,則會通過驗證客戶端、協商IP地址並安裝路由來終止PPP會話。
在LNS1和LNS2之間開啟L2TP會話後,LNS2將獲得LAC和客戶端之間協商的LCP選項以及使用者和密碼(user@cisco.com,密碼)。 它驗證使用者、協商IPCP並安裝路由。
本文檔使用如下所示的配置。此處使用的命令最小數。例如,LAC不會終止任何會話,因此無需在Dialer1或Group-async1介面中配置IP地址。LNS1不會終止任何PPP會話,因此virtual-template1下沒有IP地址。
LAC |
---|
version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname LAC ! boot-start-marker no boot startup-test boot-end-marker ! enable password 7 02050D480809 ! ! ! resource-pool disable spe default-firmware spe-firmware-2 no aaa new-model ip subnet-zero no ip domain lookup ! ip cef ! -- Enables VPDN. vpdn enable ! -- VPDN tunnel authorization is based first on the domain name ! -- (the default is DNIS). ! vpdn search-order domain ! ! -- The LAC opens an L2TP tunnel and session to 10.48.74.113 (LNS1) ! -- using the password LACLNS1 for users whose domain-name is cisco.com. vpdn-group 1 request-dialin protocol l2tp domain cisco.com initiate-to ip 10.48.74.113 l2tp tunnel password LACLNS1 ! isdn switch-type primary-net5 ! ! no voice hpi capture buffer no voice hpi capture destination ! ! controller E1 7/0 pri-group timeslots 1-31 ! interface FastEthernet0/0 ip address 10.48.74.128 255.255.255.0 duplex auto speed auto ! interface Serial7/0:15 no ip address encapsulation ppp dialer rotary-group 1 isdn switch-type primary-net5 ! interface Group-Async1 no ip address encapsulation ppp async mode interactive ppp authentication chap callin group-range 1/00 3/107 ! interface Dialer1 no ip address encapsulation ppp ppp authentication chap callin ! ip classless no ip http server ! ! voice-port 7/0:D ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 line 1/00 1/107 modem InOut transport input all line 3/00 3/107 modem InOut transport input all ! scheduler allocate 10000 400 ! end |
LNS1 |
---|
version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LNS1 ! boot-start-marker boot-end-marker ! enable password cisco ! clock timezone CET 1 no aaa new-model ip subnet-zero ip cef ! ! no ip domain lookup ! ! -- Enables VPDN. vpdn enable ! -- Enables VPDN multihop. vpdn multihop ! !-- LNS1 accepts L2TP tunnel/session from the router named LAC. !-- The password LACLNS1 is used between LAC and LNS1 for authentication. !-- The virtual-template 1 is used for the PPP phase. vpdn-group FromLAC accept-dialin protocol l2tp virtual-template 1 terminate-from hostname LAC l2tp tunnel password 0 LACLNS1 ! ! -- The LNS1 opens a L2TP tunnel and session to 10.11.0.2 (LNS2) ! -- using the password LNS1LNS2 for users whose domain-name is cisco.com. vpdn-group TowardsLNS2 request-dialin protocol l2tp domain cisco.com initiate-to ip 10.11.0.2 l2tp tunnel password 0 LNS1LNS2 ! ! interface Ethernet0/0 ip address 10.48.74.113 255.255.255.0 no ip proxy-arp half-duplex ! interface Ethernet0/1 ip address 10.11.0.1 255.255.255.0 half-duplex ! interface Virtual-Template1 no ip address ppp authentication chap callin ! no ip http server ip classless ! ! dial-peer cor custom ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 exec-timeout 0 0 password ww login ! ntp clock-period 17208915 ntp server 10.48.75.134 ! ! end |
LNS2 |
---|
version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname LNS2 ! boot-start-marker boot-end-marker ! enable password cisco ! username user@cisco.com password 0 cisco no aaa new-model ip subnet-zero ! ! ip cef ! !-- Enables VPDN. vpdn enable ! !-- LNS2 accepts L2TP tunnel/session from the router named LNS1. !-- The password LNS1LNS2 is used between LNS1 and LNS2 for authentication. !-- The virtual-template 1 is used for the PPP phase. vpdn-group FromLNS1 ! Default L2TP VPDN group accept-dialin protocol l2tp virtual-template 1 l2tp tunnel password 0 LNS1LNS2 ! ! interface Loopback0 ip address 192.168.1.1 255.255.255.0 ! interface Ethernet3/0 ip address 10.11.0.2 255.255.255.0 duplex half ! interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool VpdnUsers ppp authentication chap callin ! ip local pool VpdnUsers 192.168.1.2 192.168.1.254 ip classless no ip http server ! ! line con 0 exec-timeout 0 0 transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all stopbits 1 line vty 0 4 login transport preferred all transport input all transport output all ! ! ! end |
本節提供的資訊可用於確認您的組態是否正常運作。
輸出直譯器工具(僅供註冊客戶使用)支援某些show命令,此工具可讓您檢視show命令輸出的分析。
show vpdn — 顯示有關活動L2TP或L2F協定隧道和VPDN中消息識別符號的資訊。
show caller user user detail — 顯示來電者資訊。
在LAC、LNS1和LNS2上使用這些命令的輸出如下所示:
LAC#show vpdn L2TP Tunnel and Session Information Total tunnels 1 sessions 1 LocID RemID Remote Name State Remote Address Port Sessions VPDN Group 18693 28416 LNS1 est 10.48.74.113 1701 1 1 LocID RemID TunID Intf Username State Last Chg Uniq ID 19 21 18693 Se7/0:3 user@cisco.com est 00:02:04 28 %No active L2F tunnels %No active PPTP tunnels LAC#
我們發現LNS1有兩個隧道,每個隧道中有一個會話。
LNS1#show vpdn L2TP Tunnel and Session Information Total tunnels 2 sessions 2 LocID RemID Remote Name State Remote Address Port Sessions VPDN Group 28416 18693 LAC est 10.48.74.128 1701 1 FromLAC LocID RemID TunID Intf Username State Last Chg Uniq ID 21 19 28416 SSS Circuit user@cisco.com est 00:02:25 13 LocID RemID Remote Name State Remote Address Port Sessions VPDN Group 30255 35837 LNS2 est 10.11.0.2 1701 1 TowardsLNS2 LocID RemID TunID Intf Username State Last Chg Uniq ID 22 9 30255 SSS Circuit user@cisco.com est 00:02:25 13 %No active L2F tunnels %No active PPTP tunnels LNS1#
LNS2#show vpdn L2TP Tunnel and Session Information Total tunnels 1 sessions 1 LocID RemID Remote Name State Remote Address Port Sessions VPDN Group 35837 30255 LNS1 est 10.11.0.1 1701 1 FromLNS1 LocID RemID TunID Intf Username State Last Chg Uniq ID 9 22 35837 Vi2.1 user@cisco.com est 00:03:22 8 %No active L2F tunnels %No active PPTP tunnels LNS2# LNS2#show caller user user@cisco.com detail User: user@cisco.com, line Vi2.1, service PPPoVPDN Connected for 00:03:33, Idle for 00:00:58 Timeouts: Limit Remaining Timer Type - - - PPP: LCP Open, CHAP (<-), IPCP LCP: -> peer, AuthProto, MagicNumber <- peer, MagicNumber, EndpointDisc NCP: Open IPCP IPCP: <- peer, Address -> peer, Address IP: Local 192.168.1.1, remote 192.168.1.2 Counts: 56 packets input, 2562 bytes 57 packets output, 2570 bytes LNS2#
本節提供的資訊可用於對組態進行疑難排解。
輸出直譯器工具(僅供註冊客戶使用)支援某些show命令,此工具可讓您檢視show命令輸出的分析。
注意:發出debug指令之前,請先參閱有關Debug指令的重要資訊。
debug isdn q931 — 顯示有關本地路由器(使用者端)與網路之間的ISDN網路連線(第3層)的呼叫建立和拆除的資訊。
debug vpdn event — 顯示L2TP錯誤和作為VPDN正常隧道建立或關閉的一部分的事件。
debug vpdn error — 對第2層通道通訊協定第3版(L2TPv3)和周圍的第2層通道基礎架構進行疑難排解。
debug vpdn l2x-events — 顯示協定特定條件導致的事件。
vpdn l2x-errors — 顯示在協定特定條件下發生的錯誤。
debug ppp negotiation — 顯示客戶端是否正在傳遞PPP協商。您可以看到正在協商哪些選項(例如,回叫或MLP)和哪些協定(例如IP和IPX)。
debug vpdn event
debug vpdn error
debug vpdn l2x event
vpdn l2x-erro
debug ppp negotiation
debug vtemplate error — 顯示從虛擬模板克隆虛擬訪問介面到呼叫結束時虛擬訪問介面關閉時的克隆資訊。
debug vtemplate event — 顯示從虛擬模板克隆虛擬訪問介面到呼叫結束時虛擬訪問介面關閉時的克隆資訊。
與LNS1相同,但使用另外一條命令:
debug ip peer — 定義池組時,顯示地址活動並包含其他輸出。
LAC上的調試輸出如下:
LAC# *Apr 23 08:55:23.579: ISDN Se7/0:15 Q931: RX <- SETUP pd = 8 callref = 0x256F Sending Complete Bearer Capability i = 0x8890 Standard = CCITT Transer Capability = Unrestricted Digital Transfer Mode = Circuit Transfer Rate = 64 kbit/s Channel ID i = 0xA18384 Preferred, Channel 4 Calling Party Number i = 0xA1, '8101' Plan:ISDN, Type:National Called Party Number i = 0x81, '7070' Plan:ISDN, Type:Unknown Locking Shift to Codeset 6 Codeset 6 IE 0x28 i = 'TAC BRI 8101' *Apr 23 08:55:23.583: ISDN Se7/0:15 Q931: TX -> CALL_PROC pd = 8 callref = 0xA56F Channel ID i = 0xA98384 Exclusive, Channel 4 *Apr 23 08:55:23.583: ISDN Se7/0:15 Q931: TX -> CONNECT pd = 8 callref = 0xA56F Channel ID i = 0xA98384 Exclusive, Channel 4 *Apr 23 08:55:23.583: Se7/0:3 PPP: Using dialer call direction *Apr 23 08:55:23.583: Se7/0:3 PPP: Treating connection as a callin *Apr 23 08:55:23.583: Se7/0:3 PPP: Phase is ESTABLISHING, Passive Open *Apr 23 08:55:23.583: Se7/0:3 LCP: State is Listen *Apr 23 08:55:23.607: ISDN Se7/0:15 Q931: RX <- CONNECT_ACK pd = 8 callref = 0x256F *Apr 23 08:55:23.695: Se7/0:3 LCP: I CONFREQ [Listen] id 180 len 31 *Apr 23 08:55:23.695: Se7/0:3 LCP: MagicNumber 0x9028FFED (0x05069028FFED) *Apr 23 08:55:23.695: Se7/0:3 LCP: MRRU 1524 (0x110405F4) *Apr 23 08:55:23.695: Se7/0:3 LCP: EndpointDisc 1 user@cisco.com *Apr 23 08:55:23.695: Se7/0:3 LCP: (0x1311017573657240636973636F2E636F) *Apr 23 08:55:23.695: Se7/0:3 LCP: (0x6D) *Apr 23 08:55:23.695: Se7/0:3 LCP: O CONFREQ [Listen] id 1 len 15 *Apr 23 08:55:23.695: Se7/0:3 LCP: AuthProto CHAP (0x0305C22305) *Apr 23 08:55:23.695: Se7/0:3 LCP: MagicNumber 0x050E44FB (0x0506050E44FB) *Apr 23 08:55:23.695: Se7/0:3 LCP: O CONFREJ [Listen] id 180 len 8 *Apr 23 08:55:23.695: Se7/0:3 LCP: MRRU 1524 (0x110405F4) *Apr 23 08:55:23.727: Se7/0:3 LCP: I CONFACK [REQsent] id 1 len 15 *Apr 23 08:55:23.727: Se7/0:3 LCP: AuthProto CHAP (0x0305C22305) *Apr 23 08:55:23.727: Se7/0:3 LCP: MagicNumber 0x050E44FB (0x0506050E44FB) *Apr 23 08:55:23.751: Se7/0:3 LCP: I CONFREQ [ACKrcvd] id 181 len 27 *Apr 23 08:55:23.751: Se7/0:3 LCP: MagicNumber 0x9028FFED (0x05069028FFED) *Apr 23 08:55:23.751: Se7/0:3 LCP: EndpointDisc 1 user@cisco.com *Apr 23 08:55:23.751: Se7/0:3 LCP: (0x1311017573657240636973636F2E636F) *Apr 23 08:55:23.751: Se7/0:3 LCP: (0x6D) *Apr 23 08:55:23.751: Se7/0:3 LCP: O CONFACK [ACKrcvd] id 181 len 27 *Apr 23 08:55:23.751: Se7/0:3 LCP: MagicNumber 0x9028FFED (0x05069028FFED) *Apr 23 08:55:23.751: Se7/0:3 LCP: EndpointDisc 1 user@cisco.com *Apr 23 08:55:23.751: Se7/0:3 LCP: (0x1311017573657240636973636F2E636F) *Apr 23 08:55:23.751: Se7/0:3 LCP: (0x6D) *Apr 23 08:55:23.751: Se7/0:3 LCP: State is Open *Apr 23 08:55:23.751: Se7/0:3 PPP: Phase is AUTHENTICATING, by this end *Apr 23 08:55:23.751: Se7/0:3 CHAP: O CHALLENGE id 1 len 24 from "LAC" *Apr 23 08:55:23.803: Se7/0:3 CHAP: I RESPONSE id 1 len 35 from "user@cisco.com" *Apr 23 08:55:23.803: Se7/0:3 PPP: Phase is FORWARDING, Attempting Forward *Apr 23 08:55:23.807: Tnl/Sn 18693/19 L2TP: Session FS enabled *Apr 23 08:55:23.807: Tnl/Sn 18693/19 L2TP: Session state change from idle to wait-for-tunnel *Apr 23 08:55:23.807: Se7/0:3 Tnl/Sn 18693/19 L2TP: Create session *Apr 23 08:55:23.807: Tnl 18693 L2TP: SM State idle *Apr 23 08:55:23.807: Tnl 18693 L2TP: O SCCRQ *Apr 23 08:55:23.807: Tnl 18693 L2TP: Control channel retransmit delay set to 1 seconds *Apr 23 08:55:23.807: Tnl 18693 L2TP: Tunnel state change from idle to wait-ctl-reply *Apr 23 08:55:23.807: Tnl 18693 L2TP: SM State wait-ctl-reply *Apr 23 08:55:23.815: Tnl 18693 L2TP: I SCCRP from LNS1 *Apr 23 08:55:23.815: Tnl 18693 L2TP: Got a challenge from remote peer, LNS1 *Apr 23 08:55:23.815: Tnl 18693 L2TP: Got a response from remote peer, LNS1 *Apr 23 08:55:23.815: Tnl 18693 L2TP: Tunnel Authentication success *Apr 23 08:55:23.815: Tnl 18693 L2TP: Tunnel state change from wait-ctl-reply to established *Apr 23 08:55:23.815: Tnl 18693 L2TP: O SCCCN to LNS1 tnlid 28416 *Apr 23 08:55:23.815: Tnl 18693 L2TP: Control channel retransmit delay set to 1 seconds *Apr 23 08:55:23.815: Tnl 18693 L2TP: SM State established *Apr 23 08:55:23.815: Se7/0:3 Tnl/Sn 18693/19 L2TP: O ICRQ to LNS1 28416/0 *Apr 23 08:55:23.815: Se7/0:3 Tnl/Sn 18693/19 L2TP: Session state change from wait-for-tunnel to wai t-reply *Apr 23 08:55:23.831: Se7/0:3 Tnl/Sn 18693/19 L2TP: O ICCN to LNS1 28416/21 *Apr 23 08:55:23.831: Tnl 18693 L2TP: Control channel retransmit delay set to 1 seconds *Apr 23 08:55:23.831: Se7/0:3 Tnl/Sn 18693/19 L2TP: Session state change from wait-reply to establis hed *Apr 23 08:55:23.831: Se7/0:3 Tnl/Sn 18693/19 L2TP: VPDN session up *Apr 23 08:55:23.831: Se7/0:3 PPP: Phase is FORWARDED, Session Forwarded *Apr 23 08:55:23.831: Se7/0:3 PPP: Process pending packets LAC#
LNS1上的調試輸出如下:
LNS1# .Apr 23 08:57:08.900: L2TP: I SCCRQ from LAC tnl 18693 .Apr 23 08:57:08.900: Tnl 28416 L2TP: Got a challenge in SCCRQ, LAC .Apr 23 08:57:08.900: Tnl 28416 L2TP: New tunnel created for remote LAC, address 10.48.74.128 .Apr 23 08:57:08.904: Tnl 28416 L2TP: O SCCRP to LAC tnlid 18693 .Apr 23 08:57:08.904: Tnl 28416 L2TP: Control channel retransmit delay set to 1 seconds .Apr 23 08:57:08.904: Tnl 28416 L2TP: Tunnel state change from idle to wait-ctl-reply .Apr 23 08:57:08.908: Tnl 28416 L2TP: I SCCCN from LAC tnl 18693 .Apr 23 08:57:08.908: Tnl 28416 L2TP: Got a Challenge Response in SCCCN from LAC .Apr 23 08:57:08.912: Tnl 28416 L2TP: Tunnel Authentication success .Apr 23 08:57:08.912: Tnl 28416 L2TP: Tunnel state change from wait-ctl-reply to established .Apr 23 08:57:08.912: Tnl 28416 L2TP: SM State established .Apr 23 08:57:08.912: Tnl 28416 L2TP: I ICRQ from LAC tnl 18693 .Apr 23 08:57:08.916: Tnl/Sn 28416/21 L2TP: Session FS enabled .Apr 23 08:57:08.916: Tnl/Sn 28416/21 L2TP: Session state change from idle to wait-connect .Apr 23 08:57:08.916: Tnl/Sn 28416/21 L2TP: New session created .Apr 23 08:57:08.916: Tnl/Sn 28416/21 L2TP: O ICRP to LAC 18693/19 .Apr 23 08:57:08.920: Tnl 28416 L2TP: Control channel retransmit delay set to 1 seconds .Apr 23 08:57:08.924: Tnl/Sn 28416/21 L2TP: I ICCN from LAC tnl 18693, cl 19 .Apr 23 08:57:08.924: user@cisco.com Tnl/Sn 28416/21 L2TP: Session state change from wait-connect to wait-for-service-selection .Apr 23 08:57:08.932: ppp13 PPP: Phase is ESTABLISHING .Apr 23 08:57:08.932: ppp13 LCP: I FORCED rcvd CONFACK len 11 .Apr 23 08:57:08.932: ppp13 LCP: AuthProto CHAP (0x0305C22305) .Apr 23 08:57:08.936: ppp13 LCP: MagicNumber 0x050E44FB (0x0506050E44FB) .Apr 23 08:57:08.936: ppp13 LCP: I FORCED sent CONFACK len 23 .Apr 23 08:57:08.936: ppp13 LCP: MagicNumber 0x9028FFED (0x05069028FFED) .Apr 23 08:57:08.936: ppp13 LCP: EndpointDisc 1 user@cisco.com .Apr 23 08:57:08.936: ppp13 LCP: (0x1311017573657240636973636F2E636F) .Apr 23 08:57:08.936: ppp13 LCP: (0x6D) .Apr 23 08:57:08.940: ppp13 PPP: Phase is FORWARDING, Attempting Forward .Apr 23 08:57:08.948: Tnl/Sn 30255/22 L2TP: Session FS enabled .Apr 23 08:57:08.952: Tnl/Sn 30255/22 L2TP: Session state change from idle to wait-for-tunnel .Apr 23 08:57:08.952: uid:13 Tnl/Sn 30255/22 L2TP: Create session .Apr 23 08:57:08.952: Tnl 30255 L2TP: SM State idle .Apr 23 08:57:08.952: Tnl 30255 L2TP: O SCCRQ .Apr 23 08:57:08.956: Tnl 30255 L2TP: Control channel retransmit delay set to 1 seconds .Apr 23 08:57:08.956: Tnl 30255 L2TP: Tunnel state change from idle to wait-ctl-reply .Apr 23 08:57:08.956: Tnl 30255 L2TP: SM State wait-ctl-reply .Apr 23 08:57:08.960: Tnl 30255 L2TP: I SCCRP from LNS2 .Apr 23 08:57:08.960: Tnl 30255 L2TP: Got a challenge from remote peer, LNS2 .Apr 23 08:57:08.964: Tnl 30255 L2TP: Got a response from remote peer, LNS2 .Apr 23 08:57:08.964: Tnl 30255 L2TP: Tunnel Authentication success .Apr 23 08:57:08.964: Tnl 30255 L2TP: Tunnel state change from wait-ctl-reply to established .Apr 23 08:57:08.964: Tnl 30255 L2TP: O SCCCN to LNS2 tnlid 35837 .Apr 23 08:57:08.968: Tnl 30255 L2TP: Control channel retransmit delay set to 1 seconds .Apr 23 08:57:08.968: Tnl 30255 L2TP: SM State established .Apr 23 08:57:08.968: uid:13 Tnl/Sn 30255/22 L2TP: O ICRQ to LNS2 35837/0 .Apr 23 08:57:08.968: uid:13 Tnl/Sn 30255/22 L2TP: Session state change from wait-for-tunnel to wait-reply .Apr 23 08:57:08.972: uid:13 Tnl/Sn 30255/22 L2TP: O ICCN to LNS2 35837/9 .Apr 23 08:57:08.976: Tnl 30255 L2TP: Control channel retransmit delay set to 1 seconds .Apr 23 08:57:08.976: uid:13 Tnl/Sn 30255/22 L2TP: Session state change from wait-reply to established .Apr 23 08:57:08.976: uid:13 Tnl/Sn 30255/22 L2TP: VPDN session up .Apr 23 08:57:08.980: ppp13 PPP: Phase is FORWARDED, Session Forwarded .Apr 23 08:57:08.984: user@cisco.com Tnl/Sn 28416/21 L2TP: Session state change from wait-for-service-selection to established .Apr 23 08:57:08.984: user@cisco.com Tnl/Sn 28416/21 L2TP: VPDN session up .Apr 23 08:57:08.984: ppp13 PPP: Process pending ncp packets LNS1#
LNS2上的調試輸出如下:
LNS2# *Apr 23 08:57:59.615: L2TP: I SCCRQ from LNS1 tnl 30255 *Apr 23 08:57:59.615: Tnl 35837 L2TP: Got a challenge in SCCRQ, LNS1 *Apr 23 08:57:59.615: Tnl 35837 L2TP: New tunnel created for remote LNS1, address 10.11 .0.1 *Apr 23 08:57:59.615: Tnl 35837 L2TP: O SCCRP to LNS1 tnlid 30255 *Apr 23 08:57:59.615: Tnl 35837 L2TP: Control channel retransmit delay set to 1 seconds *Apr 23 08:57:59.615: Tnl 35837 L2TP: Tunnel state change from idle to wait-ctl-reply *Apr 23 08:57:59.623: Tnl 35837 L2TP: I SCCCN from LNS1 tnl 30255 *Apr 23 08:57:59.623: Tnl 35837 L2TP: Got a Challenge Response in SCCCN from LNS1 *Apr 23 08:57:59.623: Tnl 35837 L2TP: Tunnel Authentication success *Apr 23 08:57:59.623: Tnl 35837 L2TP: Tunnel state change from wait-ctl-reply to establ ished *Apr 23 08:57:59.623: Tnl 35837 L2TP: SM State established *Apr 23 08:57:59.627: Tnl 35837 L2TP: I ICRQ from LNS1 tnl 30255 *Apr 23 08:57:59.627: Tnl/Sn 35837/9 L2TP: Session FS enabled *Apr 23 08:57:59.627: Tnl/Sn 35837/9 L2TP: Session state change from idle to wait-conne ct *Apr 23 08:57:59.627: Tnl/Sn 35837/9 L2TP: New session created *Apr 23 08:57:59.627: Tnl/Sn 35837/9 L2TP: O ICRP to LNS1 30255/22 *Apr 23 08:57:59.627: Tnl 35837 L2TP: Control channel retransmit delay set to 1 seconds *Apr 23 08:57:59.635: Tnl/Sn 35837/9 L2TP: I ICCN from LNS1 tnl 30255, cl 22 *Apr 23 08:57:59.635: user@cisco.com Tnl/Sn 35837/9 L2TP: Session state change from wait - connect to wait-for-service-selection *Apr 23 08:57:59.635: ppp8 PPP: Phase is ESTABLISHING *Apr 23 08:57:59.635: ppp8 LCP: I FORCED rcvd CONFACK len 11 *Apr 23 08:57:59.635: ppp8 LCP: AuthProto CHAP (0x0305C22305) *Apr 23 08:57:59.635: ppp8 LCP: MagicNumber 0x050E44FB (0x0506050E44FB) *Apr 23 08:57:59.635: ppp8 LCP: I FORCED sent CONFACK len 23 *Apr 23 08:57:59.635: ppp8 LCP: MagicNumber 0x9028FFED (0x05069028FFED) *Apr 23 08:57:59.635: ppp8 LCP: EndpointDisc 1 user@cisco.com *Apr 23 08:57:59.635: ppp8 LCP: (0x1311017573657240636973636F2E636F) *Apr 23 08:57:59.635: ppp8 LCP: (0x6D) *Apr 23 08:57:59.635: ppp8 PPP: Phase is FORWARDING, Attempting Forward *Apr 23 08:57:59.639: ppp8 PPP: Phase is AUTHENTICATING, Unauthenticated User *Apr 23 08:57:59.639: ppp8 PPP: Phase is FORWARDING, Attempting Forward *Apr 23 08:57:59.639: VT[Vi2]:Sending vaccess request, id 0x73000015 *Apr 23 08:57:59.639: VT:Processing vaccess requests, 1 outstanding *Apr 23 08:57:59.639: VT:Create and clone subif, base Vi2 Vt1 *Apr 23 08:57:59.639: VT[Vi2.1]:Reuse subinterface, recycle queue size 1 *Apr 23 08:57:59.639: VT[Vi2.1]:Recycled subinterface becomes Vi2.1 *Apr 23 08:57:59.639: VT[Vi2.1]:Cloning a recycled vaccess *Apr 23 08:57:59.639: VT[Vi2.1]:Processing vaccess response, id 0x73000015, result success (1) *Apr 23 08:57:59.643: Vi2.1 Tnl/Sn 35837/9 L2TP: Virtual interface created for user@cisco.com, bandwidth 64 Kbps *Apr 23 08:57:59.643: Vi2.1 Tnl/Sn 35837/9 L2TP: VPDN session up *Apr 23 08:57:59.643: Vi2.1 Tnl/Sn 35837/9 L2TP: Session state change from wait-for-service-selection to established *Apr 23 08:57:59.643: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User *Apr 23 08:57:59.643: Vi2.1 CHAP: O SUCCESS id 1 len 4 *Apr 23 08:57:59.643: Vi2.1 PPP: Phase is UP *Apr 23 08:57:59.643: Vi2.1 PPP: Process pending ncp packets *Apr 23 08:57:59.643: Vi2.1 IPCP: O CONFREQ [Closed] id 1 len 10 *Apr 23 08:57:59.643: Vi2.1 IPCP: Address 192.168.1.1 (0x0306C0A80101) *Apr 23 08:57:59.667: Vi2.1 IPCP: I CONFREQ [REQsent] id 125 len 10 *Apr 23 08:57:59.667: Vi2.1 IPCP: Address 0.0.0.0 (0x030600000000) *Apr 23 08:57:59.667: Vi2.1 AAA/AUTHOR/IPCP: Start. Her address 0.0.0.0, we want 0.0.0.0 *Apr 23 08:57:59.667: Vi2.1 AAA/AUTHOR/IPCP: Done. Her address 0.0.0.0, we want 0.0.0.0 *Apr 23 08:57:59.667: Vi2.1: Pools to search : VpdnUsers *Apr 23 08:57:59.667: Vi2.1: Pool VpdnUsers returned address = 192.168.1.2 *Apr 23 08:57:59.667: Vi2.1 IPCP: Pool returned 192.168.1.2 *Apr 23 08:57:59.667: Vi2.1 IPCP: O CONFNAK [REQsent] id 125 len 10 *Apr 23 08:57:59.667: Vi2.1 IPCP: Address 192.168.1.2 (0x0306C0A80102) *Apr 23 08:57:59.683: Vi2.1 IPCP: I CONFACK [REQsent] id 1 len 10 *Apr 23 08:57:59.683: Vi2.1 IPCP: Address 192.168.1.1 (0x0306C0A80101) *Apr 23 08:57:59.699: Vi2.1 IPCP: I CONFREQ [ACKrcvd] id 126 len 10 *Apr 23 08:57:59.699: Vi2.1 IPCP: Address 192.168.1.2 (0x0306C0A80102) *Apr 23 08:57:59.699: Vi2.1 IPCP: O CONFACK [ACKrcvd] id 126 len 10 *Apr 23 08:57:59.699: Vi2.1 IPCP: Address 192.168.1.2 (0x0306C0A80102) *Apr 23 08:57:59.699: Vi2.1 IPCP: State is Open *Apr 23 08:57:59.703: Vi2.1 IPCP: Install route to 192.168.1.2 *Apr 23 08:57:59.703: Vi2.1 IPCP: Add link info for cef entry 192.168.1.2 LNS2#
修訂 | 發佈日期 | 意見 |
---|---|---|
1.0 |
19-Nov-2007 |
初始版本 |