Composition et accès : Réseau privé virtuel à accès commuté (VPDN)

Équilibrage de charge et basculement L2TP avec protocole MPP à liaisons multiples

18 octobre 2016 - Traduction automatique
Autres versions: PDFpdf | Anglais (22 août 2015) | Commentaires


Contenu


Introduction

Ce document décrit la fonctionnalité d'utiliser l'Équilibrage de charge et le Basculement avec le Protocole point à point (PPP) de multilink sur le Layer 2 Tunneling Protocol (L2TP).

Conditions préalables

Conditions requises

Les lecteurs de ce document devraient avoir connaissance des sujets suivants :

  • Réseau privé virtuel à accès commuté (VPDN)

  • L2TP

  • PPP

  • Ppp multilink

Composants utilisés

Ce document n'est pas limité à des versions de matériel et de logiciel spécifiques.

Les informations contenues dans ce document ont été créées à partir des périphériques d'un environnement de laboratoire spécifique. Tous les périphériques utilisés dans ce document ont démarré avec une configuration effacée (par défaut). Si votre réseau est opérationnel, assurez-vous que vous comprenez l'effet potentiel de toute commande.

Conventions

Pour plus d'informations sur les conventions de documents, reportez-vous à Conventions relatives aux conseils techniques Cisco.

Fond

Le PPP à liaisons multiples permet séparer, recombiner et ordonnancer des datagrammes en s'exécutant à travers de plusieurs liens simultanés de PPP. Sur l'extrémité de transmission, le PPP à liaisons multiples prévoit la fragmentation d'un paquet simple dans des plusieurs paquets à transmettre à travers de plusieurs liens de PPP. Sur l'extrémité de réception, le PPP à liaisons multiples fournit le paquet rassemblent de plusieurs liens de PPP de nouveau dans son paquet d'origine. Pour négocier Multilien, les deux pairs doivent convenir qu'ils sont Multilien-capables, c.-à-d., capable combiner de plusieurs liens physiques dans un lien logique simple (souvent visé comme un « paquet "). L'option du Link Control Protocol (LCP) utilisée pour indiquer que le pair est Multilien activé est la Maximum-Recevoir-Reconstruire-unité (MRRU).

La table au-dessous de la sortie de débogage de logiciel de ½ du ¿  de Cisco IOSï d'expositions de deux Multilien-a activé des périphériques pendant les phases finales de négociation LCP. Comme vous pouvez voir, chacun des deux envoient CONFACKS contenant l'option MRRU indiquant que Multilien sera utilisé pendant cette session PPP. Le discriminateur de point d'extrémité est également inclus, bien qu'il ne soit pas nécessaire de faire ainsi.

Remarque: Le discriminateur de point d'extrémité peut être utilisé dans nommer de l'ensemble multiliaison, bien que le comportement par défaut de logiciel de Cisco IOS soit d'utiliser le nom d'utilisateur authentifié seulement.

/image/gif/paws/23982/23982a.bmp

Si vous rencontrez la situation où le concentrateur d'accès L2TP (LAC) a utilisé l'Équilibrage de charge et a percé un tunnel les canaux B du pair de Multilien à de plusieurs points finaux de tunnel, vous voyez les exemples par-LNS de l'interface de maître d'ensemble multiliaison. Les débuts de pair pour fragmenter des paquets et pour envoyer ces derniers simultanément au-dessus des liaisons membres. Chaque LNS reçoit des fragments et des tentatives de recombiner, ordonnançant échoue et des fragments perdus sont signalés. En conséquence, aucunes données ne peuvent être passées. Dans ces circonstances, il y a une condition requise d'informer d'autres LNS impliqués dans l'Équilibrage de charge au sujet de l'état des utilisateurs de Multilien qui sont connectés. Pour faire ceci, le LNS doit être placé dans un PPP de Multichassis Multilink (MMP) « groupe de pile ». La capacité MMP est basée sur le groupe de pile des protocoles offrant Protocol (SGBP) et de l'expédition du niveau 2 (L2F) pour offrir et offre pour la propriété des appels multiliaisons avant l'appel étant reçu. La commande de vpdn multihop est exigée pour permettre les paquets générés du serveur distant pour traverser plus d'un tunnel.

Quand le LNS reçoit un appel multiliaison avant de se terminer l'authentification, le nom d'utilisateur du distant (qu'est à dire nommer par défaut de logiciel de Cisco IOS pour le nom d'ensemble multiliaison) est transmis à SGBP. SGBP fournit un mécanisme pour questionner pour la propriété existante d'un appel dans le groupe de pile. Si le membre du groupe de pile qui reçoit l'appel n'est pas le propriétaire existant, SGBP emploie un processus d'offre pour résoudre la propriété avec les autres membres de la pile. L'offre est pour un utilisateur particulier, pas la connexion individuelle. Par défaut, le membre du groupe de pile qui reçoit le premier appel toujours gagne le processus d'offre et contrôle la propriété de tous les appels ultérieurs de cet utilisateur. C'est indépendamment du LNS de terminaison (par configuration, il est possible de changer le comportement du processus d'offre SGBP, pour influencer qui gagnera le processus d'offre et possédera l'appel). Quand tous les appels de l'utilisateur sont déconnectés, la propriété principale est abandonnée. Un nouvel appel à partir du même utilisateur reprend le processus d'offre avec la résolution d'un nouveau maître.

Équilibrage de charge avec l'ordre de connexion de PPP à liaisons multiples

  1. Un utilisateur distant '2500-1' de SoHo place un appel multiliaison, canal unique, dans le LAC. Un lien de PPP est établi.

  2. LCP est négocié (MRRUs sont inclus dans le CONFACKS) et les informations de tunnel est téléchargé du RAYON avec les périphériques du tunnel à utiliser dans l'Équilibrage de charge.

    Le périphérique du tunnel '10.51.6.59' est sélectionné pendant que la première adresse inactive et la connexion est expédiée. Le tunnel et la session sont établis.

  3. Le LNS crée l'interface d'accès virtuel 2 pour terminer le tunnel L2TP. ½ DU ¿  ïÂ

    Seulement les commandes commençant par le ppp, la keepalive, le mtu, se connecter et le par défaut sont copiées du virtual-template. Le virtual-template 1 a le ppp multilink configuré. Les informations de configuration LCP fournies dans l'ICCN sont forcées sur la pile de PPP d'interface d'accès virtuel (ceci inclut le MRRU négocié par LAC).

  4. Le LNS utilise la réponse AVP d'authentification de proxy - 33, livré dans l'ICCN, pour commencer le processus d'offre SGBP pour tous les ensembles multiliaisons existants avec le nom '2500-1'.

    Une offre ouverte de requête d'autorité est envoyée pour le paquet '2500-1' avec l'offre par défaut de graine de 50. ½ DU ¿  ïÂ

    Le sgbp member '10.51.6.61' répond avec une offre d'autorité de 0 (l'autorité est refusée) car il n'y a pas un paquet existant pour '2500-1'. ½ DU ¿  ïÂ

    '10.51.6.59' (gens du pays) est maintenant principal pour '2500-1'. Une fin de requête d'autorité est envoyée, avec la valeur de demande d'offre d'autorité de 10000 une fois que la résolution de la propriété est complète.

  5. L'authentification et l'autorisation AAA/PPP a lieu alors. Une access-demande de RAYON est envoyée.

  6. L'interface d'accès virtuel 1 est créée pour le maître d'ensemble multiliaison et est copiée du virtual-template 1.

  7. La négociation de PPP IPCP se termine et est OUVERTE avoué, une route hôte est installée. L'utilisateur distant est maintenant connecté, et la circulation peut débuter.

  8. En raison des bandes passantes nécessaires, l'utilisateur distant '2500-1' de SoHo place un deuxième appel multiliaison au LAC.

  9. Le RAYON est de nouveau questionné pour les informations de tunnel. Selon la logique d'Équilibrage de charge, le prochain périphérique du tunnel inactif '10.51.6.61' est sélectionné. Le tunnel et la session sont établis.

  10. Le LNS crée l'interface d'accès virtuel 1 pour terminer le tunnel L2TP. ½ DU ¿  ïÂ

    Le virtual-template 1 est utilisé pour copier (fait configurer le « ppp multilink »), les informations de configuration LCP fournies dans l'ICCN est forcé sur la pile de PPP d'interface d'accès virtuel (ceci inclut le MRRU négocié par LAC).

  11. L'offre SGBP est commencée pour tous les ensembles multiliaisons existants avec le nom '2500-1' en envoyant une offre de requête d'autorité pour le paquet '2500-1' avec l'offre par défaut de graine de 50.

  12. As'10.51.6.59 est déjà principal pour '2500-1' que l'offre d'adhésion a une valeur de demande de 10000. ½ DU ¿  ïÂ

    '10.51.6.61' maintenant en avant la connexion PPP à '10.51.6.59'.

    Un tunnel L2F est ouvert de '10.51.6.61' à '10.51.6.59' (le protocole par défaut de Tunnellisation pour le PPP de Multichassis Multilink est L2F).

    Le tunnel est authentifié utilisant le nom d'utilisateur « CONNEXION MULTIPLE ENTRE DEUX NOEUDS » de sgbp group. Le tunnel et la session L2F sont ouverts.

  13. La session PPP est L2F expédiée à '10.51.6.59'. L'interface d'accès virtuel 3 est créée pour terminer le tunnel L2F et est copiée du virtual-template 1.

  14. L'état LCP négocié par LAC est rejoué sur la pile de PPP de virtuel-Access, et inclut l'option convenue MRRU.

  15. L'authentification et l'autorisation AAA/PPP a lieu alors. Une access-demande de RAYON est envoyée.

  16. L'authentification est terminée et l'interface d'accès virtuel 3 est ajoutée au maître d'ensemble multiliaison.

/image/gif/paws/23982/23982b.bmp

Essai en laboratoire - Équilibrage de charge LNS avec le PPP à liaisons multiples

Profil RADIUS

Ce document utilise ce profil d'utilisateur RADIUS et de tunnel sur le serveur Merit RADIUS 3.6B :

2500-1 Password = "cisco" 
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.255
dnis:614629 Password = "cisco"
Service-Type = Outbound,
Cisco:Avpair = "vpdn:tunnel-type=l2tp",
Cisco:Avpair = "vpdn:tunnel-id=hgw",
Cisco:Avpair = "vpdn:ip-addresses=10.51.6.61,10.51.6.59",
Cisco:Avpair = "vpdn:l2tp-tunnel-password=hello"

Configuration LAC

Configuration LAC mêmes que la configuration précédente.

LNS - Configuration pour la CONNEXION MULTIPLE ENTRE DEUX NOEUDS de Stackgroup (10.51.6.59 et 10.51.6.61)

hostname nsa-7200-2 (10.51.6.61)
username MULTIHOP password 0 cisco

!--- The stack name/password is used to authenticate the SGBP connections between 
!--- all member routers. As RADIUS has no concept of SendAuth , the stack name 
!--- password needs to be defined locally.

sgbp group MULTIHOP

!--- The stack group is given a unique username, the name 'MULTIHOP' must be 
!--- unique within a domain and only one stack group is allowed per router.

sgbp member nsa-7200-3 10.51.6.59

!--- The stack member '10.51.6.59' is defined.

vpdn multihop

!--- Enables the LNS to forward Multilink PPP links to Stack Group members that 
!--- already own existing bundle Masters for that session.

multilink virtual-template 1

!--- The Multilink Bundle Interface will clone from the Virtual Template 1.

interface Virtual-Template1
ip unnumbered Ethernet3/0
peer default ip address pool default
ppp authentication chap vpdn
ppp authorization vpdn
ppp chap hostname nsa-7200-2
ppp multilink
hostname nsa-7200-3 (10.51.6.59)
!
username MULTIHOP password 0 cisco
!
sgbp group MULTIHOP
sgbp member nsa-7200-2 10.51.6.61
vpdn multihop
!
multilink virtual-template 1
!
interface Virtual-Template1
ip unnumbered Ethernet3/0
peer default ip address pool default
ppp authentication chap vpdn
ppp authorization vpdn
ppp chap hostname nsa-7200-3
ppp multilink

Debug pris du LAC

Jan 1 00:01:01.039: %LINK-3-UPDOWN: Interface Serial0:0, 
changed state to up
Jan 1 00:01:01.235: Se0:0 PPP: Treating connection as a callin
Jan 1 00:01:01.235: Se0:0 PPP: Phase is ESTABLISHING, Passive Open
Jan 1 00:01:01.239: Se0:0 CHAP: Using alternate hostname 5300-1
Jan 1 00:01:01.239: Se0:0 LCP: State is Listen
Jan 1 00:01:01.239: Se0:0 LCP: I CONFREQ [Listen] id 22 len 23
Jan 1 00:01:01.239: Se0:0 LCP: MagicNumber 0x31BFC605 (0x050631BFC605)
Jan 1 00:01:01.239: Se0:0 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:01.239: Se0:0 LCP: EndpointDisc 1 Local (0x130901323530302D31)
Jan 1 00:01:01.239: Se0:0 LCP: O CONFREQ [Listen] id 27 len 28
Jan 1 00:01:01.239: Se0:0 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:01.239: Se0:0 LCP: MagicNumber 0x15C13318 (0x050615C13318)
Jan 1 00:01:01.239: Se0:0 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:01.239: Se0:0 LCP: EndpointDisc 1 Local (0x130901353330302D31)
Jan 1 00:01:01.239: Se0:0 LCP: O CONFACK [Listen] id 22 len 23
Jan 1 00:01:01.239: Se0:0 LCP: MagicNumber 0x31BFC605 (0x050631BFC605)
Jan 1 00:01:01.239: Se0:0 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:01.239: Se0:0 LCP: EndpointDisc 1 Local (0x130901323530302D31)
Jan 1 00:01:01.287: Se0:0 LCP: I CONFACK [ACKsent] id 27 len 28
Jan 1 00:01:01.287: Se0:0 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:01.287: Se0:0 LCP: MagicNumber 0x15C13318 (0x050615C13318)
Jan 1 00:01:01.287: Se0:0 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:01.287: Se0:0 LCP: EndpointDisc 1 Local (0x130901353330302D31)
Jan 1 00:01:01.287: Se0:0 LCP: State is Open
Jan 1 00:01:01.287: Se0:0 PPP: Phase is AUTHENTICATING, by this end
Jan 1 00:01:01.287: Se0:0 CHAP: Using alternate hostname 5300-1
Jan 1 00:01:01.287: Se0:0 CHAP: O CHALLENGE id 17 len 27 from "5300-1"
Jan 1 00:01:01.315: Se0:0 CHAP: I RESPONSE id 17 len 27 from "2500-1"
Jan 1 00:01:01.315: Se0:0 PPP: Phase is FORWARDING
Jan 1 00:01:01.315: Se0:0 VPDN: Got DNIS string 614629
Jan 1 00:01:01.315: Se0:0 VPDN: Looking for tunnel -- dnis:614629 --
Jan 1 00:01:01.315: Serial0:0 AAA/AUTHOR/VPDN (552916761): Port='Serial0:0' 
list='default' service=NET
Jan 1 00:01:01.315: AAA/AUTHOR/VPDN: Serial0:0 (552916761) user='dnis:614629'
Jan 1 00:01:01.315: Serial0:0 AAA/AUTHOR/VPDN (552916761): send AV service=ppp
Jan 1 00:01:01.315: Serial0:0 AAA/AUTHOR/VPDN (552916761): send AV protocol=vpdn
Jan 1 00:01:01.315: Serial0:0 AAA/AUTHOR/VPDN (552916761): found list "default"
Jan 1 00:01:01.315: Serial0:0 AAA/AUTHOR/VPDN (552916761): Method=NSA_LAB (radius)
Jan 1 00:01:01.319: RADIUS: Initial Transmit Serial0:0 id 34 10.51.6.3:1645, 
Access-Request, len 112
Jan 1 00:01:01.319: Attribute 4 6 0A330644
Jan 1 00:01:01.319: Attribute 5 6 00000000
Jan 1 00:01:01.319: Attribute 26 17 00000009020B5365
Jan 1 00:01:01.319: Attribute 61 6 00000002
Jan 1 00:01:01.319: Attribute 1 13 646E6973
Jan 1 00:01:01.319: Attribute 30 8 36313436
Jan 1 00:01:01.319: Attribute 31 12 32303835
Jan 1 00:01:01.319: Attribute 2 18 B8DE6FA3
Jan 1 00:01:01.319: Attribute 6 6 00000005
Jan 1 00:01:01.323: RADIUS: Received from id 34 10.51.6.3:1645, 
Access-Accept, len 167
Jan 1 00:01:01.323: Attribute 6 6 00000005
Jan 1 00:01:01.323: Attribute 26 29 0000000901177670
Jan 1 00:01:01.323: Attribute 26 26 0000000901147670
Jan 1 00:01:01.323: Attribute 26 47 0000000901297670
Jan 1 00:01:01.327: Attribute 26 39 0000000901217670
Jan 1 00:01:01.327: RADIUS: saved authorization data for user 620DAD68 
at 619E9BC0
Jan 1 00:01:01.327: RADIUS: cisco AVPair "vpdn:tunnel-type=l2tp"
Jan 1 00:01:01.327: RADIUS: cisco AVPair "vpdn:tunnel-id=hgw"
Jan 1 00:01:01.327: RADIUS: cisco AVPair "vpdn:ip-addresses=
10.51.6.61,10.51.6.59"
Jan 1 00:01:01.327: RADIUS: cisco AVPair "vpdn:l2tp-tunnel-password=hello"
Jan 1 00:01:01.327: AAA/AUTHOR (552916761): Post authorization status 
= PASS_ADD
Jan 1 00:01:01.327: AAA/AUTHOR/VPDN: Processing AV service=ppp
Jan 1 00:01:01.327: AAA/AUTHOR/VPDN: Processing AV protocol=vpdn
Jan 1 00:01:01.327: AAA/AUTHOR/VPDN: Processing AV tunnel-type=l2tp
Jan 1 00:01:01.327: AAA/AUTHOR/VPDN: Processing AV tunnel-id=hgw
Jan 1 00:01:01.327: AAA/AUTHOR/VPDN: Processing AV ip-addresses=
10.51.6.61,10.51.6.59
Jan 1 00:01:01.327: AAA/AUTHOR/VPDN: Processing AV l2tp-tunnel-password=hello
Jan 1 00:01:01.327: Se0:0 VPDN/RPMS/: Got tunnel info for dnis:614629
Jan 1 00:01:01.327: Se0:0 VPDN/RPMS/: LAC hgw
Jan 1 00:01:01.327: Se0:0 VPDN/RPMS/: l2tp-busy-disconnect yes
Jan 1 00:01:01.327: Se0:0 VPDN/RPMS/: l2tp-tunnel-password xxxxxx
Jan 1 00:01:01.327: Se0:0 VPDN/RPMS/: 2 IP addresses
Jan 1 00:01:01.327: Se0:0 VPDN/RPMS/: IP 10.51.6.61 Priority 1
Jan 1 00:01:01.327: Se0:0 VPDN/RPMS/: IP 10.51.6.59 Priority 1
Jan 1 00:01:01.331: Se0:0 VPDN/: curlvl 1 Address 1: 10.51.6.59, priority 1 
Jan 1 00:01:01.331: Se0:0 VPDN/: Select non-active address 10.51.6.59, 
priority 1
Jan 1 00:01:01.331: Se0:0 VPDN: Find LNS process created
Jan 1 00:01:01.331: Tnl 5105 L2TP: SM State idle
Jan 1 00:01:01.331: Tnl 5105 L2TP: O SCCRQ 
Jan 1 00:01:01.331: Tnl 5105 L2TP: Tunnel state change from idle to 
wait-ctl-reply
Jan 1 00:01:01.331: Tnl 5105 L2TP: SM State wait-ctl-reply
Jan 1 00:01:01.331: Se0:0 VPDN: Forward to address 10.51.6.59
Jan 1 00:01:01.331: Se0:0 VPDN: Pending
Jan 1 00:01:01.331: Se0:0 VPDN: Process created
Jan 1 00:01:01.335: Tnl 5105 L2TP: I SCCRP from l2tp-gw
Jan 1 00:01:01.335: Tnl 5105 L2TP: Got a challenge from remote peer, 
l2tp-gw
Jan 1 00:01:01.335: Tnl 5105 L2TP: Got a response from remote peer, 
l2tp-gw
Jan 1 00:01:01.335: Tnl 5105 L2TP: Tunnel Authentication success
Jan 1 00:01:01.339: Tnl 5105 L2TP: Tunnel state change from 
wait-ctl-reply to established
Jan 1 00:01:01.339: Tnl 5105 L2TP: O SCCCN to l2tp-gw tnlid 24230
Jan 1 00:01:01.339: Tnl 5105 L2TP: SM State established
Jan 1 00:01:01.339: Se0:0 VPDN: Forwarding...
Jan 1 00:01:01.339: Tnl/Cl 5105/18 L2TP: Session FS enabled
Jan 1 00:01:01.339: Tnl/Cl 5105/18 L2TP: Session state change from idle 
to wait-for-tunnel
Jan 1 00:01:01.339: Se0:0 Tnl/Cl 5105/18 L2TP: Create session
Jan 1 00:01:01.339: Tnl 5105 L2TP: SM State established
Jan 1 00:01:01.339: Se0:0 Tnl/Cl 5105/18 L2TP: O ICRQ to l2tp-gw 24230/0
Jan 1 00:01:01.339: Se0:0 Tnl/Cl 5105/18 L2TP: Session state change from 
wait-for-tunnel to wait-reply
Jan 1 00:01:01.339: Se0:0 VPDN: 2500-1 is forwarded
Jan 1 00:01:01.343: Se0:0 Tnl/Cl 5105/18 L2TP: O ICCN to l2tp-gw 24230/41
Jan 1 00:01:01.347: Se0:0 Tnl/Cl 5105/18 L2TP: Session state change from 
wait-reply to established
Jan 1 00:01:02.343: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:0, 
changed state to up

!--- Second Multilink Call is placed by the remote user.

Jan 1 00:01:03.123: %LINK-3-UPDOWN: Interface Serial0:1, 
changed state to up
Jan 1 00:01:03.127: %ISDN-6-CONNECT: Interface Serial0:0 
is now connected to 2085730592 2500-1
Jan 1 00:01:03.351: Se0:1 PPP: Treating connection as a callin
Jan 1 00:01:03.351: Se0:1 PPP: Phase is ESTABLISHING, Passive Open
Jan 1 00:01:03.351: Se0:1 CHAP: Using alternate hostname 5300-1
Jan 1 00:01:03.351: Se0:1 LCP: State is Listen
Jan 1 00:01:03.351: Se0:1 LCP: I CONFREQ [Listen] id 3 len 23
Jan 1 00:01:03.351: Se0:1 LCP: MagicNumber 0x31BFCE57 (0x050631BFCE57)
Jan 1 00:01:03.351: Se0:1 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:03.351: Se0:1 LCP: EndpointDisc 1 Local (0x130901323530302D31)
Jan 1 00:01:03.351: Se0:1 LCP: O CONFREQ [Listen] id 3 len 28
Jan 1 00:01:03.351: Se0:1 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:03.351: Se0:1 LCP: MagicNumber 0x15C13B5D (0x050615C13B5D)
Jan 1 00:01:03.351: Se0:1 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:03.351: Se0:1 LCP: EndpointDisc 1 Local (0x130901353330302D31)
Jan 1 00:01:03.355: Se0:1 LCP: O CONFACK [Listen] id 3 len 23
Jan 1 00:01:03.355: Se0:1 LCP: MagicNumber 0x31BFCE57 (0x050631BFCE57)
Jan 1 00:01:03.355: Se0:1 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:03.355: Se0:1 LCP: EndpointDisc 1 Local (0x130901323530302D31)
Jan 1 00:01:03.403: Se0:1 LCP: I CONFACK [ACKsent] id 3 len 28
Jan 1 00:01:03.403: Se0:1 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:03.403: Se0:1 LCP: MagicNumber 0x15C13B5D (0x050615C13B5D)
Jan 1 00:01:03.403: Se0:1 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:03.403: Se0:1 LCP: EndpointDisc 1 Local (0x130901353330302D31)
Jan 1 00:01:03.403: Se0:1 LCP: State is Open
Jan 1 00:01:03.403: Se0:1 PPP: Phase is AUTHENTICATING, by this end
Jan 1 00:01:03.403: Se0:1 CHAP: Using alternate hostname 5300-1
Jan 1 00:01:03.407: Se0:1 CHAP: O CHALLENGE id 3 len 27 from "5300-1"
Jan 1 00:01:03.435: Se0:1 CHAP: I RESPONSE id 3 len 27 from "2500-1"
Jan 1 00:01:03.435: Se0:1 PPP: Phase is FORWARDING
Jan 1 00:01:03.435: Se0:1 VPDN: Got DNIS string 614629
Jan 1 00:01:03.435: Se0:1 VPDN: Looking for tunnel -- dnis:614629 --
Jan 1 00:01:03.435: Serial0:1 AAA/AUTHOR/VPDN (4201608973): Port='Serial0:1' 
list='default' service=NET
Jan 1 00:01:03.435: AAA/AUTHOR/VPDN: Serial0:1 (4201608973) user='dnis:614629'
Jan 1 00:01:03.435: Serial0:1 AAA/AUTHOR/VPDN (4201608973): send AV service=ppp
Jan 1 00:01:03.435: Serial0:1 AAA/AUTHOR/VPDN (4201608973): send AV protocol=vpdn
Jan 1 00:01:03.435: Serial0:1 AAA/AUTHOR/VPDN (4201608973): found list "default"
Jan 1 00:01:03.435: Serial0:1 AAA/AUTHOR/VPDN (4201608973): Method=NSA_LAB (radius)
Jan 1 00:01:03.439: RADIUS: Initial Transmit Serial0:1 id 35 10.51.6.3:1645, 
Access-Request, len 112
Jan 1 00:01:03.439: Attribute 4 6 0A330644
Jan 1 00:01:03.439: Attribute 5 6 00000001
Jan 1 00:01:03.439: Attribute 26 17 00000009020B5365
Jan 1 00:01:03.439: Attribute 61 6 00000002
Jan 1 00:01:03.439: Attribute 1 13 646E6973
Jan 1 00:01:03.439: Attribute 30 8 36313436
Jan 1 00:01:03.439: Attribute 31 12 32303835
Jan 1 00:01:03.439: Attribute 2 18 0FC856FB
Jan 1 00:01:03.439: Attribute 6 6 00000005
Jan 1 00:01:03.443: RADIUS: Received from id 35 10.51.6.3:1645, 
Access-Accept, len 167
Jan 1 00:01:03.443: Attribute 6 6 00000005
Jan 1 00:01:03.443: Attribute 26 29 0000000901177670
Jan 1 00:01:03.443: Attribute 26 26 0000000901147670
Jan 1 00:01:03.443: Attribute 26 47 0000000901297670
Jan 1 00:01:03.443: Attribute 26 39 0000000901217670
Jan 1 00:01:03.443: RADIUS: saved authorization data for user 
62127900 at 61CD10A0
Jan 1 00:01:03.443: RADIUS: cisco AVPair "vpdn:tunnel-type=l2tp"
Jan 1 00:01:03.443: RADIUS: cisco AVPair "vpdn:tunnel-id=hgw"
Jan 1 00:01:03.443: RADIUS: cisco AVPair "vpdn:ip-addresses=
10.51.6.61,10.51.6.59"
Jan 1 00:01:03.443: RADIUS: cisco AVPair "vpdn:l2tp-tunnel-password=hello"
Jan 1 00:01:03.443: AAA/AUTHOR (4201608973): Post authorization status 
= PASS_ADD
Jan 1 00:01:03.443: AAA/AUTHOR/VPDN: Processing AV service=ppp
Jan 1 00:01:03.443: AAA/AUTHOR/VPDN: Processing AV protocol=vpdn
Jan 1 00:01:03.443: AAA/AUTHOR/VPDN: Processing AV tunnel-type=l2tp
Jan 1 00:01:03.443: AAA/AUTHOR/VPDN: Processing AV tunnel-id=hgw
Jan 1 00:01:03.443: AAA/AUTHOR/VPDN: Processing AV ip-addresses=
10.51.6.61,10.51.6.59
Jan 1 00:01:03.443: AAA/AUTHOR/VPDN: Processing AV l2tp-tunnel-password=hello
Jan 1 00:01:03.443: Se0:1 VPDN/RPMS/: Got tunnel info for dnis:614629
Jan 1 00:01:03.443: Se0:1 VPDN/RPMS/: LAC hgw
Jan 1 00:01:03.443: Se0:1 VPDN/RPMS/: l2tp-busy-disconnect yes
Jan 1 00:01:03.443: Se0:1 VPDN/RPMS/: l2tp-tunnel-password xxxxxx
Jan 1 00:01:03.443: Se0:1 VPDN/RPMS/: 2 IP addresses
Jan 1 00:01:03.443: Se0:1 VPDN/RPMS/: IP 10.51.6.61 Priority 1
Jan 1 00:01:03.447: Se0:1 VPDN/RPMS/: IP 10.51.6.59 Priority 1
Jan 1 00:01:03.447: Se0:1 VPDN/: curlvl 1 Address 1: 10.51.6.59, priority 1 
Jan 1 00:01:03.447: Se0:1 VPDN/: curlvl 1 Address 0: 10.51.6.61, priority 1 
Jan 1 00:01:03.447: Se0:1 VPDN/: Select non-active address 10.51.6.61, 
priority 1
Jan 1 00:01:03.447: Se0:1 VPDN: Find LNS process created
Jan 1 00:01:03.447: Tnl 49388 L2TP: SM State idle
Jan 1 00:01:03.447: Tnl 49388 L2TP: O SCCRQ 
Jan 1 00:01:03.447: Tnl 49388 L2TP: Tunnel state change from idle to 
wait-ctl-reply
Jan 1 00:01:03.447: Tnl 49388 L2TP: SM State wait-ctl-reply
Jan 1 00:01:03.447: Se0:1 VPDN: Forward to address 10.51.6.61
Jan 1 00:01:03.447: Se0:1 VPDN: Pending
Jan 1 00:01:03.447: Se0:1 VPDN: Process created
Jan 1 00:01:03.451: Tnl 49388 L2TP: I SCCRP from l2tp-gw
Jan 1 00:01:03.451: Tnl 49388 L2TP: Got a challenge from remote peer, 
l2tp-gw
Jan 1 00:01:03.451: Tnl 49388 L2TP: Got a response from remote peer, 
l2tp-gw
Jan 1 00:01:03.451: Tnl 49388 L2TP: Tunnel Authentication success
Jan 1 00:01:03.451: Tnl 49388 L2TP: Tunnel state change from 
wait-ctl-reply to established
Jan 1 00:01:03.451: Tnl 49388 L2TP: O SCCCN to l2tp-gw tnlid 43591
Jan 1 00:01:03.455: Tnl 49388 L2TP: SM State established
Jan 1 00:01:03.455: Se0:1 VPDN: Forwarding...
Jan 1 00:01:03.455: Tnl/Cl 49388/19 L2TP: Session FS enabled
Jan 1 00:01:03.455: Tnl/Cl 49388/19 L2TP: Session state change from 
idle to wait-for-tunnel
Jan 1 00:01:03.455: Se0:1 Tnl/Cl 49388/19 L2TP: Create session
Jan 1 00:01:03.455: Tnl 49388 L2TP: SM State established
Jan 1 00:01:03.455: Se0:1 Tnl/Cl 49388/19 L2TP: O ICRQ to l2tp-gw 43591/0
Jan 1 00:01:03.455: Se0:1 Tnl/Cl 49388/19 L2TP: Session state change from 
wait-for-tunnel to wait-reply
Jan 1 00:01:03.455: Se0:1 VPDN: 2500-1 is forwarded
Jan 1 00:01:03.459: Se0:1 Tnl/Cl 49388/19 L2TP: O ICCN to l2tp-gw 43591/19
Jan 1 00:01:03.463: Se0:1 Tnl/Cl 49388/19 L2TP: Session state change from 
wait-reply to established
Jan 1 00:01:04.455: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:1, 
changed state to up
Jan 1 00:01:09.127: %ISDN-6-CONNECT: Interface Serial0:1 is now connected to 
2085730592 2500-1

/image/gif/paws/23982/23982c.bmp

Debugs pris du LNS - 10.51.6.59

Jan 1 00:01:01.783: L2TP: I SCCRQ from hgw tnl 5105
Jan 1 00:01:01.783: Tnl 24230 L2TP: Got a challenge in SCCRQ, hgw
Jan 1 00:01:01.783: Tnl 24230 L2TP: New tunnel created for remote hgw, 
address10.51.6.68
Jan 1 00:01:01.783: Tnl 24230 L2TP: O SCCRP to hgw tnlid 5105
Jan 1 00:01:01.783: Tnl 24230 L2TP: Tunnel state change from idle 
to wait-ctl-reply
Jan 1 00:01:01.787: Tnl 24230 L2TP: I SCCCN from hgw tnl 5105
Jan 1 00:01:01.787: Tnl 24230 L2TP: Got a Challenge Response in SCCCN from hgw
Jan 1 00:01:01.787: Tnl 24230 L2TP: Tunnel Authentication success
Jan 1 00:01:01.787: Tnl 24230 L2TP: Tunnel state change from wait-ctl-reply 
to established
Jan 1 00:01:01.787: Tnl 24230 L2TP: SM State established
Jan 1 00:01:01.791: Tnl 24230 L2TP: I ICRQ from hgw tnl 5105
Jan 1 00:01:01.791: Tnl/Cl 24230/41 L2TP: Session FS enabled
Jan 1 00:01:01.791: Tnl/Cl 24230/41 L2TP: Session state change from idle 
to wait-connect
Jan 1 00:01:01.791: Tnl/Cl 24230/41 L2TP: New session created
Jan 1 00:01:01.791: Tnl/Cl 24230/41 L2TP: O ICRP to hgw 5105/18
Jan 1 00:01:01.795: Tnl/Cl 24230/41 L2TP: I ICCN from hgw tnl 5105, cl 18
Jan 1 00:01:01.795: Tnl/Cl 24230/41 L2TP: Session state change from wait-connect 
to established
Jan 1 00:01:01.795: Vi2 VPDN: Virtual interface created for 2500-1
Jan 1 00:01:01.795: Vi2 PPP: Phase is DOWN, Setup
Jan 1 00:01:01.799: Vi2 VTEMPLATE: Has a new cloneblk vtemplate, 
now it has vtemplate
Jan 1 00:01:01.799: Vi2 VTEMPLATE: 
************* CLONE VACCESS2 *****************
Jan 1 00:01:01.799: Vi2 VTEMPLATE: Clone from Virtual-Template1
interface Virtual-Access2
default ip address
ppp authentication chap vpdn
ppp authorization vpdn
ppp multilink
pp chap hostname nsa-7200-3
end
Jan 1 00:01:01.835: %LINK-3-UPDOWN: Interface Virtual-Access2, 
changed state to up
Jan 1 00:01:01.835: Vi2 PPP: Using set call direction
Jan 1 00:01:01.835: Vi2 PPP: Treating connection as a callin
Jan 1 00:01:01.835: Vi2 PPP: Phase is ESTABLISHING, Passive Open
Jan 1 00:01:01.835: Vi2 CHAP: Using alternate hostname nsa-7200-3
Jan 1 00:01:01.835: Vi2 LCP: State is Listen
Jan 1 00:01:01.835: Vi2 LCP: I FORCED CONFREQ len 24
Jan 1 00:01:01.835: Vi2 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:01.835: Vi2 LCP: MagicNumber 0x15C13318 (0x050615C13318)
Jan 1 00:01:01.835: Vi2 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:01.835: Vi2 LCP: EndpointDisc 1 Local (0x130901353330302D31)
Jan 1 00:01:01.835: Vi2 VPDN: PPP LCP accepted rcv CONFACK
Jan 1 00:01:01.835: Vi2 LCP: I FORCED CONFACK len 19
Jan 1 00:01:01.835: Vi2 LCP: MagicNumber 0x31BFC605 (0x050631BFC605)
Jan 1 00:01:01.835: Vi2 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:01.835: Vi2 LCP: EndpointDisc 1 Local (0x130901323530302D31)
Jan 1 00:01:01.835: Vi2 VPDN: PPP LCP accepted sent CONFACK
Jan 1 00:01:01.835: Vi2 PPP: Phase is AUTHENTICATING, by this end
Jan 1 00:01:01.835: Vi2 CHAP: Using alternate hostname nsa-7200-3
Jan 1 00:01:01.835: Vi2 CHAP: O CHALLENGE id 3 len 31 from "nsa-7200-3"
Jan 1 00:01:01.835: Vi2 CHAP: I RESPONSE id 17 len 27 from "2500-1"
Jan 1 00:01:01.835: Vi2 PPP: Phase is FORWARDING
Jan 1 00:01:01.835: Vi2 VPDN: Looking for tunnel -- --
Jan 1 00:01:01.839: Vi2 VPDN: Looking for tunnel -- --
Jan 1 00:01:01.839: %SGBP-7-NEWL: Local query #53 for 2500-1, count 1, 
ourbid 50
Jan 1 00:01:01.839: Vi2 VPDN: Continue using SGBP for 2500-1
Jan 1 00:01:01.839: Vi2 VPDN: Pending
Jan 1 00:01:01.839: Vi2 VPDN: Process created
Jan 1 00:01:02.091: %SGBP-7-DONE: Query #53 for bundle 2500-1, count 1, 
master is local
Jan 1 00:01:02.091: %SGBP-7-MQB: Bundle: 2500-1 State: Done OurBid: 10000
Jan 1 00:01:02.091: %SGBP-7-PB: 10.51.6.61 State: Rcvd Bid: 000 Retry: 0
Jan 1 00:01:02.091: Vi2 VPDN: Not forwarded
Jan 1 00:01:02.091: Vi2 PPP: Phase is AUTHENTICATING
Jan 1 00:01:02.091: Vi2 CHAP: I RESPONSE id 17 len 27 from "2500-1"
Jan 1 00:01:02.091: AAA/AUTHEN/START (3376880111): port='Virtual-Access2' 
list='vpdn' action=LOGI service=PPP
Jan 1 00:01:02.091: AAA/AUTHEN/START (3376880111): found list vpdn
Jan 1 00:01:02.091: AAA/AUTHEN/START (3376880111): Method=radius (radius)
Jan 1 00:01:02.091: RADIUS: Initial Transmit Virtual-Access2 
id 15 10.51.6.3:1645, Access-Request, len 97
Jan 1 00:01:02.091: Attribute 4 6 0A33063B
Jan 1 00:01:02.091: Attribute 5 6 00000002
Jan 1 00:01:02.091: Attribute 61 6 00000005
Jan 1 00:01:02.091: Attribute 1 8 32353030
Jan 1 00:01:02.091: Attribute 30 8 36313436
Jan 1 00:01:02.091: Attribute 31 12 32303835
Jan 1 00:01:02.091: Attribute 3 19 110F710D
Jan 1 00:01:02.091: Attribute 6 6 00000002
Jan 1 00:01:02.091: Attribute 7 6 00000001
Jan 1 00:01:02.095: RADIUS: Received from id 15 10.51.6.3:1645, 
Access-Accept, len 38
Jan 1 00:01:02.095: Attribute 6 6 00000002
Jan 1 00:01:02.095: Attribute 7 6 00000001
Jan 1 00:01:02.095: Attribute 8 6 FFFFFFFF
Jan 1 00:01:02.095: AAA/AUTHEN (3376880111): status = PASS
Jan 1 00:01:02.095: Vi2 AAA/AUTHOR/LCP: Authorize LCP
Jan 1 00:01:02.095: Vi2 AAA/AUTHOR/LCP (2242497288): Port='Virtual-Access2' 
list='vpdn' service=NET
Jan 1 00:01:02.099: AAA/AUTHOR/LCP: Vi2 (2242497288) user='2500-1'
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/LCP (2242497288): send AV service=ppp
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/LCP (2242497288): send AV protocol=lcp
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/LCP (2242497288): found list "vpdn"
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/LCP (2242497288): Method=radius (radius)
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR (2242497288): Post authorization status 
= PASS_REPL
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/LCP: Processing AV service=ppp
Jan 1 00:01:02.099: Vi2 CHAP: O SUCCESS id 17 len 4
Jan 1 00:01:02.099: Vi2 PPP: Phase is VIRTUALIZED
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/MLP (2616761311): Port='Virtual-Access2' 
list='vpdn' service=NET
Jan 1 00:01:02.099: AAA/AUTHOR/MLP: Vi2 (2616761311) user='2500-1'
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/MLP (2616761311): send AV service=ppp
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/MLP (2616761311): send AV protocol=multilink
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/MLP (2616761311): found list "vpdn"
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR/MLP (2616761311): Method=radius (radius)
Jan 1 00:01:02.099: Vi2 AAA/AUTHOR (2616761311): Post authorization status 
= PASS_REPL
Jan 1 00:01:02.099: Vi1 VTEMPLATE: Set default settings with ip unnumbered
Jan 1 00:01:02.115: Vi1 VTEMPLATE: Hardware address 0010.0ba5.f800
Jan 1 00:01:02.115: Vi1 PPP: Phase is DOWN, Setup
Jan 1 00:01:02.119: Vi1 VTEMPLATE: Has a new cloneblk vtemplate, 
now it has vtemplate
Jan 1 00:01:02.119: Vi1 VTEMPLATE: 
************* CLONE VACCESS1 *****************
Jan 1 00:01:02.119: Vi1 VTEMPLATE: Clone from Virtual-Template1
interface Virtual-Access1
default ip address
no ip address
encap ppp
ip unnumbered Ethernet5/0
peer default ip address pool default
ppp authentication chap vpdn
ppp authorization vpdn
ppp multilink
pp chap hostname nsa-7200-3
end

Jan 1 00:01:02.179: Vi2 IPCP: Packet buffered while building 
MLP bundle interface
Jan 1 00:01:02.179: %LINK-3-UPDOWN: Interface Virtual-Access1, 
changed state to up
Jan 1 00:01:02.179: Vi1 PPP: Treating connection as a dedicated line
Jan 1 00:01:02.179: Vi1 PPP: Phase is ESTABLISHING, Active Open
Jan 1 00:01:02.179: Vi1 CHAP: Using alternate hostname nsa-7200-3
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM: (0): LCP succeeds trivially
Jan 1 00:01:02.179: Vi1 LCP: O CONFREQ [Closed] id 1 len 32
Jan 1 00:01:02.179: Vi1 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:02.179: Vi1 LCP: MagicNumber 0x1F5A340B (0x05061F5A340B)
Jan 1 00:01:02.179: Vi1 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:02.179: Vi1 LCP: EndpointDisc 1 Local 
(0x130D016E73612D373230302D33)
Jan 1 00:01:02.179: AAA/AUTHOR/MLP Vi1: Processing AV service=ppp
Jan 1 00:01:02.179: Vi1 VPDN: Virtual interface iteration
Jan 1 00:01:02.179: Vi1 PPP: Phase is UP
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM: (0): Can we start IPCP?
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM (2530889481): Port='Virtual-Access2' 
list='vpdn' service=NET
Jan 1 00:01:02.179: AAA/AUTHOR/FSM: Vi1 (2530889481) user='2500-1'
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM (2530889481): send AV service=ppp
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM (2530889481): send AV protocol=ip
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM (2530889481): found list "vpdn"
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM (2530889481): Method=radius (radius)
Jan 1 00:01:02.179: RADIUS: allowing negotiated framed address
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR (2530889481): Post authorization status 
= PASS_REPL
Jan 1 00:01:02.179: Vi1 AAA/AUTHOR/FSM: We can start IPCP
Jan 1 00:01:02.183: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
Jan 1 00:01:02.183: Vi1 IPCP: Address 10.51.6.59 (0x03060A33063B)
Jan 1 00:01:02.183: Vi1 MLP: Added first link Vi2 to bundle 2500-1
Jan 1 00:01:02.183: Vi2 IPCP: Redirect packet to Vi1
Jan 1 00:01:02.183: Vi1 IPCP: I CONFREQ [REQsent] id 1 len 10
Jan 1 00:01:02.183: Vi1 IPCP: Address 10.10.53.2 (0x03060A0A3502)
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP: Start. Her address 10.10.53.2, 
we want 0.0.0.0
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP (2777739044): Port='Virtual-Access2' 
list='vpdn' service=NET
Jan 1 00:01:02.183: AAA/AUTHOR/IPCP: Vi1 (2777739044) user='2500-1'
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP (2777739044): send AV service=ppp
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP (2777739044): send AV protocol=ip
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP (2777739044): send AV addr*10.10.53.2
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP (2777739044): found list "vpdn"
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP (2777739044): Method=radius (radius)
Jan 1 00:01:02.183: RADIUS: allowing negotiated framed address 10.10.53.2
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR (2777739044): Post authorization status 
= PASS_REPL
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP: Processing AV service=ppp
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP: Processing AV addr=10.10.53.2
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP: Authorization succeeded
Jan 1 00:01:02.183: Vi1 AAA/AUTHOR/IPCP: Done. Her address 10.10.53.2, 
we want 10.10.53.2
Jan 1 00:01:02.183: Vi1 IPCP: O CONFACK [REQsent] id 1 len 10
Jan 1 00:01:02.183: Vi1 IPCP: Address 10.10.53.2 (0x03060A0A3502)
Jan 1 00:01:02.211: Vi1 IPCP: I CONFACK [ACKsent] id 1 len 10
Jan 1 00:01:02.211: Vi1 IPCP: Address 10.51.6.59 (0x03060A33063B)
Jan 1 00:01:02.211: Vi1 IPCP: State is Open
Jan 1 00:01:02.211: Vi1 AAA/AUTHOR/PER-USER: Event IP_UP
Jan 1 00:01:02.211: Vi1 AAA/AUTHOR: IP_UP
Jan 1 00:01:02.211: Vi1 AAA/PER-USER: processing author params.
Jan 1 00:01:02.215: Vi1 IPCP: Install route to 10.10.53.2
Jan 1 00:01:03.099: %LINEPROTO-5-UPDOWN: 
Line protocol on Interface Virtual-Access2, changed state to up
Jan 1 00:01:03.179: %LINEPROTO-5-UPDOWN: 
Line protocol on Interface Virtual-Access1, changed state to up
Jan 1 00:01:04.163: %SGBP-7-NEWP: 
Peer query #54 for 2500-1, count 1, peerbid 50, ourbid 10000
Jan 1 00:01:04.363: %SGBP-7-DONE: 
Query #54 for bundle 2500-1, count 0, master is local
Jan 1 00:01:04.367: L2X: L2F_CONF received
Jan 1 00:01:04.367: Tnl 46 L2F: Received L2F-CONF from MULTIHOP
Jan 1 00:01:04.367: AAA/AUTHEN/START (1546583827): 
port='' list='default' action=SENDAUTH service=PPP
Jan 1 00:01:04.367: AAA/AUTHEN/START (1546583827): found list default
Jan 1 00:01:04.367: AAA/AUTHEN/START (1546583827): Method=LOCAL
Jan 1 00:01:04.367: AAA/AUTHEN (1546583827): status = PASS
Jan 1 00:01:04.367: AAA/AUTHEN/START (3291965384): 
port='' list='default' action=SENDAUTH service=PPP
Jan 1 00:01:04.367: AAA/AUTHEN/START (3291965384): found list default
Jan 1 00:01:04.367: AAA/AUTHEN/START (3291965384): Method=LOCAL
Jan 1 00:01:04.367: AAA/AUTHEN (3291965384): status = PASS
Jan 1 00:01:04.367: Tnl 46 L2F: 
Opened UDP socket to 10.51.6.61 using source 10.51.6.59
Jan 1 00:01:04.367: Tnl 46 L2F: 
Tunnel MULTIHOP state change from closed state opening
Jan 1 00:01:04.367: Tnl 46 L2F: Sending L2F-CONF to peer
Jan 1 00:01:04.375: Tnl 46 L2F: L2F_OPEN received
Jan 1 00:01:04.375: Tnl 46 L2F: 
OPEN from MULTIHOP received for tunnel in state opening
Jan 1 00:01:04.375: AAA/AUTHEN/START (3210024667): 
port='' list='default' action=LOGIN service=PPP
Jan 1 00:01:04.375: AAA/AUTHEN/START (3210024667): found list default
Jan 1 00:01:04.375: AAA/AUTHEN/START (3210024667): Method=LOCAL
Jan 1 00:01:04.375: AAA/AUTHEN (3210024667): status = PASS
Jan 1 00:01:04.375: VPDN: Chap authentication succeeded for MULTIHOP
Jan 1 00:01:04.375: Tnl 46 L2F: 
Tunnel MULTIHOP state change from opening state open
Jan 1 00:01:04.375: Tnl 46 L2F: Replying to MULTIHOP with L2F-OPEN
Jan 1 00:01:04.379: Tnl 46 L2F: L2F_OPEN received
Jan 1 00:01:04.379: Tnl 46 L2F: New OPEN received for Session 12
Jan 1 00:01:04.379: 2500-1Tnl/Cl 46/12 L2F: 
Session state change from closed to opening
Jan 1 00:01:04.379: Vi3 VTEMPLATE: Hardware address 0010.0ba5.f800
Jan 1 00:01:04.379: Vi3 VPDN: 
Virtual interface created for 2500-1 bandwidth 64 Kbps
Jan 1 00:01:04.379: Vi3 PPP: Phase is DOWN, Setup
Jan 1 00:01:04.379: Vi3 VTEMPLATE: 
Has a new cloneblk vtemplate, now it has vtemplate
Jan 1 00:01:04.379: Vi3 VTEMPLATE: 
************* CLONE VACCESS3 *****************
Jan 1 00:01:04.379: Vi3 VTEMPLATE: Clone from Virtual-Template1
interface Virtual-Access3
default ip address
ppp authentication chap vpdn
ppp authorization vpdn
ppp multilink
pp chap hostname nsa-7200-3
end

Jan 1 00:01:04.419: %LINK-3-UPDOWN: Interface Virtual-Access3, 
changed state to up
Jan 1 00:01:04.419: Vi3 PPP: Using set call direction
Jan 1 00:01:04.419: Vi3 PPP: Treating connection as a callin
Jan 1 00:01:04.419: Vi3 PPP: Phase is ESTABLISHING, Passive Open
Jan 1 00:01:04.419: Vi3 CHAP: Using alternate hostname nsa-7200-3
Jan 1 00:01:04.419: Vi3 LCP: State is Listen
Jan 1 00:01:04.419: Vi3 LCP: I FORCED CONFREQ len 24
Jan 1 00:01:04.419: Vi3 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:04.419: Vi3 LCP: MagicNumber 0x15C13B5D (0x050615C13B5D)
Jan 1 00:01:04.419: Vi3 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:04.419: Vi3 LCP: EndpointDisc 1 Local (0x130901353330302D31)
Jan 1 00:01:04.419: Vi3 VPDN: PPP LCP accepted rcv CONFACK
Jan 1 00:01:04.419: Vi3 LCP: I FORCED CONFACK len 19
Jan 1 00:01:04.419: Vi3 LCP: MagicNumber 0x31BFCE57 (0x050631BFCE57)
Jan 1 00:01:04.419: Vi3 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:04.419: Vi3 LCP: EndpointDisc 1 Local (0x130901323530302D31)
Jan 1 00:01:04.419: Vi3 VPDN: PPP LCP accepted sent CONFACK
Jan 1 00:01:04.419: Vi3 PPP: Phase is AUTHENTICATING, by this end
Jan 1 00:01:04.419: Vi3 CHAP: Using alternate hostname nsa-7200-3
Jan 1 00:01:04.419: Vi3 CHAP: O CHALLENGE id 3 len 31 from "nsa-7200-3"
Jan 1 00:01:04.419: Vi3 Tnl/Cl 46/12 L2F: 
Transfer NAS-Rate L2F/64000/64000 to LCP
Jan 1 00:01:04.419: Vi3 CHAP: I RESPONSE id 3 len 27 from "2500-1"
Jan 1 00:01:04.419: Vi3 PPP: Phase is FORWARDING
Jan 1 00:01:04.423: Vi3 VPDN: Looking for tunnel -- --
Jan 1 00:01:04.423: Vi3 VPDN: Looking for tunnel -- --
Jan 1 00:01:04.423: Vi3 VPDN: Multihop illegal for Multichassis Multilink

!--- This debug message is generated as the Cisco IOS software checks to see 
!--- if the second and first hops are already an existing Multichassis tunnel.
!--- If so, the tunnel is disallowed.

Jan 1 00:01:04.423: Vi3 VPDN: Continue PPP authentication for 2500-1
Jan 1 00:01:04.423: Vi3 PPP: Phase is AUTHENTICATING
Jan 1 00:01:04.423: Vi3 Tnl/Cl 46/12 L2F: Created VA for Mid, 
Replying with OPEN
Jan 1 00:01:04.423: Vi3 Tnl/Cl 46/12 L2F: 
Session state change from opening to open
Jan 1 00:01:04.423: AAA/AUTHEN/START (578160697): 
port='Virtual-Access3' list='vpdn' action=LOGIN service=PPP
Jan 1 00:01:04.423: AAA/AUTHEN/START (578160697): found list vpdn
Jan 1 00:01:04.423: AAA/AUTHEN/START (578160697): Method=radius (radius)
Jan 1 00:01:04.423: RADIUS: Initial Transmit Virtual-Access3
 id 16 10.51.6.3:1645, Access-Request, len 97
Jan 1 00:01:04.423: Attribute 4 6 0A33063B
Jan 1 00:01:04.423: Attribute 5 6 00000003
Jan 1 00:01:04.423: Attribute 61 6 00000005
Jan 1 00:01:04.423: Attribute 1 8 32353030
Jan 1 00:01:04.423: Attribute 30 8 36313436
Jan 1 00:01:04.423: Attribute 31 12 32303835
Jan 1 00:01:04.423: Attribute 3 19 03A99FFB
Jan 1 00:01:04.423: Attribute 6 6 00000002
Jan 1 00:01:04.423: Attribute 7 6 00000001
Jan 1 00:01:04.427: RADIUS: Received from id 16 10.51.6.3:1645, 
Access-Accept,len 38
Jan 1 00:01:04.427: Attribute 6 6 00000002
Jan 1 00:01:04.427: Attribute 7 6 00000001
Jan 1 00:01:04.427: Attribute 8 6 FFFFFFFF
Jan 1 00:01:04.427: AAA/AUTHEN (578160697): status = PASS
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR/LCP: Authorize LCP
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR/LCP (2032781798): Port='Virtual-Access3' 
list='vpdn' service=NET
Jan 1 00:01:04.427: AAA/AUTHOR/LCP: Vi3 (2032781798) user='2500-1'
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR/LCP (2032781798): send AV service=ppp
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR/LCP (2032781798): send AV protocol=lcp
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR/LCP (2032781798): found list "vpdn"
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR/LCP (2032781798): Method=radius (radius)
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR (2032781798): 
Post authorization status = PASS_REPL
Jan 1 00:01:04.427: Vi3 AAA/AUTHOR/LCP: Processing AV service=ppp
Jan 1 00:01:04.427: Vi3 CHAP: O SUCCESS id 3 len 4
Jan 1 00:01:04.427: Vi3 PPP: Phase is VIRTUALIZED
Jan 1 00:01:04.427: Vi1 MLP: Added link Vi3 to bundle 2500-1
Jan 1 00:01:04.491: %SGBP-7-MQB: Bundle: 2500-1 State: Done OurBid:10000
Jan 1 00:01:04.491: %SGBP-7-PB: 10.51.6.61 State: Closed Bid: 050 Retry: 1
Jan 1 00:01:05.427: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, 
changed state to up

/image/gif/paws/23982/23982d.bmp

Debugs pris du LNS - 10.51.6.61

Jan 1 00:01:02.399: %SGBP-7-NEWP: Peer query #53 for 2500-1, 
count 1, peerbid 5 0, ourbid 0
Jan 1 00:01:04.411: L2TP: I SCCRQ from hgw tnl 49388
Jan 1 00:01:04.411: Tnl 43591 L2TP: Got a challenge in SCCRQ, hgw
Jan 1 00:01:04.411: Tnl 43591 L2TP: New tunnel created for remote hgw, 
address 10.51.6.68
Jan 1 00:01:04.411: Tnl 43591 L2TP: O SCCRP to hgw tnlid 49388
Jan 1 00:01:04.411: Tnl 43591 L2TP: Tunnel state change from idle to 
wait-ctl-reply
Jan 1 00:01:04.415: Tnl 43591 L2TP: I SCCCN from hgw tnl 49388
Jan 1 00:01:04.415: Tnl 43591 L2TP: Got a Challenge Response in SCCCN from hgw
Jan 1 00:01:04.415: Tnl 43591 L2TP: Tunnel Authentication success
Jan 1 00:01:04.415: Tnl 43591 L2TP: Tunnel state change from wait-ctl-reply 
to established
Jan 1 00:01:04.415: Tnl 43591 L2TP: SM State established
Jan 1 00:01:04.419: Tnl 43591 L2TP: I ICRQ from hgw tnl 49388
Jan 1 00:01:04.419: Tnl/Cl 43591/19 L2TP: Session FS enabled
Jan 1 00:01:04.419: Tnl/Cl 43591/19 L2TP: Session state change from idle 
to wait-connect
Jan 1 00:01:04.419: Tnl/Cl 43591/19 L2TP: New session created
Jan 1 00:01:04.419: Tnl/Cl 43591/19 L2TP: O ICRP to hgw 49388/19
Jan 1 00:01:04.423: Tnl/Cl 43591/19 L2TP: I ICCN from hgw tnl 49388, cl 19
Jan 1 00:01:04.423: Tnl/Cl 43591/19 L2TP: Session state change from 
wait-connect to established
Jan 1 00:01:04.423: Vi1 VTEMPLATE: Hardware address 0090.b121.0c00
Jan 1 00:01:04.423: Vi1 VPDN: Virtual interface created for 2500-1
Jan 1 00:01:04.423: Vi1 PPP: Phase is DOWN, Setup
Jan 1 00:01:04.423: Vi1 VTEMPLATE: Has a new cloneblk vtemplate, 
now it has vtemplate
Jan 1 00:01:04.423: Vi1 VTEMPLATE: 
************* CLONE VACCESS1 *****************
Jan 1 00:01:04.423: Vi1 VTEMPLATE: Clone from Virtual-Template1
interface Virtual-Access1
default ip address
ppp authentication chap vpdn
ppp authorization vpdn
ppp multilink
pp chap hostname nsa-7200-2
end

Jan 1 00:01:04.479: %LINK-3-UPDOWN: Interface Virtual-Access1, 
changed state to up
Jan 1 00:01:04.479: Vi1 PPP: Using set call direction
Jan 1 00:01:04.479: Vi1 PPP: Treating connection as a callin
Jan 1 00:01:04.479: Vi1 PPP: Phase is ESTABLISHING, Passive Open
Jan 1 00:01:04.479: Vi1 CHAP: Using alternate hostname nsa-7200-2
Jan 1 00:01:04.479: Vi1 LCP: State is Listen
Jan 1 00:01:04.479: Vi1 VPDN: Bind interface direction=2
Jan 1 00:01:04.479: Vi1 LCP: I FORCED CONFREQ len 24
Jan 1 00:01:04.479: Vi1 LCP: AuthProto CHAP (0x0305C22305)
Jan 1 00:01:04.479: Vi1 LCP: MagicNumber 0x15C13B5D (0x050615C13B5D)
Jan 1 00:01:04.479: Vi1 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:04.479: Vi1 LCP: EndpointDisc 1 Local (0x130901353330302D31)
Jan 1 00:01:04.479: Vi1 VPDN: PPP LCP accepted rcv CONFACK
Jan 1 00:01:04.479: Vi1 LCP: I FORCED CONFACK len 19
Jan 1 00:01:04.479: Vi1 LCP: MagicNumber 0x31BFCE57 (0x050631BFCE57)
Jan 1 00:01:04.479: Vi1 LCP: MRRU 1524 (0x110405F4)
Jan 1 00:01:04.479: Vi1 LCP: EndpointDisc 1 Local (0x130901323530302D31)
Jan 1 00:01:04.479: Vi1 VPDN: PPP LCP accepted sent CONFACK
Jan 1 00:01:04.479: Vi1 PPP: Phase is AUTHENTICATING, by this end
Jan 1 00:01:04.483: Vi1 CHAP: O CHALLENGE id 3 len 31 from "nsa-7200-2"
Jan 1 00:01:04.483: Vi1 CHAP: I RESPONSE id 3 len 27 from "2500-1"
Jan 1 00:01:04.483: Vi1 PPP: Phase is FORWARDING
Jan 1 00:01:04.483: Vi1 VPDN: Looking for tunnel -- --
Jan 1 00:01:04.483: Vi1 VPDN: Looking for tunnel -- --
Jan 1 00:01:04.483: %SGBP-7-NEWL: Local query #54 for 2500-1, count 1,
 ourbid 50
Jan 1 00:01:04.483: Vi1 VPDN: Continue using SGBP for 2500-1
Jan 1 00:01:04.483: Vi1 VPDN: Pending
Jan 1 00:01:04.483: Vi1 VPDN: Process created
Jan 1 00:01:04.875: %SGBP-7-DONE: Query #54 for bundle 2500-1, count 1, 
master is 10.51.6.59
Jan 1 00:01:04.875: %SGBP-7-MQB: Bundle: 2500-1 State: Done OurBid: 050
Jan 1 00:01:04.875: %SGBP-7-PB: 10.51.6.59 State: Closed Bid: 10000 Retry: 0
Jan 1 00:01:04.875: Vi1 VPDN: Forwarding...
Jan 1 00:01:04.875: Vi1 Tnl/Cl 46/12 L2F: 
Session_create: Tunnel in closed state
Jan 1 00:01:04.875: Tnl 46 L2F: 
UDP socket opened to 10.51.6.59 using source 10.51.6.61
Jan 1 00:01:04.875: Tnl 46 L2F: 
Tunnel MULTIHOP state change from closed stateopening
Jan 1 00:01:04.875: Vi1 Tnl/Cl 46/12 L2F: 
Session state change from closed to waiting_for_tunnel
Jan 1 00:01:04.875: Vi1 Tnl/Cl 46/12 L2F: 
Session_create: Closed Tunnel being Re-Opened
Jan 1 00:01:04.875: Vi1 VPDN: 2500-1 is forwarded
Jan 1 00:01:04.879: Tnl 46 L2F: L2F_CONF received
Jan 1 00:01:04.879: Tnl 46 L2F: Received L2F-CONF from MULTIHOP
Jan 1 00:01:04.879: AAA/AUTHEN/START (3039224583): 
port='' list='default' action=SENDAUTH service=PPP
Jan 1 00:01:04.883: AAA/AUTHEN/START (3039224583): found list default
Jan 1 00:01:04.883: AAA/AUTHEN/START (3039224583): Method=LOCAL
Jan 1 00:01:04.883: AAA/AUTHEN (3039224583): status = PASS
Jan 1 00:01:04.883: AAA/AUTHEN/START (3797117540): 
port='' list='default' action=SENDAUTH service=PPP
Jan 1 00:01:04.883: AAA/AUTHEN/START (3797117540): found list default
Jan 1 00:01:04.883: AAA/AUTHEN/START (3797117540): Method=LOCAL
Jan 1 00:01:04.883: AAA/AUTHEN (3797117540): status = PASS
Jan 1 00:01:04.883: Tnl 46 L2F: 
Tunnel MULTIHOP state change from opening state open
Jan 1 00:01:04.883: Tnl 46 L2F: 
Replying with L2F-OPEN, Tunnel in Open-Wait
Jan 1 00:01:04.887: Tnl 46 L2F: L2F_OPEN received
Jan 1 00:01:04.887: Tnl 46 L2F: OPEN from MULTIHOP 
received for tunnel in state open
Jan 1 00:01:04.887: AAA/AUTHEN/START (228147723): 
port='' list='default' action=LOGIN service=PPP
Jan 1 00:01:04.887: AAA/AUTHEN/START (228147723): found list default
Jan 1 00:01:04.887: AAA/AUTHEN/START (228147723): Method=LOCAL
Jan 1 00:01:04.887: AAA/AUTHEN (228147723): status = PASS
Jan 1 00:01:04.887: VPDN: Chap authentication succeeded for MULTIHOP
Jan 1 00:01:04.887: Tnl 46 L2F: 
Tunnel MULTIHOP state change from open state open
Jan 1 00:01:04.887: Vi1 Tnl/Cl 46/12 L2F: 
Session state change from waiting_for_tunnel to opening
Jan 1 00:01:04.887: Vi1 Tnl/Cl 46/12 L2F: 
Sending OPEN for Open-Waiting Session
Jan 1 00:01:04.935: Vi1 Tnl/Cl 46/12 L2F: L2F_OPEN received
Jan 1 00:01:04.935: Vi1 Tnl/Cl 46/12 L2F: 
OPEN received for existing session in state opening
Jan 1 00:01:04.935: Vi1 Tnl/Cl 46/12 L2F: 
Session state change from opening to open
Jan 1 00:01:04.935: Vi1 Tnl/Cl 46/12 L2F: 
MID synced NAS/HG Clid=46/46 Mid=12
Jan 1 00:01:04.935: Vi1 PPP: Phase is FORWARDED
Jan 1 00:01:05.875: %LINEPROTO-5-UPDOWN: Line protocol on Interface 
Virtual-Access1, changed state to up

/image/gif/paws/23982/23982e.bmp


Informations connexes


Document ID: 23982