拨号和接入 : 虚拟专用拨号网络 (VPDN)

用 Windows 2000 PC 配置 L2TP 客户端发起的隧道连接

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 4 月 23 日) | 反馈


目录


简介

在多数虚拟专用拨号网络(VPDN)方案中,客户端拨号网络接入服务器(NAS)。NAS然后发起VPDN Layer2隧道协议(L2TP)或第二层转发协议隧道对家庭网关(HGW)。这创建NAS,是L2TP接入集中器(LAC)终端和HGW之间的一VPDN连接,是L2TP网络服务器(LNS)终端。这意味着NAS和HGW之间的仅链路使用L2TP,并且通道不包括从客户端PC的链路到NAS。然而,运行Windows 2000操作系统的PC客户端当前能变为LAC和通过NAS发起从PC的一个L2TP通道,和终止在HGW/LNS。此配置示例显示您如何能配置这样通道。

先决条件

要求

在尝试此配置前,请保证您符合这些要求:

注意: NAS配置在本文没有包括。

使用的组件

本文档中的信息基于以下软件和硬件版本:

  • LNS :运行Cisco IOS�软件版本12.2(1)的Cisco 7200系列路由器

  • 客户端:Windows 2000 PC用调制解调器

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

相关产品

在本文包括的LNS的配置不平台特殊化,并且可以应用到所有支持VPDN路由器。

配置Windows 2000客户端PC的步骤是仅可适用的对Windows 2000和不对其他操作系统。

规则

有关文档规则的详细信息,请参阅 Cisco 技术提示规则

背景信息

按照介绍所述,与Windows 2000您能发起从客户端PC的一个L2TP通道和有任何地方在互联网服务提供商网络终止的通道。使用VPDN术语,此设置被称为“客户端初始化的”通道。因为客户端发起隧道是在PC的客户端软件发起的通道, PC承担LAC的角色。使用点对点协议(PPP),因为客户端将验证,质询握手验证协议(CHAP)或者密码认证协议无论如何,通道不需要验证。

使用客户端发起隧道优点和缺点

客户端发起隧道有两个优点和缺点,一些概述得此处:

优点:

  • 它绑从客户端的整个连接通过ISP共享网络和到企业网络上。

  • 它不要求在ISP网络的更多的配置。没有客户端发起隧道, ISP NAS或其Radius/TACACS+服务器需要配置发起通道到HGW。所以,企业必须协商以许多ISP允许用户通过他们的网络建立隧道。使用客户端发起隧道,最终用户可以连接到所有ISP手工然后发起通道到企业网络。

缺点:

  • 它不是一样可扩展作为一个ISP启动的通道。因为客户端发起隧道创建每个客户端的单个隧道, HGW必须单个终止很大数量的通道。

  • 客户端必须管理用于的客户端软件发起通道。这经常是支持相关的问题来源企业的。

  • 客户端必须有与ISP的一个帐户。因为客户端发起隧道可能只创建,在对ISP的连接被建立后,客户端必须有帐户连接对ISP网络。

运行原理

Thjs是在本文的示例如何工作:

  1. 使用客户端的ISP帐户,客户端PC拨号到NAS,验证,并且从ISP获取IP地址。

  2. 客户端发起并且构建L2TP通道对L2TP网络服务器HGW (LNS)。客户端将重新协商IP Control Protocol (IPCP),并且请从LNS获取一个新的IP地址。

配置L2TP的Windows 2000客户端

创建两Dial-Up Networking (DUN)连接:

  • 对拨入的一DUN连接对ISP。参考您的ISP关于此主题的更多信息。

  • L2TP通道的另一DUN连接。

要创建和配置L2TP的DUN连接,请执行在Windows 200客户端PC的这些步骤:

  1. 从开始菜单,请选择Settings > Control Panel > Network and Dial-up Connections > Make New Connection

    使用向导创建名为 L2TP 的连接。确保选择连接到私有网络通过Network Connection Type窗口的互联网。您必须也指定LNS/HGW的IP地址或名称。

  2. 新连接(已命名L2TP)在Network及Dial-up Connections窗口出现在控制面板下。从这里,编辑属性的右键单击。

  3. 点击Networking选项并且确保Type Of Server I Am Calling设置为L2TP

  4. 如果计划从HGW分配对此客户端的一个动态内部(企业网络)地址,通过本地池或DHCP,请选择TCP/IP协议。确保将客户端配置为自动获取 IP 地址。您可以也发出自动域名命名系统(DNS)信息。

    高级按钮允许您定义静态Windows Internet Naming Service (WINS)和DNS信息。选项卡允许您关闭IPSec或分配一项不同的策略到连接。在安全选项卡下,您能定义用户验证参数。例如, PAP、CHAP或者MS-CHAP或者Windows登陆。咨询网络系统管理员关于在客户端应该配置的参数的信息。

  5. 一旦连接配置,您能双击它冒出登录画面,然后连接。

额外注解

如果您的L2TP通道使用得IP安全并且/或者Microsoft点对点加密(MPPE),则您必须定义此命令在LNS/HGW的虚拟模板配置下。

ppp encrypt mppe 40

记住这要求已加密Cisco IOS软件特性集(IPSec至少特性组或IPSec与3DES)。

默认情况下, IPSec在Windows 2000启用。如果要禁用它,使用登记编辑,您必须修改Windows注册表:

在Win2k PC的禁用IPSec

警告 警告: 采取足够的注意事项(例如备份注册)在之前正在修改注册。您应该也参考正确步骤的Microsoft网站能修改注册。

添加对您的Windows的ProhibitIpSec注册值2000根据计算机,使用Regedt32.exe找出在注册的此密钥:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters

将以下注册表值添加到注册表项中:

Value Name: ProhibitIpSec
Data Type: REG_DWORD
Value: 1

注意: 您必须重新启动您的Windows基于2000的计算机使更改生效。请参考这些Microsoft条款关于更详细的资料。

  • Q258261 -禁用的IPSec策略与L2TP一起使用

  • Q240262- 使用预先共享密钥,如何配置L2TP/IPsec连接

对于一个更加复杂的设置使用Windows 2000,参考配置Cisco IOS和Windows 2000客户端L2TP的使用Microsoft IAS

配置

本部分提供有关如何配置本文档所述功能的信息。

注意: 要查找本文档所用命令的其他信息,请使用命令查找工具仅限注册用户)。

网络图

下面的网络图显示在客户端PC、ISP NAS和企业HGW中发生的多种协商。在Troubleshoot部分的调试示例表示这些处理。

/image/gif/paws/21381/l2tp-win2k-cit.gif

配置

本文档使用以下配置:

  • fifi (VPDN LNS/HGW)

注意: LNS配置的仅相关的部分包括。

fifi (VPDN LNS/HGW)
hostname fifi
!
username l2tp-w2k password 0 ww

!--- This is the password for the Windows 2000 client.
!--- With AAA, the username and password can be offloaded to the external
!--- AAA server.

!
vpdn enable

!--- Activates VPDN.

!
vpdn-group l2tp-w2k

!--- This is the default L2TP VPDN group.

 accept-dialin
  protocol l2tp 

  !--- This allows L2TP on this VPDN group.

  virtual-template 1 

  !--- Use virtual-template 1 for the virtual-interface configuration.

 no l2tp tunnel authentication

 !--- The L2TP tunnel is not authenticated.


 !--- Tunnel authentication is not needed because the client will be
 !--- authenticated using PPP CHAP/PAP. Keep in mind that the client is the
 !--- only user of the tunnel, so client authentication is sufficient.

!
interface loopback 0
 ip address 1.1.1.1 255.255.255.255
!
interface Ethernet1/0
 ip address 200.0.0.14 255.255.255.0
 ip router isis 
 duplex half
 tag-switching ip
!
interface Virtual-Template1

!--- Virtual-Template interface specified in the vpdn-group configuration.

 ip unnumbered Loopback0
 peer default ip address pool pptp

 !--- IP address for the client obtained from IP pool named pptp (defined below).

 ppp authentication chap
!
ip local pool pptp 1.100.0.1 1.100.0.10

!--- This defines the "Internal" IP address pool (named pptp) for the client.

ip route 199.0.0.0 255.255.255.0 200.0.0.45

验证

本部分所提供的信息可用于确认您的配置是否正常工作。

命令输出解释程序工具仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。

  • show vpdn —显示关于活动L2x通道和消息标识符的信息在VPDN。

  • show vpdn session window —显示关于窗口的信息VPDN会话的。

  • show users —提供所有用户一张全面的列表连接给路由器。

  • show caller user username detail —表示特定用户的参数,例如链路控制协议(LCP)、NCP和IPCP状态,以及分配的IP地址, PPP和PPP捆绑参数,等等。

show vpdn
---------

L2TP Tunnel and Session Information Total tunnels 1 sessions 1

!--- Note that there is one tunnel and one session.


LocID RemID Remote Name   State  Remote Address  Port  Sessions
25924 1     JVEYNE-W2K1.c est    199.0.0.8        1701  1       

!--- This is the tunnel information.
!--- The Remote Name shows the client PC's computer name, as well as the 
!--- IP address that was originally given to the client by the NAS. (This
!--- address has since been renegotiated by the LNS.)


LocID RemID TunID Intf          Username      State  Last Chg Fastswitch
2     1     25924 Vi1           l2tp-w2k      est    00:00:13 enabled 

!--- This is the session information.
!--- The username the client used to authenticate is l2tp-w2k.


%No active L2F tunnels

%No active PPTP tunnels

%No active PPPoE tunnels


show vpdn session window
--------------------

L2TP Session Information Total tunnels 1 sessions 1

LocID RemID TunID ZLB-tx  ZLB-rx  Rbit-tx Rbit-rx WSize MinWS Timeouts Qsize
2     1     25924 0       0       0       0       0     0     0        0    

%No active L2F tunnels

%No active PPTP tunnels

%No active PPPoE tunnels

show user
----------
    Line         User       Host(s)            Idle       Location
*  0 con 0                  idle               00:00:00   

  Interface      User        Mode              Idle       Peer Address
  Vi1          l2tp-w2k   Virtual PPP (L2TP  ) 00:00:08 

!--- User l2tp-w2k is connected on Virtual-Access Interface 1.
!--- Also note that the connection is identified as an L2TP tunnel.



show caller user l2tp-w2k detail
--------------------------

  User: l2tp-w2k, line Vi1, service PPP L2TP
        Active time 00:01:08, Idle time 00:00:00
  Timeouts:            Absolute  Idle
      Limits:          -         -         
      Disconnect in:   -         -         
  PPP: LCP Open, CHAP (<- local), IPCP

  !--- The LCP state is Open.

  LCP: -> peer, AuthProto, MagicNumber
       <- peer, MagicNumber, EndpointDisc
  NCP: Open IPCP

  !--- The IPCP state is Open.

  IPCP: <- peer, Address
        -> peer, Address
  IP: Local 1.1.1.1, remote 1.100.0.2

  !--- The IP address assigned to the client is 1.100.0.2 (from the IP pool
  !--- on the LNS).

  VPDN: NAS , MID 2, MID Unknown
        HGW , NAS CLID 0, HGW CLID 0, tunnel open

  !--- The VPDN tunnel is open. 

  Counts: 48 packets input, 3414 bytes, 0 no buffer
          0 input errors, 0 CRC, 0 frame, 0 overrun
          20 packets output, 565 bytes, 0 underruns
          0 output errors, 0 collisions, 0 interface resets

故障排除

本部分提供的信息可用于对配置进行故障排除。

故障排除命令

命令输出解释程序工具仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。

注意: 在发出 debug 命令之前,请参阅有关 Debug 命令的重要信息

  • debug ppp协商—显示关于PPP流量的信息并且交换,当协商PPP组件包括LCP、验证和NCP时。成功的PPP协商打开LCP状态,然后首先验证和终于协商NCP (通常IPCP)。

  • debug vpdn event — 显示属于正常隧道建立或关闭一部分的事件的相关消息。

  • debug vpdn error — 显示导致隧道无法建立的错误或导致已建立的隧道关闭的错误。

  • debug vpdn l2x-event —显示关于是正常隧道建立的一部分或关闭L2x的事件的消息。

  • debug vpdn l2x-error —显示防止L2x建立或防止其正常操作的L2x协议错误。

注意: 其中一些debug输出线路为打印目的分成多条线路。

启用在LNS指定的以上调试指令并且发起从Windows 2000客户端PC的一呼叫。此处调试显示从客户端、通道的建立,客户端的验证和IP地址的重新协商的隧道请求:

LNS: Incoming session from PC Win2K :
=====================================

*Jun  6 04:02:05.174: L2TP: I SCCRQ from JVEYNE-W2K1.cisco.com tnl 1

!--- This is the incoming tunnel initiation request from the client PC.

*Jun  6 04:02:05.178: Tnl 25924 L2TP: New tunnel created for remote 
   JVEYNE-W2K1.cisco.com, address 199.0.0.8

!--- The tunnel is created. Note that the client IP address is the one
!--- assigned by the NAS.
!--- This IP address will be renegotiatied later.

*Jun  6 04:02:05.178: Tnl 25924 L2TP: O SCCRP  to JVEYNE-W2K1.cisco.com tnlid 1
*Jun  6 04:02:05.178: Tnl 25924 L2TP: Tunnel state change from idle to wait-ctl-reply
*Jun  6 04:02:05.346: Tnl 25924 L2TP: I SCCCN from JVEYNE-W2K1.cisco.com tnl 1
*Jun  6 04:02:05.346: Tnl 25924 L2TP: Tunnel state change from wait-ctl-reply
   to established

!--- The tunnel is now established.

*Jun  6 04:02:05.346: Tnl 25924 L2TP: SM State established
*Jun  6 04:02:05.358: Tnl 25924 L2TP: I ICRQ from JVEYNE-W2K1.cisco.com tnl 1
*Jun  6 04:02:05.358: Tnl/Cl 25924/2 L2TP: Session FS enabled
*Jun  6 04:02:05.358: Tnl/Cl 25924/2 L2TP: Session state change from idle to 
   wait-connect
*Jun  6 04:02:05.358: Tnl/Cl 25924/2 L2TP: New session created
*Jun  6 04:02:05.358: Tnl/Cl 25924/2 L2TP: O ICRP to JVEYNE-W2K1.cisco.com 1/1
*Jun  6 04:02:05.514: Tnl/Cl 25924/2 L2TP: I ICCN from JVEYNE-W2K1.cisco.com tnl 1,
   cl 1

!--- The LNS receives ICCN (Incoming Call coNnected). The VPDN session is up, then
!--- the LNS receives the LCP layer along with the username and CHAP password
!--- of the client. A virtual-access will be cloned from the virtual-template 1.

*Jun  6 04:02:05.514: Tnl/Cl 25924/2 L2TP: Session state change from wait-connect
   to established

!--- A VPDN session is being established within the tunnel.

*Jun  6 04:02:05.514: Vi1 VPDN: Virtual interface created for 
*Jun  6 04:02:05.514: Vi1 PPP: Phase is DOWN, Setup [0 sess, 0 load]
*Jun  6 04:02:05.514: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking
*Jun  6 04:02:05.566: Tnl/Cl 25924/2 L2TP: Session with no hwidb
*Jun  6 04:02:05.570: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up
*Jun  6 04:02:05.570: Vi1 PPP: Using set call direction
*Jun  6 04:02:05.570: Vi1 PPP: Treating connection as a callin
*Jun  6 04:02:05.570: Vi1 PPP: Phase is ESTABLISHING, Passive Open [0 sess, 0 load]
*Jun  6 04:02:05.570: Vi1 LCP: State is Listen
*Jun  6 04:02:05.570: Vi1 VPDN: Bind interface direction=2
*Jun  6 04:02:07.546: Vi1 LCP: I CONFREQ [Listen] id 1 len 44

!--- LCP negotiation begins.

*Jun  6 04:02:07.546: Vi1 LCP:    MagicNumber 0x21A20F49 (0x050621A20F49)
*Jun  6 04:02:07.546: Vi1 LCP:    PFC (0x0702)
*Jun  6 04:02:07.546: Vi1 LCP:    ACFC (0x0802)
*Jun  6 04:02:07.546: Vi1 LCP:    Callback 6  (0x0D0306)
*Jun  6 04:02:07.546: Vi1 LCP:    MRRU 1614 (0x1104064E)
*Jun  6 04:02:07.546: Vi1 LCP:    EndpointDisc 1 Local
*Jun  6 04:02:07.546: Vi1 LCP:     (0x131701708695CDF2C64730B5B6756CE8)
*Jun  6 04:02:07.546: Vi1 LCP:     (0xB1AB1600000001)
*Jun  6 04:02:07.550: Vi1 LCP: O CONFREQ [Listen] id 1 len 19
*Jun  6 04:02:07.550: Vi1 LCP:    MRU 1460 (0x010405B4)
*Jun  6 04:02:07.550: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*Jun  6 04:02:07.550: Vi1 LCP:    MagicNumber 0xFA95EEC3 (0x0506FA95EEC3)
*Jun  6 04:02:07.550: Vi1 LCP: O CONFREJ [Listen] id 1 len 11
*Jun  6 04:02:07.550: Vi1 LCP:    Callback 6  (0x0D0306)
*Jun  6 04:02:07.550: Vi1 LCP:    MRRU 1614 (0x1104064E)
*Jun  6 04:02:07.710: Vi1 LCP: I CONFNAK [REQsent] id 1 len 8
*Jun  6 04:02:07.710: Vi1 LCP:    MRU 1514 (0x010405EA)
*Jun  6 04:02:07.710: Vi1 LCP: O CONFREQ [REQsent] id 2 len 15
*Jun  6 04:02:07.710: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*Jun  6 04:02:07.710: Vi1 LCP:    MagicNumber 0xFA95EEC3 (0x0506FA95EEC3)
*Jun  6 04:02:07.718: Vi1 LCP: I CONFREQ [REQsent] id 2 len 37
*Jun  6 04:02:07.718: Vi1 LCP:    MagicNumber 0x21A20F49 (0x050621A20F49)
*Jun  6 04:02:07.718: Vi1 LCP:    PFC (0x0702)
*Jun  6 04:02:07.718: Vi1 LCP:    ACFC (0x0802)
*Jun  6 04:02:07.718: Vi1 LCP:    EndpointDisc 1 Local
*Jun  6 04:02:07.718: Vi1 LCP:     (0x131701708695CDF2C64730B5B6756CE8)
*Jun  6 04:02:07.718: Vi1 LCP:     (0xB1AB1600000001)
*Jun  6 04:02:07.718: Vi1 LCP: O CONFACK [REQsent] id 2 len 37
*Jun  6 04:02:07.718: Vi1 LCP:    MagicNumber 0x21A20F49 (0x050621A20F49)
*Jun  6 04:02:07.718: Vi1 LCP:    PFC (0x0702)
*Jun  6 04:02:07.718: Vi1 LCP:    ACFC (0x0802)
*Jun  6 04:02:07.718: Vi1 LCP:    EndpointDisc 1 Local
*Jun  6 04:02:07.718: Vi1 LCP:     (0x131701708695CDF2C64730B5B6756CE8)
*Jun  6 04:02:07.718: Vi1 LCP:     (0xB1AB1600000001)
*Jun  6 04:02:07.858: Vi1 LCP: I CONFACK [ACKsent] id 2 len 15
*Jun  6 04:02:07.858: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*Jun  6 04:02:07.858: Vi1 LCP:    MagicNumber 0xFA95EEC3 (0x0506FA95EEC3)
*Jun  6 04:02:07.858: Vi1 LCP: State is Open

!--- LCP negotiation is complete.

*Jun  6 04:02:07.858: Vi1 PPP: Phase is AUTHENTICATING, by this end [0 sess, 0 load]
*Jun  6 04:02:07.858: Vi1 CHAP: O CHALLENGE id 5 len 25 from "fifi"
*Jun  6 04:02:07.870: Vi1 LCP: I IDENTIFY [Open] id 3 len 18 magic 0x21A20F49
   MSRASV5.00
*Jun  6 04:02:07.874: Vi1 LCP: I IDENTIFY [Open] id 4 len 27 magic 0x21A20F49
   MSRAS-1-JVEYNE-W2K1
*Jun  6 04:02:08.018: Vi1 CHAP: I RESPONSE id 5 len 29 from "l2tp-w2k"
*Jun  6 04:02:08.018: Vi1 CHAP: O SUCCESS id 5 len 4

!--- CHAP authentication is successful. If authentication fails, check the
!--- username and password on the LNS.

*Jun  6 04:02:08.018: Vi1 PPP: Phase is UP [0 sess, 0 load]
*Jun  6 04:02:08.018: Vi1 IPCP: O CONFREQ [Closed] id 1 len 10
*Jun  6 04:02:08.018: Vi1 IPCP:    Address 1.1.1.1 (0x030601010101)
*Jun  6 04:02:08.158: Vi1 CCP: I CONFREQ [Not negotiated] id 5 len 10
*Jun  6 04:02:08.158: Vi1 CCP:    MS-PPC supported bits 0x01000001 (0x120601000001)
*Jun  6 04:02:08.158: Vi1 LCP: O PROTREJ [Open] id 3 len 16 protocol CCP
   (0x80FD0105000A120601000001)
*Jun  6 04:02:08.170: Vi1 IPCP: I CONFREQ [REQsent] id 6 len 34
*Jun  6 04:02:08.170: Vi1 IPCP:    Address 0.0.0.0 (0x030600000000)
*Jun  6 04:02:08.170: Vi1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Jun  6 04:02:08.170: Vi1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
*Jun  6 04:02:08.170: Vi1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Jun  6 04:02:08.170: Vi1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
*Jun  6 04:02:08.170: Vi1 IPCP: Pool returned 1.100.0.2

!--- This is the new "Internal" IP address for the client returned by the
!--- LNS IP address pool.

*Jun  6 04:02:08.170: Vi1 IPCP: O CONFREJ [REQsent] id 6 Len 28
*Jun  6 04:02:08.170: Vi1 IPCP:    PrimaryDNS 0.0.0.0 (0x810600000000)
*Jun  6 04:02:08.170: Vi1 IPCP:    PrimaryWINS 0.0.0.0 (0x820600000000)
*Jun  6 04:02:08.170: Vi1 IPCP:    SecondaryDNS 0.0.0.0 (0x830600000000)
*Jun  6 04:02:08.170: Vi1 IPCP:    SecondaryWINS 0.0.0.0 (0x840600000000)
*Jun  6 04:02:08.174: Vi1 IPCP: I CONFACK [REQsent] id 1 Len 10
*Jun  6 04:02:08.174: Vi1 IPCP:    Address 1.1.1.1 (0x030601010101)
*Jun  6 04:02:08.326: Vi1 IPCP: I CONFREQ [ACKrcvd] id 7 Len 10
*Jun  6 04:02:08.326: Vi1 IPCP:    Address 0.0.0.0 (0x030600000000)
*Jun  6 04:02:08.326: Vi1 IPCP: O CONFNAK [ACKrcvd] id 7 Len 10
*Jun  6 04:02:08.330: Vi1 IPCP:    Address 1.100.0.2 (0x030601640002)
*Jun  6 04:02:08.486: Vi1 IPCP: I CONFREQ [ACKrcvd] id 8 Len 10
*Jun  6 04:02:08.486: Vi1 IPCP:    Address 1.100.0.2 (0x030601640002)
*Jun  6 04:02:08.486: Vi1 IPCP: O CONFACK [ACKrcvd] id 8 Len 10
*Jun  6 04:02:08.490: Vi1 IPCP:    Address 1.100.0.2 (0x030601640002)
*Jun  6 04:02:08.490: Vi1 IPCP: State is Open
*Jun  6 04:02:08.490: Vi1 IPCP: Install route to 1.100.0.2
*Jun  6 04:02:09.018: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
   changed state to up

!--- The interface is up.

在LNS的此debug输出显示断开呼叫的Windows 2000客户端。注释LNS认可断开并且执行通道的一干净的关闭的多种消息:

*Jun  6 04:03:25.174: Vi1 LCP: I TERMREQ [Open] id 9 Len 16 
   (0x21A20F49003CCD7400000000)

!--- This is the incoming session termination request. This means that the client
!--- disconnected the call.

*Jun  6 04:03:25.174: Vi1 LCP: O TERMACK [Open] id 9 Len 4
*Jun  6 04:03:25.354: Vi1 Tnl/Cl 25924/2 L2TP: I CDN from JVEYNE-W2K1.cisco.com
   tnl 1, CL 1
*Jun  6 04:03:25.354: Vi1 Tnl/CL 25924/2 L2TP: Destroying session
*Jun  6 04:03:25.358: Vi1 Tnl/CL 25924/2 L2TP: Session state change from established
   to idle
*Jun  6 04:03:25.358: Vi1 Tnl/CL 25924/2 L2TP: Releasing idb for LAC/LNS tunnel
   25924/1 session 2 state idle
*Jun  6 04:03:25.358: Vi1 VPDN: Reset
*Jun  6 04:03:25.358: Tnl 25924 L2TP: Tunnel state change from established to
   no-sessions-left
*Jun  6 04:03:25.358: Tnl 25924 L2TP: No more sessions in tunnel, shutdown (likely)
   in 10 seconds

!--- Because there are no more calls in the tunnel, it will be shut down.

*Jun  6 04:03:25.362: %LINK-3-UPDOWN: Interface Virtual-Access1,
   changed state to down
*Jun  6 04:03:25.362: Vi1 LCP: State is Closed
*Jun  6 04:03:25.362: Vi1 IPCP: State is Closed
*Jun  6 04:03:25.362: Vi1 PPP: Phase is DOWN [0 sess, 0 load]
*Jun  6 04:03:25.362: Vi1 VPDN: Cleanup
*Jun  6 04:03:25.362: Vi1 VPDN: Reset
*Jun  6 04:03:25.362: Vi1 VPDN: Unbind interface
*Jun  6 04:03:25.362: Vi1 VPDN: Unbind interface
*Jun  6 04:03:25.362: Vi1 VPDN: Reset
*Jun  6 04:03:25.362: Vi1 VPDN: Unbind interface
*Jun  6 04:03:25.362: Vi1 IPCP: Remove route to 1.100.0.2
*Jun  6 04:03:25.514: Tnl 25924 L2TP: I StopCCN from JVEYNE-W2K1.cisco.com tnl 1
*Jun  6 04:03:25.514: Tnl 25924 L2TP: Shutdown tunnel

!--- The tunnel is shut down.

*Jun  6 04:03:25.514: Tnl 25924 L2TP: Tunnel state change from no-sessions-left
   to idle
*Jun  6 04:03:26.362: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1,
   changed state to down

相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


相关信息


Document ID: 21381