Configuring L2TP Multihop to Perform MMPPP at the LNS [Virtual Private Dialup Network (VPDN)]

Document ID: 9496

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Configure
      PPP Negotiation with LAC Using Remote Dial-up Client
      Network Diagram
      Configurations
Verify
Troubleshoot
      Troubleshoot Commands
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

Multihop Virtual Private Dial-up Network (VPDN) allows customers to perform Multichassis Multilink Point-to-Point Protocol (MMPPP) on their home gateway (HGW) or L2TP network server (LNS) in a VPDN scenario. The main advantages are sharing tunnel resources between the HGW/LNS routers (for example, performing local authentication and authorization for every individual B-channel in ISDN connections), and the possibility to offload by default to another router in the network.

Both L2F and L2TP are supported in this scenario. However, since L2TP is becoming the industry standard, this document focuses on L2TP.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

Cisco IOS® Software Releases 12.0(7)T - 12.1(1)
L2TP Access Concentrator (LAC): Cisco AS5300 that runs Cisco IOS Software Release 12.0(7)T
LNS: Cisco 7206 Series Router that runs Cisco IOS Software Release 12.0(7)T
Client : Cisco 800 Series Router that runs Cisco IOS Software Release 12.1(1)T

The information presented in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are working in a live network, ensure that you understand the potential impact of any command before using it.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: To find additional information on the commands used in this document, use the Command Lookup Tool ( registered customers only) .

PPP Negotiation with LAC Using Remote Dial-up Client

In this scenario, the remote dial-up client starts PPP negotiation with the LAC:

The LAC negotiates link control protocol (LCP) and pre-authenticates this user. If the domain name for the user matches the specified domain in the VPDN group, the LAC tries to forward a session to LNS1 specified in the VPDN Group. If no session is established yet to LNS1, a tunnel is established using Start-Control-Connection-Request (SCCRQ).
The session is established from the LAC to LNS1 through Incoming-Call-Request (ICRQ). LCP information is forwarded and authentication is completed in LNS1. A virtual access interface is created.
LNS1 informs the rest of the routers in its Stack Group Bidding Protocol (SGBP) group about the ownership of the call. Other routers forward all sessions for that user to the offload server or bundle owner through L2F. The owner of the call creates another virtual access interface. The incoming multilink sessions for this call are bundled to this virtual access interface.
A second channel is raised from the dial-up client. The LAC performs LCP negotiation and pre-authentication. The LAC tries to open a session for this second channel using a second destination in the VPDN Group (LNS2). If no session is defined, a tunnel is created by means of SCCRQ.
The session to LNS2 is established through ICRQ. LCP and authentication are completed in LNS2. A virtual access interface is created.
The session is part of the multilink bundle announced by LNS1. It is forwarded to the owner of the multilink bundle through L2F. LNS2 does not create a new virtual access interface for this session.
The owner of the multilink call receives the second PPP session. The owner bundles it to the virtual access interface created for this multilink call.

Network Diagram

This document uses the network setup shown in this diagram:

Configurations

This document uses these configurations:

Cisco 800 (Remote Client)
AS5300 (LAC)
7200 (LNS1)
7200 (LNS2)

Cisco 800 (Remote Client)

maui-soho-04#show running-config 
Building configuration...

Current configuration:
!
version 12.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname maui-soho-04
!
ip subnet-zero
!
isdn switch-type basic-ni
!
interface Ethernet0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 no keepalive
!
interface BRI0
! --- Physical interface.
 no ip address
 encapsulation ppp
 dialer pool-member 10

!--- Assign BRI0 as a member of dialer pool 10.
!--- Dialer pool 10 is specified in the interface Dialer 1.

 isdn switch-type basic-ni
 isdn spid1 51299699380101 9969938
 isdn spid2 51299699460101 9969946
 ppp authentication chap callin
 ppp multilink
!
interface Dialer1

!--- Dialer interface for the DDR connection.

 ip address negotiated

!--- IP address is assigned by the peer.

 ip nat outside
 encapsulation ppp
 dialer pool 10

!--- Defines Dialer pool 10.
!--- BRI 0 is a member of this pool.

 dialer idle-timeout 900
 dialer string 3781690 class 56k

!--- Defines the destination router's phone number. 


!--- This connection also uses a map-class 
!--- named 56 k defined  here.

 dialer load-threshold 1 outbound

!--- This sets the outbound load level for traffic at which 
!--- additional connections are added to the MP bundle load level.
!--- The  values range from 1 (unloaded) to 255 (fully loaded).

 dialer max-call 4096
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname user@cisco.com

!--- Challenge Handshake Authentication Protocol (CHAP) hostname that
!--- is sent to the peer during PPP negotiation.
!--- Since this scenario involves VPDN, the CHAP 
!--- username has the domain cisco.com.
!--- The LAC initiates the VPDN tunnel to the LNS 
!--- when it receives this username.

 ppp chap password 7 <deleted>

!--- CHAP password for this connection.

 ppp multilink
!
ip nat inside source list 101 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
map-class dialer 56k
 dialer isdn speed 56
access-list 101 permit ip 10.0.0.0 0.0.0.255 any log
dialer-list 1 protocol ip permit
!
line con 0
 exec-timeout 0 0
 transport input none
 stopbits 1
line vty 0 4
 login    
!
end

AS5300 (LAC)

maui-nas-06#show running-config 
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname maui-nas-06
!
aaa new-model
aaa authentication login default local
aaa authentication login NO_AUTHEN none
aaa authentication ppp default local

!--- Basic AAA configuration for PPP calls.

!
spe 1/0 1/7
 firmware location system:/ucode/mica_port_firmware
spe 2/0 2/7
 firmware location system:/ucode/mica_port_firmware
!
resource-pool disable
!
ip subnet-zero
!
vpdn enable

!--- Turns on VPDN.

vpdn multihop

!--- Enables Multihop VPDN.

!
vpdn search-order domain 

!--- Instructs the LAC to attempt to tunnel 
!--- VPDN calls based on the user domain name.

vpdn-group 1

!--- This is the VPDN group for the service provider.

 request-dialin

!--- Configures a request dial-in VPDN subgroup.

  protocol l2tp

!--- Configures L2TP as the tunnel protocol.

  domain cisco.com

!--- Specifies that users with the domain name 
!--- cisco.com  are tunneled by this 
!--- VPDN group. The client username must have "@cisco.com" 
!--- for it to be tunneled.

 initiate-to ip 172.22.53.144 priority 1
 initiate-to ip 172.22.53.145 priority 1

!--- Specifies the IP addresses of the service 
!--- provider LNS. The priority keyword 
!--- is only necessary if the service provider 
!--- has multiple LNSs (as in this case). 
!--- To equally share the load of calls between 
!--- all the LNSs, each IP address 
!---  is given the same priority number. 
!--- To specify an LNS as a backup, 
!--- it is given a higher priority number.

 l2tp tunnel password 7 <deleted>

!--- Configures the L2TP tunnel password 
!--- that is used to authenticate L2TP 
!--- tunnels with the LNS.
!--- Both tunnel endpoints must have the same L2TP 
!--- tunnel password configured. 

!
isdn switch-type primary-ni
isdn voice-call-failure 0
mta receive maximum-recipients 0
!
!
controller T1 0
 framing esf
 clock source line primary
 linecode b8zs
 pri-group timeslots 1-24
!

!--- Unused interface configurations  are removed.

!
interface Ethernet0

!--- Interface to be used for the VPDN tunnels.

 ip address 172.22.53.146 255.255.255.0
 no ip directed-broadcast
!

!--- Unused interface configurations  are removed.

!
interface Serial0:23
 no ip address
 no ip directed-broadcast
 encapsulation ppp
 isdn switch-type primary-ni
 isdn incoming-voice modem
 fair-queue 64 256 0
 ppp authentication chap callin
 ppp multilink
!
interface FastEthernet0
 no ip address
 no ip directed-broadcast
 shutdown
 duplex auto
 speed auto
!
interface Group-Async0
 ip unnumbered Ethernet0
 no ip directed-broadcast
 encapsulation ppp
 async mode dedicated
 ppp authentication chap callin
 group-range 1 192
!
ip classless
no ip http server
!
!
!
line con 0
 exec-timeout 0 0
 login authentication NO_AUTHEN
 transport input none
line 1 192
 modem InOut
 transport preferred none
 transport input all
 transport output none
line aux 0
line vty 0 4
!
end

Note: If you usually use the single VPDN configuration command that existed in some older Cisco IOS software releases, you encounter a problem when you configure VPDN multihop. The issue is that, as shown here, you are unable to directly specify multliple LNSs.

maui-nas-06(config)#vpdn outgoing ?
  WORD  Name of GW domain
  dnis  Use DNIS to find tunnel

maui-nas-06(config)#vpdn outgoing cisco.com ?
  WORD  Name to use when authenticating to gateway

maui-nas-06(config)#vpdn outgoing cisco.com LAC ?
  ip  Use IP

maui-nas-06(config)#vpdn outgoing cisco.com LAC ip ?
  A.B.C.D  IP destination

maui-nas-06(config)#vpdn outgoing cisco.com LAC ip 172.22.53.144 ?
  <cr>  
maui-nas-06(config)#vpdn outgoing cisco.com LAC ip 172.22.53.144

Use the show running-config command to see the VPDN group configuration:

vpdn-group 1
 request-dialin
  protocol l2f
  domain cisco.com
 initiate-to ip 172.22.53.144 priority 1
 local name LAC

Note: There is only one tunnel endpoint configured. Use this example to configure the additional LNS:

maui-nas-06(config)#vpdn-group 1
 maui-nas-06(config-vpdn)#initiate-to ip 172.22.53.145 priority 1

In this scenario, since you want to equally share the load of calls between all the LNSs, each IP address is given the same priority number. To specify an LNS as a backup, give it a higher priority number.

For more information on entering VPDN commands, refer to VPDN Group Reorganization.

7200 (LNS1)

maui-rtr-04#show running-config 
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname maui-rtr-04
!
aaa new-model
aaa authentication login default local
aaa authentication login NO_AUTHEN none
aaa authentication ppp default local

!--- Basic AAA configuration for PPP calls.

!
username user@cisco.com password 0 cisco

!--- Username and password for the VPDN user 
!--- must be configured on all SGBP 
!--- members. If you use an AAA server, this configuration 
!---  is offloaded to it.
!--- Note: The username must include the domain name.

username MMPPP password 0 cisco

!--- Username and password for the stack group (for SGBP).
!--- The username must exactly match the stack group name (MMPPP).
!--- This username/password combination must be 
!--- configured on every SGBP peer.

!
ip subnet-zero
!
!         
sgbp group MMPPP

!--- Stack group name. Note the corresponding 
!--- username/password configuration above.

sgbp member maui-rtr-05 172.22.53.145

!--- maui-rtr-05 at IP address 172.22.53.145 is 
!--- defined as an SGBP peer.

vpdn enable

!--- Turns on VPDN.

vpdn multihop

!--- Enables Multihop VPDN.

!
vpdn-group 1

!--- Default L2TP VPDN group for the LNS.

 accept-dialin

!--- Creates an accept dial-in VPDN subgroup.

  protocol l2tp

!--- Specifies L2TP as the tunneling protocol.

  virtual-template 1

!--- Instructs the LNS to clone virtual 
!--- access interfaces for VPDN sessions from 
!--- virtual-template 1.

 l2tp tunnel password 7 <deleted>

!--- The L2TP tunnel password that is 
!--- used to authenticate L2TP tunnels 
!--- with maui-nas-06 (LAC).
!--- Both tunnel endpoints must have the same L2TP 
!--- tunnel password configured.

!

!--- Unused interface configurations  are removed.

!
interface Ethernet3/0
 ip address 172.22.53.144 255.255.255.0

!--- Interface that  is used for 
!--- the VPDN and SGBP tunnels.

 no ip directed-broadcast
!

!--- Unused interface configurations  are removed.

!
interface Virtual-Template1

!--- Virtual-template 1 is used to clone virtual access interfaces for
!--- incoming VPDN sessions.

 ip unnumbered Ethernet3/0

!--- Virtual access interfaces  use 
!--- the IP address of Ethernet 3/0.
!--- Do not configure a specific IP address on 
!--- the virtual-template interface.
!--- Only unnumbered addresses (as shown) must be used.

 no ip directed-broadcast
 peer default ip address pool CISCO

!--- LNS  assigns an IP address to 
!--- VPDN sessions from the pool named CISCO.

 ppp authentication chap callin

!--- Use CHAP authentication.

 ppp multilink
!
ip local pool CISCO 172.22.53.140 172.22.53.143

!--- Pool of IP addresses that are assigned 
!--- to incoming VPDN sessions.

ip classless
no ip http server
!
!
line con 0
 exec-timeout 0 0
 login authentication NO_AUTHEN
 transport input none
line aux 0
line vty 0 4
!
end

7200 (LNS1)

maui-rtr-05#show running-config 
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname maui-rtr-05
!
aaa new-model
aaa authentication login default local
aaa authentication login NO_AUTHEN none
aaa authentication ppp default local

!--- Basic AAA configuration for PPP calls.

!
username user@cisco.com password 0 cisco

!--- Username and password for the VPDN user must be 
!--- configured on all SGBP members.
!--- If you use an AAA server, this configuration  is offloaded.
!--- Note: The username must include the domain name.

username MMPPP password 0 cisco

!--- Username and password for the stack group (for SGBP).
!--- The username must exactly match the stack group name (MMPPP).
!--- This username/password combination must be 
!--- configured on every SGBP peer.

!
ip subnet-zero
! 
sgbp group MMPPP

!--- Stack group name. Note the corresponding 
!--- username/password configuration above.

sgbp member maui-rtr-04 172.22.53.144

!--- maui-rtr-04 at IP address 172.22.53.144 is 
!--- defined as an SGBP peer.

vpdn enable

!--- Turn on VPDN.

vpdn multihop

!--- Enable Multihop VPDN.

!
vpdn-group 1

!--- Default L2TP VPDN group for the LNS.

 accept-dialin

!--- Creates an accept dial-in VPDN subgroup.

  protocol l2tp

!--- Specifies L2TP as the tunneling protocol.

  virtual-template 1

!--- Instructs the LNS to clone virtual access 
!--- interfaces for VPDN sessions from 
!--- virtual-template 1.

 l2tp tunnel password 7 <deleted>

!--- The L2TP tunnel password that is used 
!--- to authenticate L2TP tunnels with 
!--- maui-nas-06 (LAC). Both tunnel endpoints must 
!--- have the same L2TP tunnel 
!--- password configured.

!

!--- Unused interface configurations  are removed.

!
interface FastEthernet6/0
 ip address 172.22.53.145 255.255.255.0

!--- Interface that  is used for the VPDN and SGBP tunnels.

 no ip directed-broadcast
 half-duplex
!
interface FastEthernet6/1
 no ip address
 no ip directed-broadcast
 shutdown
 half-duplex
!
interface Virtual-Template1

!--- Virtual-template 1 is used to clone virtual access interfaces for
!--- incoming VPDN sessions.

 ip unnumbered FastEthernet6/0

!--- Virtual access interfaces  use 
!--- the IP address of Ethernet 3/0.
!--- Do not configure a specific IP address on the 
!--- virtual-template interface.
!--- Only unnumbered addresses (as shown) must be used.

 no ip directed-broadcast
 peer default ip address pool CISCO

!--- LNS  assigns an IP address to VPDN 
!--- sessions from the pool named CISCO.

 ppp authentication chap callin

!--- Use CHAP authentication.

 ppp multilink
!
ip local pool CISCO 172.22.53.147 172.22.53.149

!--- Pool of IP addresses that are assigned 
!--- to incoming VPDN sessions.

ip classless
no ip http server
!
!
line con 0
 exec-timeout 0 0
 login authentication NO_AUTHEN
 transport input none
line aux 0
line vty 0 4
!
end

Verify

This section provides the information to confirm that your configuration works properly.

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) . This allows you to view an analysis of show command output.

show vpdn—Used to view information about the L2TP tunnel and session.
show caller user—Used to check for specifics of a particular user.

On the LAC (maui-nas-06), enter the show vpdn command.

Note: There are two L2TP tunnels--one to each LNS.

maui-nas-06#show vpdn

L2TP Tunnel and Session Information (Total tunnels=2 sessions=2)

!--- Total active L2TP tunnels and L2TP session.

LocID RemID Remote Name   State  Remote Address  Port  Sessions
11    6     maui-rtr-04   est    172.22.53.144   1701  1  

!--- Tunnel information to maui-rtr-04 (LNS1).
 

LocID RemID TunID Intf    Username      State  Last Chg Fastswitch
11    6     11    Se0:3   user@cisco.co est    00:02:16 enabled 

!--- Tunnel session information for user@cisco.com (to maui-rtr-04).


LocID RemID Remote Name   State  Remote Address  Port  Sessions
12    6     maui-rtr-05   est    172.22.53.145   1701  1    

!--- Tunnel information to maui-rtr-05 (LNS2).


LocID RemID TunID Intf    Username      State  Last Chg Fastswitch
12    6     12    Se0:4   user@cisco.co est    00:02:15 enabled 

!--- Tunnel session information for user@cisco.com (to maui-rtr-05).


% No active L2F tunnels 

!--- No L2F tunnels.

Using the show vpdn command on the LNS provides some details on the tunnels that are active:

maui-rtr-04#show vpdn

L2TP Tunnel and Session Information (Total tunnels=1 sessions=1)

!--- Total active L2TP tunnels and L2TP session.
!--- Only the tunnel from the LAC is L2TP.


LocID RemID Remote Name   State  Remote Address  Port  Sessions
6     11    maui-nas-06   est    172.22.53.146   1701  1    

!--- L2TP Tunnel information from maui-nas-06 (LAC).
    

LocID RemID TunID Intf    Username      State  Last Chg Fastswitch
6     11    6     Vi1     user@cisco.co est    00:04:09 enabled 

!--- Tunnel session information for user@cisco.com (from LAC).


L2F Tunnel and Session Information (Total tunnels=1 sessions=1)

!--- L2F tunnel for the SGBP link. SGBP can only use L2F tunnel.


 NAS CLID HGW CLID NAS Name        HGW Name        State
 6        6        MMPPP           MMPPP           open   
                   172.22.53.145   172.22.53.144  

!--- L2F tunnel information for SGBP link.
!--- Both the Tunnel endpoint names are MMPPP.
!--- This is also the Stack Group name for this SGBP group.


 CLID   MID    Username                   Intf   State
 6      4      user@cisco.com             Vi2    open 

!--- VPDN session from the LAC forwarded by maui-rtr-05(LNS2).
!--- With this tunnel all the tunnels from the client (user@cisco.com)
!--- are terminated on maui-rtr-04 (the owner of the multink bundle).

Use the show caller user command on the LNS to check the specifics of a particular user.

maui-rtr-04#show caller user user@cisco.com

  User: user@cisco.com, line Vi1, service PPP L2TP
  
!--- L2TP session for user@cisco.com (from the LAC) 
!--- is terminated here.

        Active time 00:05:02, Idle time 00:00:00
  Timeouts:            Absolute  Idle
      Limits:          -         -         
      Disconnect in:   -         -         
  PPP: LCP Open, multilink Open, CHAP (<- AAA)
  VPDN: NAS , MID 6, MID close-wait
        HGW  , NAS CLID 0, HGW CLID 0, tunnel open
  
!--- Tunnel state is open.

  Counts: 75 packets input, 1838 bytes, 0 no buffer
          0 input errors, 0 CRC, 0 frame, 0 overrun
          69 packets output, 1731 bytes, 0 underruns
          0 output errors, 0 collisions, 0 interface resets

  User: user@cisco.com, line Vi2, service PPP L2F
  
!--- L2F session for user@cisco.com 
  !--- (from the other LNS) is terminated here.
  !--- The L2F tunnel is neccessary because of SGBP.

        Active time 00:05:01, Idle time 00:00:02
  Timeouts:            Absolute  Idle
      Limits:          -         -         
      Disconnect in:   -         -         
  PPP: LCP Open, CHAP (<- AAA)
  VPDN: NAS MMPPP, MID 4, MID open
        HGW  MMPPP, NAS CLID 6, HGW CLID 6, tunnel open
  
!--- SGBP tunnel endpoint names are the 
!--- same as the stack group names.  
  !--- Tunnel state is open.

  Counts: 62 packets input, 1028 bytes, 0 no buffer
          0 input errors, 0 CRC, 0 frame, 0 overrun
          126 packets output, 2997 bytes, 0 underruns
          0 output errors, 0 collisions, 0 interface resets

  User: user@cisco.com, line Vi3, service PPP Bundle
  
!--- PPP Multilink Bundle is terminated on Virtual-Access 3 (Vi3).
  !--- All PPP parameters for the client exist in Vi3.

        Active time 00:05:03, Idle time 00:05:03
  Timeouts:            Absolute  Idle
      Limits:          -         -         
      Disconnect in:   -         -         
  PPP: LCP Open, multilink Open, IPCP
  IP: Local 172.22.53.144, remote 172.22.53.140
  
!--- IP address for the client (user@cisco.com) 
!--- is assigned from the local pool CISCO.

  Counts: 4 packets input, 146 bytes, 0 no buffer
          0 input errors, 0 CRC, 0 frame, 0 overrun
          9 packets output, 663 bytes, 0 underruns
          0 output errors, 0 collisions, 0 interface resets

Troubleshoot

This section provides the information to troubleshoot your configuration.

Troubleshoot Commands

Certain show commands are supported by the Output Interpreter Tool ( registered customers only) . This allows you to view an analysis of show command output.

Note: Before you issue debug commands, refer to Important Information on Debug Commands.

debug ppp negotiation—Displays if a client passes PPP negotiation. You are able to see what options (for example, callback or MMPPP) and what protocols (such as IP and IPX) are negotiated.
debug ppp authentication—Displays if a client passes authentication. Covers CHAP and Password Authentication Protocol (PAP).
debug vpdn event—Displays messages about events that are part of normal tunnel establishment or shutdown. For more information, refer to the debug command reference.
debug vpdn error—Displays errors that prevent a tunnel from being established or errors that cause an established tunnel to be closed.
debug vpdn l2x-event—Displays L2F/L2TP messages that are part of the tunnel establishment and shutdown.
debug vpdn l2x-packet—Displays the dialog between NAS/LAC and HGW/LNS for tunnel or session creation.
debug sgbp events—Provides Multichassis Multilink details that include SGBP bidding.
debug sgbp dial-bids—Displays large scale dial-out negotiations between the primary network access server and alternate network access servers.

These debug outputs explain the process that each router goes through to establish the VPDN and SGBP sessions. Although specific errors are not included, by understanding and properly reading the debugs, you can easily identify errors when they occur.

These debugs are taken from the LAC (maui-nas-06). Upon receipt of the username of the client, the LAC initiates a VPDN L2TP tunnel to one of the LNSs. When the second call from the client is received, the LAC initiates a tunnel to the other LNS. This, in turn, uses SGBP to forward the call to the first LNS.

maui-nas-06#debug ppp negotiation
PPP protocol negotiation debugging is on
maui-nas-06#debug ppp authentication
PPP authentication debugging is on
maui-nas-06#debug vpdn event 
VPDN events debugging is on
maui-nas-06#debug vpdn error
VPDN errors debugging is on
maui-nas-06#debug vpdn l2x-event
L2X protocol events debugging is on
maui-nas-06#show debug
VPN:
  L2X protocol events debugging is on
  VPDN events debugging is on
  VPDN errors debugging is on
PPP:
  PPP authentication debugging is on
  PPP protocol negotiation debugging is on
maui-nas-06#
*Jan  1 11:53:29.021: %LINK-3-UPDOWN: Interface Serial0:3, changed state to up

!--- Incoming call arrives.

*Jan  1 11:53:29.025: Se0:3 PPP: Treating connection as a callin
*Jan  1 11:53:29.025: Se0:3 PPP: Phase is ESTABLISHING, Passive Open
*Jan  1 11:53:29.025: Se0:3 LCP: State is Listen
*Jan  1 11:53:29.493: Se0:3 LCP: I CONFREQ [Listen] id 21 len 31
*Jan  1 11:53:29.493: Se0:3 LCP:    MagicNumber 0x529B9206 (0x0506529B9206)
*Jan  1 11:53:29.493: Se0:3 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:29.493: Se0:3 LCP:    EndpointDisc 1 Local
*Jan  1 11:53:29.493: Se0:3 LCP:     (0x1311017573657240636973636F2E636F)
*Jan  1 11:53:29.493: Se0:3 LCP:     (0x6D)
*Jan  1 11:53:29.493: Se0:3 LCP: O CONFREQ [Listen] id 2 len 33
*Jan  1 11:53:29.493: Se0:3 LCP:    AuthProto CHAP (0x0305C22305)
*Jan  1 11:53:29.493: Se0:3 LCP:    MagicNumber 0x330E0199 (0x0506330E0199)
*Jan  1 11:53:29.493: Se0:3 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:29.493: Se0:3 LCP:    EndpointDisc 1 Local 
(0x130E016D6175692D6E61732D3036)
*Jan  1 11:53:29.493: Se0:3 LCP: O CONFACK [Listen] id 21 len 31
*Jan  1 11:53:29.493: Se0:3 LCP:    MagicNumber 0x529B9206 (0x0506529B9206)
*Jan  1 11:53:29.497: Se0:3 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:29.497: Se0:3 LCP:    EndpointDisc 1 Local
*Jan  1 11:53:29.497: Se0:3 LCP:     (0x1311017573657240636973636F2E636F)
*Jan  1 11:53:29.497: Se0:3 LCP:     (0x6D)
*Jan  1 11:53:29.541: Se0:3 LCP: I CONFACK [ACKsent] id 2 len 33
*Jan  1 11:53:29.541: Se0:3 LCP:    AuthProto CHAP (0x0305C22305)
*Jan  1 11:53:29.541: Se0:3 LCP:    MagicNumber 0x330E0199 (0x0506330E0199)
*Jan  1 11:53:29.541: Se0:3 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:29.541: Se0:3 LCP:    EndpointDisc 1 Local 
(0x130E016D6175692D6E61732D3036)
*Jan  1 11:53:29.541: Se0:3 LCP: State is Open

!--- LCP negotiation is complete.

*Jan  1 11:53:29.541: Se0:3 PPP: Phase is AUTHENTICATING, by this end
*Jan  1 11:53:29.541: Se0:3 CHAP: O CHALLENGE id 2 len 32 from "maui-nas-06"

!--- Outgoing CHAP challenge from maui-nas-06 (LAC).

*Jan  1 11:53:29.597: Se0:3 CHAP: I RESPONSE id 2 len 35 from "user@cisco.com"

!--- Incoming CHAP response from user@cisco.com (client).

Jan  1 11:53:29.601: Se0:3 PPP: Phase is FORWARDING
*Jan  1 11:53:29.601: Se0:3 VPDN: Got DNIS string 81690
*Jan  1 11:53:29.601: Se0:3 VPDN: Looking for tunnel -- cisco.com --

!--- Searches for tunnel based on domain name (cisco.com).

*Jan  1 11:53:29.601: Se0:3 VPDN/RPMS/1: Got tunnel info for cisco.com

!--- Tunnel attributes are obtained.

*Jan  1 11:53:29.601: Se0:3 VPDN/RPMS/1:   LAC maui-nas-06
*Jan  1 11:53:29.601: Se0:3 VPDN/RPMS/1:   l2tp-tunnel-password xxxxxx

!--- L2TP tunnel password is used.

*Jan  1 11:53:29.601: Se0:3 VPDN/RPMS/1:   2 IP addresses
*Jan  1 11:53:29.601: Se0:3 VPDN/RPMS/1:     IP 172.22.53.144 Priority 1
*Jan  1 11:53:29.601: Se0:3 VPDN/RPMS/1:     IP 172.22.53.145 Priority 1

!--- There are two possible L2TP Tunnel Endpoints (one for each LNS).
!--- Both endpoint options have the same priority.

*Jan  1 11:53:29.601: Se0:3 VPDN/1: curlvl 1 Address 0: 172.22.53.144,  
priority 1 
*Jan  1 11:53:29.601: Se0:3 VPDN/1: Select non-active address 172.22.53.144, 
priority 1

!--- Tunnel to maui-rtr-04 (with IP address 
!--- 172.22.53.144)  is created.

*Jan  1 11:53:29.601: Tnl 11 L2TP: SM State idle
*Jan  1 11:53:29.605: Tnl 11 L2TP: O SCCRQ 

!--- LAC sends an outgoing SCCRQ message  
!--- to LNS to begin L2TP tunnel negotiation. 
!--- The Local Tunnel ID is 11.

*Jan  1 11:53:29.605: Tnl 11 L2TP: Tunnel state change from idle to wait-ctl-reply
*Jan  1 11:53:29.605: Tnl 11 L2TP: SM State wait-ctl-reply
*Jan  1 11:53:29.605: Se0:3 VPDN: Find LNS process created
*Jan  1 11:53:29.605: Se0:3 VPDN: Forward to address 172.22.53.144
*Jan  1 11:53:29.605: Se0:3 VPDN: Pending
*Jan  1 11:53:29.605: Se0:3 VPDN: Process created
*Jan  1 11:53:29.605: Tnl 11 L2TP: I SCCRP from maui-rtr-04

!--- Incoming Start-Control-Connection-Reply 
!--- (SCCRP) message from LNS 
!--- (maui-rtr-04). This indicates that the LNS received the SCCRQ message.

*Jan  1 11:53:29.605: Tnl 11 L2TP: Got a challenge from remote peer, maui-rtr-04
*Jan  1 11:53:29.609: Tnl 11 L2TP: Got a response from remote peer, maui-rtr-04
*Jan  1 11:53:29.609: Tnl 11 L2TP: Tunnel Authentication success
*Jan  1 11:53:29.609: Tnl 11 L2TP: Tunnel state change from wait-ctl-reply 
to established

!--- L2TP Tunnel Authentication is successful.  The tunnel state is changed 
!--- to established.

*Jan  1 11:53:29.609: Tnl 11 L2TP: O SCCCN  to maui-rtr-04 tnlid 6

!--- Outgoing Start-Control-Connection-Connected 
!--- (SCCN) message to LNS 
!--- (maui-rtr-04). This completes L2TP tunnel negotiation. 
!--- The Tunnel ID 6 is also indicated.

*Jan  1 11:53:29.609: Tnl 11 L2TP: SM State established
*Jan  1 11:53:29.609: Se0:3 VPDN: Forwarding...
*Jan  1 11:53:29.609: Se0:3 VPDN: Bind interface direction=1
*Jan  1 11:53:29.609: Tnl/Cl 11/11 L2TP: Session sequencing disabled
*Jan  1 11:53:29.609: Tnl/Cl 11/11 L2TP: Session FS enabled
*Jan  1 11:53:29.609: Tnl/Cl 11/11 L2TP: Session state change from idle 
to wait-for-tunnel
*Jan  1 11:53:29.609: Se0:3 Tnl/Cl 11/11 L2TP: Create session
*Jan  1 11:53:29.609: Tnl 11 L2TP: SM State established
*Jan  1 11:53:29.609: Se0:3 Tnl/Cl 11/11 L2TP: O ICRQ to maui-rtr-04 6/0

!--- Outoging ICRQ message is sent to LNS 
!--- intitiating tunnel session.

*Jan  1 11:53:29.609: Se0:3 Tnl/Cl 11/11 L2TP: Session state change from 
wait-for-tunnel to wait-reply
*Jan  1 11:53:29.609: Se0:3 VPDN: user@cisco.com is forwarded

!--- User user@cisco.com is forwarded on the L2TP tunnel.

*Jan  1 11:53:29.613: Se0:3 Tnl/Cl 11/11 L2TP: O ICCN to maui-rtr-04 6/6
*Jan  1 11:53:29.613: Se0:3 Tnl/Cl 11/11 L2TP: Session state change from 
wait-reply to established
*Jan  1 11:53:30.609: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:3, 
changed state to up
*Jan  1 11:53:30.801: %LINK-3-UPDOWN: Interface Serial0:4, changed state to up
*Jan  1 11:53:30.801: %ISDN-6-CONNECT: Interface Serial0:3 is now connected to  
user@cisco.com

!--- Call is connected. 
!--- The LAC enters this state when the LNS completes its own PPP negotiation 
!--- to the client.

*Jan  1 11:53:30.801: Se0:4 PPP: Treating connection as a callin

!--- Second incoming call from the client. 
!--- Note the different DS0 (Se0:4 vs Se0:3) 
!--- the call arrives on.

*Jan  1 11:53:30.801: Se0:4 PPP: Phase is ESTABLISHING, Passive Open
*Jan  1 11:53:30.801: Se0:4 LCP: State is Listen
*Jan  1 11:53:31.033: Se0:4 LCP: I CONFREQ [Listen] id 21 len 31
*Jan  1 11:53:31.033: Se0:4 LCP:    MagicNumber 0x529B9833 (0x0506529B9833)
*Jan  1 11:53:31.033: Se0:4 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:31.033: Se0:4 LCP:    EndpointDisc 1 Local
*Jan  1 11:53:31.033: Se0:4 LCP:     (0x1311017573657240636973636F2E636F)
*Jan  1 11:53:31.033: Se0:4 LCP:     (0x6D)
*Jan  1 11:53:31.033: Se0:4 LCP: O CONFREQ [Listen] id 2 len 33
*Jan  1 11:53:31.033: Se0:4 LCP:    AuthProto CHAP (0x0305C22305)
*Jan  1 11:53:31.033: Se0:4 LCP:    MagicNumber 0x330E07A0 (0x0506330E07A0)
*Jan  1 11:53:31.033: Se0:4 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:31.033: Se0:4 LCP:    EndpointDisc 1 Local 
(0x130E016D6175692D6E61732D3036)
*Jan  1 11:53:31.033: Se0:4 LCP: O CONFACK [Listen] id 21 len 31
*Jan  1 11:53:31.033: Se0:4 LCP:    MagicNumber 0x529B9833 (0x0506529B9833)
*Jan  1 11:53:31.033: Se0:4 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:31.033: Se0:4 LCP:    EndpointDisc 1 Local
*Jan  1 11:53:31.037: Se0:4 LCP:     (0x1311017573657240636973636F2E636F)
*Jan  1 11:53:31.037: Se0:4 LCP:     (0x6D)
*Jan  1 11:53:31.061: Se0:4 LCP: I CONFACK [ACKsent] id 2 len 33
*Jan  1 11:53:31.061: Se0:4 LCP:    AuthProto CHAP (0x0305C22305)
*Jan  1 11:53:31.061: Se0:4 LCP:    MagicNumber 0x330E07A0 (0x0506330E07A0)
*Jan  1 11:53:31.061: Se0:4 LCP:    MRRU 1524 (0x110405F4)
*Jan  1 11:53:31.061: Se0:4 LCP:    EndpointDisc 1 Local 
(0x130E016D6175692D6E61732D3036)
*Jan  1 11:53:31.061: Se0:4 LCP: State is Open
*Jan  1 11:53:31.061: Se0:4 PPP: Phase is AUTHENTICATING, by this end
*Jan  1 11:53:31.061: Se0:4 CHAP: O CHALLENGE id 2 len 32 from "maui-nas-06"

!--- Outgoing CHAP challenge from maui-nas-06 (LAC).

*Jan  1 11:53:31.085: Se0:4 CHAP: I RESPONSE id 2 len 35 from "user@cisco.com"

!--- Incoming CHAP response from user@cisco.com (client).

*Jan  1 11:53:31.089: Se0:4 PPP: Phase is FORWARDING
*Jan  1 11:53:31.089: Se0:4 VPDN: Got DNIS string 81690
*Jan  1 11:53:31.089: Se0:4 VPDN: Looking for tunnel -- cisco.com --

!--- Searching for tunnel based on domain name (cisco.com).

*Jan  1 11:53:31.089: Se0:4 VPDN/RPMS/1: Got tunnel info for cisco.com
*Jan  1 11:53:31.089: Se0:4 VPDN/RPMS/1:   LAC maui-nas-06
*Jan  1 11:53:31.089: Se0:4 VPDN/RPMS/1:   l2tp-tunnel-password xxxxxx
*Jan  1 11:53:31.089: Se0:4 VPDN/RPMS/1:   2 IP addresses
*Jan  1 11:53:31.089: Se0:4 VPDN/RPMS/1: IP 172.22.53.144 Priority 1
*Jan  1 11:53:31.089: Se0:4 VPDN/RPMS/1:  IP 172.22.53.145 Priority 1

!--- There are two possible L2TP 
!--- tunnel endpoints (one for each LNS).
!--- Both endpoint options have the same priority.

*Jan  1 11:53:31.089: Se0:4 VPDN/1: curlvl 1 Address 0: 172.22.53.144,  priority 1 
*Jan  1 11:53:31.089: Se0:4 VPDN/1: curlvl 1 Address 1: 172.22.53.145,  priority 1 
*Jan  1 11:53:31.089: Se0:4 VPDN/1: Select non-active address 172.22.53.145, 
priority 1

!--- Tunnel to maui-rtr-05 (with IP address 172.22.53.145)
!--- is created.
!--- This is not the LNS that the first channel  is tunneled to.
!--- The tunnel endpoints have the same priority. So 
!--- the LAC  load balances
!--- between the two LNS.

*Jan  1 11:53:31.089: Tnl 12 L2TP: SM State idle
*Jan  1 11:53:31.089: Tnl 12 L2TP: O SCCRQ 
*Jan  1 11:53:31.093: Tnl 12 L2TP: Tunnel state change from idle to wait-ctl-reply
*Jan  1 11:53:31.093: Tnl 12 L2TP: SM State wait-ctl-reply
*Jan  1 11:53:31.093: Se0:4 VPDN: Find LNS process created
*Jan  1 11:53:31.093: Se0:4 VPDN: Forward to address 172.22.53.145
*Jan  1 11:53:31.093: Se0:4 VPDN: Pending
*Jan  1 11:53:31.093: Se0:4 VPDN: Process created
*Jan  1 11:53:31.093: Tnl 12 L2TP: I SCCRP from maui-rtr-05
*Jan  1 11:53:31.093: Tnl 12 L2TP: Got a challenge from remote peer, maui-rtr-05
*Jan  1 11:53:31.093: Tnl 12 L2TP: Got a response from remote peer, maui-rtr-05
*Jan  1 11:53:31.093: Tnl 12 L2TP: Tunnel Authentication success

!--- L2TP Tunnel Authentication is successful.

*Jan  1 11:53:31.093: Tnl 12 L2TP: Tunnel state change from wait-ctl-reply 
to established
*Jan  1 11:53:31.093: Tnl 12 L2TP: O SCCCN  to maui-rtr-05 tnlid 6
*Jan  1 11:53:31.093: Tnl 12 L2TP: SM State established
*Jan  1 11:53:31.097: Se0:4 VPDN: Forwarding...
*Jan  1 11:53:31.097: Se0:4 VPDN: Bind interface direction=1
*Jan  1 11:53:31.097: Tnl/Cl 12/12 L2TP: Session sequencing disabled
*Jan  1 11:53:31.097: Tnl/Cl 12/12 L2TP: Session FS enabled
*Jan  1 11:53:31.097: Tnl/Cl 12/12 L2TP: Session state change from idle 
to wait-for-tunnel
*Jan  1 11:53:31.097: Se0:4 Tnl/Cl 12/12 L2TP: Create session
*Jan  1 11:53:31.097: Tnl 12 L2TP: SM State established
*Jan  1 11:53:31.097: Se0:4 Tnl/Cl 12/12 L2TP: O ICRQ to maui-rtr-05 6/0
*Jan  1 11:53:31.097: Se0:4 Tnl/Cl 12/12 L2TP: Session state change from 
wait-for-tunnel to wait-reply
*Jan  1 11:53:31.097: Se0:4 VPDN: user@cisco.com is forwarded

!--- User user@cisco.com is forwarded on the L2TP tunnel.

*Jan  1 11:53:31.101: Se0:4 Tnl/Cl 12/12 L2TP: O ICCN to maui-rtr-05 6/6
*Jan  1 11:53:31.101: Se0:4 Tnl/Cl 12/12 L2TP: Session state change from 
wait-reply to established
*Jan  1 11:53:32.097: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0:4, 
changed state to up
*Jan  1 11:53:36.801: %ISDN-6-CONNECT:Interface Serial0:4 is now connected to  
user@cisco.com

!--- Call is connected. The LAC enters this state 
!--- when the LNS completes
!--- its own PPP negotiation to the client.

These debugs are obtained from the first LNS (maui-rtr-04).

maui-rtr-04#debug ppp negotiation
PPP protocol negotiation debugging is on
maui-rtr-04#debug ppp authentication
PPP authentication debugging is on
maui-rtr-04#debug sgbp event
SGBP events debugging is on
maui-rtr-04#debug sgbp dial-bids 
SGBP dial-bids debugging is on
maui-rtr-04#debug vpdn event 
VPDN events debugging is on
maui-rtr-04#debug vpdn error
VPDN errors debugging is on
maui-rtr-04#debug vpdn l2x-event
L2X protocol events debugging is on
maui-rtr-04#show debug
MLPVT group:
  SGBP dial-bids debugging is on
  SGBP events debugging is on
VPN:
  L2X protocol events debugging is on
  VPDN events debugging is on
  VPDN errors debugging is on
PPP:
  PPP authentication debugging is on
  PPP protocol negotiation debugging is on
maui-rtr-04#
*May 22 13:55:17.911: L2TP: I SCCRQ from maui-nas-06 tnl 11

!--- LNS receives an SCCRQ message from LAC. 
!--- This identifies the tunnel with ID 11. 
!--- LNS considers ID 11 to be the remote ID. 
!--- LAC considers it to be the local ID.

*May 22 13:55:17.911: Tnl 6 L2TP: Got a challenge in SCCRQ, maui-nas-06

!--- LNS locally identifies this tunnel with ID 6.

*May 22 13:55:17.915: Tnl 6 L2TP: New tunnel created for remote maui-nas-06, 
address 172.22.53.146

!--- A new L2TP tunnel  is created to the LAC.

*May 22 13:55:17.915: Tnl 6 L2TP: O SCCRP  to maui-nas-06 tnlid 11
*May 22 13:55:17.915: Tnl 6 L2TP: Tunnel state change from idle to wait-ctl-reply
*May 22 13:55:17.915: Tnl 6 L2TP: I SCCCN from maui-nas-06 tnl 11
*May 22 13:55:17.915: Tnl 6 L2TP: Got a Challenge Response in SCCCN from maui-nas-06
*May 22 13:55:17.915: Tnl 6 L2TP: Tunnel Authentication success
*May 22 13:55:17.919: Tnl 6 L2TP: Tunnel state change from wait-ctl-reply 
to established

!--- The L2TP tunnel is changed to the state established.

*May 22 13:55:17.919: Tnl 6 L2TP: SM State established
*May 22 13:55:17.919: Tnl 6 L2TP: I ICRQ from maui-nas-06 tnl 11
*May 22 13:55:17.919: Tnl/Cl 6/6 L2TP: Session sequencing disabled
*May 22 13:55:17.919: Tnl/Cl 6/6 L2TP: Session FS enabled
*May 22 13:55:17.919: Tnl/Cl 6/6 L2TP: Session state change from idle to wait-connect
*May 22 13:55:17.919: Tnl/Cl 6/6 L2TP: New session created

!--- A new session (for the user) is created.

*May 22 13:55:17.919: Tnl/Cl 6/6 L2TP: O ICRP to maui-nas-06 11/11
*May 22 13:55:17.923: Tnl/Cl 6/6 L2TP: I ICCN from maui-nas-06 tnl 11, cl 11
*May 22 13:55:17.923: Tnl/Cl 6/6 L2TP: Session state change from wait-connect 
to established
*May 22 13:55:17.923: Vi1 VPDN: Virtual interface created for user@cisco.com
*May 22 13:55:17.923: Vi1 PPP: Phase is DOWN, Setup
*May 22 13:55:17.923: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=1 blocking
*May 22 13:55:17.947: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

!--- Virtual Access 1 is brought up. 
!--- The L2TP session from the LAC  is terminated here.

*May 22 13:55:17.951: Vi1 PPP: Treating connection as a dedicated line
*May 22 13:55:17.951: Vi1 PPP: Phase is ESTABLISHING, Active Open
*May 22 13:55:17.951: Vi1 LCP: O CONFREQ [Closed] id 1 len 27
*May 22 13:55:17.951: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*May 22 13:55:17.951: Vi1 LCP:    MagicNumber 0xD859008F (0x0506D859008F)
*May 22 13:55:17.951: Vi1 LCP:    MRRU 1524 (0x110405F4)
*May 22 13:55:17.951: Vi1 LCP:    EndpointDisc 1 Local (0x1308014D4D505050)
*May 22 13:55:17.951: Vi1 VPDN: Bind interface direction=2
*May 22 13:55:17.951: Vi1 PPP: Treating connection as a dedicated line
*May 22 13:55:17.951: Vi1 LCP: I FORCED CONFREQ len 29

!--- LAC has forwarded client LCP negotiation parameters.
!--- The LNS then forces this information onto virtual access interface 1.

*May 22 13:55:17.951: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*May 22 13:55:17.951: Vi1 LCP:    MagicNumber 0x330E0199 (0x0506330E0199)
*May 22 13:55:17.951: Vi1 LCP:    MRRU 1524 (0x110405F4)
*May 22 13:55:17.951: Vi1 LCP:    EndpointDisc 1 Local (0x130E016D6175692D6E61732D3036)
*May 22 13:55:17.951: Vi1 VPDN: PPP LCP accepted rcv CONFACK
*May 22 13:55:17.951: Vi1 VPDN: PPP LCP accepted sent CONFACK
*May 22 13:55:17.951: Vi1 PPP: Phase is AUTHENTICATING, by this end
*May 22 13:55:17.951: Vi1 CHAP: O CHALLENGE id 3 len 26 from "MMPPP"

!--- Outgoing challenge to the client from MMPPP. 
!--- MMPPP is also the Stack Group Name configured on the LNS.
!--- If the client authenticates the LNS (in this case it does not), 
!--- the client must have username MMPPP configured.

*May 22 13:55:17.951: Vi1 CHAP: I RESPONSE id 2 len 35 from "user@cisco.com"
! --- Incoming CHAP response from user@cisco.com
*May 22 13:55:17.951: Vi1 PPP: Phase is FORWARDING
*May 22 13:55:17.951: Vi1 VPDN: Looking for tunnel -- cisco.com --
*May 22 13:55:17.955: VPDN/cisco.com: Authorization failed, could not talk to 
AAA server or local tunnel problem

!--- The LNS  attempts  to find a VPDN group for domain cisco.com.
!--- This output is irrelevant as the LNS  does not create  another VPDN tunnel
!--- to another LNS for multihop multihop.
!--- Refer to Configuring L2TP Multihop to Perform 
!--- Several Hops from the NAS to the LNS.

*May 22 13:55:17.955: Vi1 VPDN: Continue using SGBP for user@cisco.com
*May 22 13:55:17.955: Vi1 VPDN: Pending
*May 22 13:55:17.955: Vi1 VPDN: Process created
*May 22 13:55:18.255: Vi1 VPDN: Not forwarded
*May 22 13:55:18.255: Vi1 PPP: Phase is AUTHENTICATING
*May 22 13:55:18.255: Vi1 CHAP: I RESPONSE id 2 len 35 from "user@cisco.com"
*May 22 13:55:18.255: Vi1 CHAP: O SUCCESS id 2 len 4

!--- CHAP authentication of the client is successful.

*May 22 13:55:18.255: Vi1 PPP: Phase is VIRTUALIZED
*May 22 13:55:18.271: Vi3 PPP: Phase is DOWN, Setup
*May 22 13:55:18.323: Vi1 CDPCP: Packet buffered while building MLP bundle interface
*May 22 13:55:18.323: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up

!--- Virtual-Access 3 is the interface for the multilink PPP bundle.

*May 22 13:55:18.327: Vi3 PPP: Treating connection as a dedicated line
*May 22 13:55:18.327: Vi3 PPP: Phase is ESTABLISHING, Active Open
*May 22 13:55:18.327: Vi3 LCP: O CONFREQ [Closed] id 1 len 27
*May 22 13:55:18.327: Vi3 LCP:    AuthProto CHAP (0x0305C22305)
*May 22 13:55:18.327: Vi3 LCP:    MagicNumber 0xD8590209 (0x0506D8590209)
*May 22 13:55:18.327: Vi3 LCP:    MRRU 1524 (0x110405F4)
*May 22 13:55:18.327: Vi3 LCP:    EndpointDisc 1 Local (0x1308014D4D505050)
*May 22 13:55:18.327: Vi3 VPDN: Virtual interface iteration
*May 22 13:55:18.327: Vi3 PPP: Phase is UP
*May 22 13:55:18.327: Vi3 IPCP: O CONFREQ [Closed] id 1 len 10
*May 22 13:55:18.327: Vi3 IPCP:    Address 172.22.53.144 (0x0306AC163590)
*May 22 13:55:18.327: Vi3 PPP: Pending ncpQ size is 1
*May 22 13:55:18.327: Vi1 CDPCP: Redirect packet to Vi3
*May 22 13:55:18.327: Vi3 CDPCP: I CONFREQ [Not negotiated] id 9 len 4
*May 22 13:55:18.327: Vi3 LCP: O PROTREJ [Open] id 2 len 10 protocol CDPCP 
(0x820701090004)
*May 22 13:55:18.331: Vi3 IPCP: I CONFREQ [REQsent] id 14 len 10
*May 22 13:55:18.331: Vi3 IPCP:    Address 0.0.0.0 (0x030600000000)
*May 22 13:55:18.331: Vi3 IPCP: Pool returned 172.22.53.140


!--- IP address for the remote client is returned by a local IP pool.

*May 22 13:55:18.331: Vi3 IPCP: O CONFNAK [REQsent] id 14 len 10
*May 22 13:55:18.331: Vi3 IPCP:    Address 172.22.53.140 (0x0306AC16358C)
*May 22 13:55:18.363: Vi3 IPCP: I CONFACK [REQsent] id 1 len 10
*May 22 13:55:18.363: Vi3 IPCP:    Address 172.22.53.144 (0x0306AC163590)
*May 22 13:55:18.367: Vi3 IPCP: I CONFREQ [ACKrcvd] id 15 len 10
*May 22 13:55:18.367: Vi3 IPCP:    Address 172.22.53.140 (0x0306AC16358C)
*May 22 13:55:18.367: Vi3 IPCP: O CONFACK [ACKrcvd] id 15 len 10
*May 22 13:55:18.367: Vi3 IPCP:    Address 172.22.53.140 (0x0306AC16358C)
*May 22 13:55:18.367: Vi3 IPCP: State is Open

!--- IPCP negotiation is complete.

*May 22 13:55:18.367: Vi3 IPCP: Install route to 172.22.53.140

!--- Route to remote client is installed.

*May 22 13:55:19.255: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, 
changed state to up
*May 22 13:55:19.327: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, 
changed state to up
*May 22 13:55:19.763: L2X: L2F_CONF received
*May 22 13:55:19.763: Tnl 6 L2F: Received L2F-CONF from MMPPP

!--- Received an L2F Tunnel request. 
!--- This is the SGBP Tunnel from maui-rtr-05. 
!--- SGBP only uses L2F tunnels.

*May 22 13:55:19.763: L2X: Cannot use source-ip 255.255.255.255 
which is not one of our addresses.
*May 22 13:55:19.763: Tnl 6 L2F: Opened UDP socket to 172.22.53.145 
using source 172.22.53.144
*May 22 13:55:19.763: Tnl 6 L2F: Tunnel MMPPP state change from closed state opening

!--- Tunnel MPPP state is changed to opening.

*May 22 13:55:19.767: Tnl 6 L2F: Sending L2F-CONF to peer
*May 22 13:55:19.767: Tnl 6 L2F: L2F_OPEN received
*May 22 13:55:19.767: Tnl 6 L2F: OPEN from MMPPP received for tunnel in state opening
*May 22 13:55:19.767: VPDN: Chap authentication succeeded for MMPPP

!--- CHAP authentication for the tunnel is successful.

*May 22 13:55:19.767: Tnl 6 L2F: Tunnel MMPPP state change from opening state open
*May 22 13:55:19.767: Tnl 6 L2F: Replying to MMPPP with L2F-OPEN
*May 22 13:55:19.771: Tnl 6 L2F: L2F_OPEN received
*May 22 13:55:19.771: Tnl 6 L2F: New OPEN received for Session 4
*May 22 13:55:19.771: user@cisco.comTnl/Cl 6/4 L2F: 
Session state change from closed to opening

!--- L2F session (for the client) is intiated on this tunnel. 

*May 22 13:55:19.771: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*May 22 13:55:19.771: Vi2 PPP: Treating connection as a dedicated line
*May 22 13:55:19.771: Vi2 PPP: Phase is ESTABLISHING, Active Open
*May 22 13:55:19.771: Vi2 LCP: O CONFREQ [Closed] id 3 len 10
*May 22 13:55:19.771: Vi2 LCP:    MagicNumber 0xD85907B0 (0x0506D85907B0)
*May 22 13:55:19.775: Vi2 VPDN: 
Virtual interface created for user@cisco.com bandwidth 56 Kbps
*May 22 13:55:19.775: Vi2 PPP: Phase is DOWN, Setup
*May 22 13:55:19.775: Vi2 PPP: Treating connection as a dedicated line
*May 22 13:55:19.775: Vi2 PPP: Phase is ESTABLISHING, Active Open
*May 22 13:55:19.775: Vi2 LCP: O CONFREQ [Closed] id 1 len 10
*May 22 13:55:19.775: Vi2 LCP:    MagicNumber 0xD85907B5 (0x0506D85907B5)
*May 22 13:55:19.775: Vi2 VPDN: No Virtual Template defined - check configs
*May 22 13:55:19.775: Vi2 VPDN: Bind interface direction=2
*May 22 13:55:19.775: Vi2 PPP: Treating connection as a dedicated line
*May 22 13:55:19.775: Vi2 LCP: I FORCED CONFREQ len 29
*May 22 13:55:19.775: Vi2 LCP:    AuthProto CHAP (0x0305C22305)
*May 22 13:55:19.775: Vi2 LCP:    MagicNumber 0x330E07A0 (0x0506330E07A0)
*May 22 13:55:19.775: Vi2 LCP:    MRRU 1524 (0x110405F4)
*May 22 13:55:19.775: Vi2 LCP:    EndpointDisc 1 Local 
(0x130E016D6175692D6E61732D3036)
*May 22 13:55:19.775: Vi2 VPDN: PPP LCP accepted rcv CONFACK
*May 22 13:55:19.775: Vi2 VPDN: PPP LCP accepted sent CONFACK
*May 22 13:55:19.775: Vi2 PPP: Phase is AUTHENTICATING, by this end
*May 22 13:55:19.775: Vi2 CHAP: O CHALLENGE id 3 len 26 from "MMPPP"

!--- Outgoing challenge to the client.

*May 22 13:55:19.775: Vi2 Tnl/Cl 6/4 L2F: Transfer NAS-Rate L2F/56000/56000 to LCP
*May 22 13:55:19.775: Vi2 CHAP: I RESPONSE id 2 len 35 from "user@cisco.com"
*May 22 13:55:19.775: Vi2 PPP: Phase is FORWARDING
*May 22 13:55:19.775: Vi2 VPDN: Looking for tunnel -- cisco.com --
*May 22 13:55:19.775: VPDN/cisco.com: 
Authorization failed, could not talk to AAA server or local tunnel problem

!--- The LNS  attempts  to find a VPDN group for domain cisco.com.
!--- This output is irrelevant as the LNS  does not create  another VPDN tunnel
!--- to another LNS for multihop multihop.
!--- Refer to Configuring L2TP Multihop to Perform 
!--- Several Hops from the NAS to the LNS.

*May 22 13:55:19.779: Vi2 VPDN: Multihop illegal for Multichassis Multilink
*May 22 13:55:19.779: Vi2 VPDN: Continue PPP authentication for user@cisco.com
*May 22 13:55:19.779: Vi2 PPP: Phase is AUTHENTICATING
*May 22 13:55:19.779: Vi2 Tnl/Cl 6/4 L2F: Created VA for Mid, Replying with OPEN
*May 22 13:55:19.779: Vi2 Tnl/Cl 6/4 L2F: Session state change from opening to open
*May 22 13:55:19.779: Vi2 CHAP: O SUCCESS id 2 len 4

!--- CHAP is successful.

*May 22 13:55:19.779: Vi2 PPP: Phase is VIRTUALIZED
*May 22 13:55:19.951: Vi1 LCP: TIMEout: State Open
*May 22 13:55:20.771: %LINEPROTO-5-UPDOWN: 
Line protocol on Interface Virtual-Access2, changed state to up

!--- Virtual-Access 2 (which terminates the SGBP tunnel) is UP.

This debug command output is taken from the second LNS. The VPDN call that arrives on this router is once again tunneled (due to SGBP) to the other LNS (maui-rtr-04):

maui-rtr-05#show debug
MLPVT group:
  SGBP dial-bids debugging is on
  SGBP events debugging is on
VPN:
  L2X protocol events debugging is on
  VPDN events debugging is on
  VPDN errors debugging is on
PPP:
  PPP authentication debugging is on
  PPP protocol negotiation debugging is on
maui-rtr-05#
*May 22 06:37:57.737: L2TP: I SCCRQ from maui-nas-06 tnl 12

!--- LNS receives an SCCRQ message from LAC. 
!--- This identifies the tunnel with ID 12. 
!--- LNS considers ID 12 to be the remote ID. 
!--- LAC considers it to be the local ID.

*May 22 06:37:57.737: Tnl 6 L2TP: Got a challenge in SCCRQ, maui-nas-06

!--- LNS locally identifies this tunnel with ID 6.

*May 22 06:37:57.737: Tnl 6 L2TP: 
New tunnel created for remote maui-nas-06, address 172.22.53.146

!--- A new L2TP tunnel  is created to the LAC (maui-nas-06).

*May 22 06:37:57.737: Tnl 6 L2TP: O SCCRP  to maui-nas-06 tnlid 12
*May 22 06:37:57.737: Tnl 6 L2TP: Tunnel state change from idle to wait-ctl-reply
*May 22 06:37:57.741: Tnl 6 L2TP: I SCCCN from maui-nas-06 tnl 12
*May 22 06:37:57.741: Tnl 6 L2TP: Got a Challenge Response in SCCCN from maui-nas-06
*May 22 06:37:57.741: Tnl 6 L2TP: Tunnel Authentication success
*May 22 06:37:57.741: Tnl 6 L2TP: 
Tunnel state change from wait-ctl-reply to established

!--- L2TP Tunnel is changed to state established.

*May 22 06:37:57.741: Tnl 6 L2TP: SM State established
*May 22 06:37:57.745: Tnl 6 L2TP: I ICRQ from maui-nas-06 tnl 12
*May 22 06:37:57.745: Tnl/Cl 6/6 L2TP: Session sequencing disabled
*May 22 06:37:57.745: Tnl/Cl 6/6 L2TP: Session FS enabled
*May 22 06:37:57.745: Tnl/Cl 6/6 L2TP: Session state change from idle to wait-connect
*May 22 06:37:57.745: Tnl/Cl 6/6 L2TP: New session created
*May 22 06:37:57.745: Tnl/Cl 6/6 L2TP: O ICRP to maui-nas-06 12/12
*May 22 06:37:57.745: Tnl/Cl 6/6 L2TP: I ICCN from maui-nas-06 tnl 12, cl 12
*May 22 06:37:57.745: Tnl/Cl 6/6 L2TP: Session state change from wait-connect 
to established
*May 22 06:37:57.745: Vi1 VPDN: Virtual interface created for user@cisco.com
*May 22 06:37:57.745: Vi1 PPP: Phase is DOWN, Setup
*May 22 06:37:57.749: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=1 blocking
*May 22 06:37:57.773: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

!--- Virtual-Access 1 is created for the incoming tunnel session.

*May 22 06:37:57.773: Vi1 PPP: Treating connection as a dedicated line
*May 22 06:37:57.773: Vi1 PPP: Phase is ESTABLISHING, Active Open
*May 22 06:37:57.773: Vi1 LCP: O CONFREQ [Closed] id 1 len 27
*May 22 06:37:57.773: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*May 22 06:37:57.773: Vi1 LCP:    MagicNumber 0xD3603918 (0x0506D3603918)
*May 22 06:37:57.773: Vi1 LCP:    MRRU 1524 (0x110405F4)
*May 22 06:37:57.773: Vi1 LCP:    EndpointDisc 1 Local (0x1308014D4D505050)
*May 22 06:37:57.773: Vi1 VPDN: Bind interface direction=2
*May 22 06:37:57.773: Vi1 PPP: Treating connection as a dedicated line
*May 22 06:37:57.773: Vi1 LCP: I FORCED CONFREQ len 29
*May 22 06:37:57.773: Vi1 LCP:    AuthProto CHAP (0x0305C22305)
*May 22 06:37:57.773: Vi1 LCP:    MagicNumber 0x330E07A0 (0x0506330E07A0)
*May 22 06:37:57.773: Vi1 LCP:    MRRU 1524 (0x110405F4)
*May 22 06:37:57.773: Vi1 LCP:    EndpointDisc 1 Local 
(0x130E016D6175692D6E61732D3036)
*May 22 06:37:57.773: Vi1 VPDN: PPP LCP accepted rcv CONFACK
*May 22 06:37:57.773: Vi1 VPDN: PPP LCP accepted sent CONFACK
*May 22 06:37:57.773: Vi1 PPP: Phase is AUTHENTICATING, by this end
*May 22 06:37:57.773: Vi1 CHAP: O CHALLENGE id 2 len 26 from "MMPPP"
*May 22 06:37:57.777: Vi1 CHAP: I RESPONSE id 2 len 35 from "user@cisco.com"
*May 22 06:37:57.777: Vi1 PPP: Phase is FORWARDING
*May 22 06:37:57.777: Vi1 VPDN: Looking for tunnel -- cisco.com --
*May 22 06:37:57.777: VPDN/cisco.com: Authorization failed, 
could not talk to AAA server or local tunnel problem
*May 22 06:37:57.777: Vi1 VPDN: Continue using SGBP for user@cisco.com
*May 22 06:37:57.777: Vi1 VPDN: Pending
*May 22 06:37:57.777: Vi1 VPDN: Process created
*May 22 06:37:58.101: Vi1 VPDN: Forwarding...
*May 22 06:37:58.101: Vi1 VPDN: Bind interface direction=1
*May 22 06:37:58.101: L2X: Cannot use source-ip 255.255.255.255 
which is not one of our addresses.
*May 22 06:37:58.101: Tnl 6 L2F: UDP socket opened to 172.22.53.144 
using source 172.22.53.145

!--- SGBP tunnel to maui-rtr-04 (172.22.53.144) is created.

*May 22 06:37:58.101: Tnl 6 L2F: Tunnel MMPPP state change from 
closed state opening
*May 22 06:37:58.101: Vi1 Tnl/Cl 6/4 L2F: Session state change 
from closed to waiting_for_tunnel
*May 22 06:37:58.101: Vi1 VPDN: user@cisco.com is forwarded
*May 22 06:37:58.105: Tnl 6 L2F: L2F_CONF received
*May 22 06:37:58.105: Tnl 6 L2F: Received L2F-CONF from MMPPP
*May 22 06:37:58.105: Tnl 6 L2F: Tunnel MMPPP state change from opening state open
*May 22 06:37:58.105: Tnl 6 L2F: Replying with L2F-OPEN, Tunnel in Open-Wait
*May 22 06:37:58.105: Tnl 6 L2F: L2F_OPEN received
*May 22 06:37:58.105: Tnl 6 L2F: OPEN from MMPPP received for tunnel in state open

!--- L2F Tunnel is in state open.

*May 22 06:37:58.105: VPDN: Chap authentication succeeded for MMPPP
*May 22 06:37:58.105: Tnl 6 L2F: Tunnel MMPPP state change from open state open
*May 22 06:37:58.105: Vi1 Tnl/Cl 6/4 L2F: Session state change from 
waiting_for_tunnel to opening
*May 22 06:37:58.105: Vi1 Tnl/Cl 6/4 L2F: Sending OPEN for Open-Waiting Session
*May 22 06:37:58.117: Vi1 Tnl/Cl 6/4 L2F: L2F_OPEN received
*May 22 06:37:58.117: Vi1 Tnl/Cl 6/4 L2F: OPEN received for existing 
session in state opening
*May 22 06:37:58.117: Vi1 Tnl/Cl 6/4 L2F: Session state change from opening to open

!--- L2F SGBP session is open. 
!--- The L2TP tunnel session from the LAC  is now  forwarded to the other LNS.

*May 22 06:37:58.117: Vi1 Tnl/Cl 6/4 L2F: MID synced NAS/HG Clid=6/6 Mid=4
*May 22 06:37:58.117: Vi1 PPP: Phase is FORWARDED
*May 22 06:37:59.101: %LINEPROTO-5-UPDOWN: Line protocol on 
Interface Virtual-Access1, changed state to up

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.

NetPro Discussion Forums - Featured Conversations for Access

Network Infrastructure: Remote Access

Related Information

Understanding VPDN
Detailed Scenario for Access VPDN Dial-in Using L2TP
Configuring the Access VPN to Work with Remote AAA
Layer 2 Tunnel Protocol
Multihop VPDN
VPDN Group Reorganization
Access Dial Technology Support Pages
Technical Support - Cisco Systems

Updated: Nov 15, 2007

Document ID: 9496

Hierarchical Navigation

Virtual Private Dialup Network (VPDN)