Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NSP
Cisco L2TP Failed
o.calvano at gmail
Sep 10, 2021, 5:41 AM
Post #1 of 3 (474 views)
Permalink
I'm looking for a little bit of help on an L2TP error.

I have a cisco 881 router which needs to make an L2TP connection, the conf:

l2tp-class PW
hostname C881

pseudowire-class L2TP
l2tpv2 encapsulation
protocol l2tpv2 PW
local ip interface FastEthernet4

FastEthernet4 interface
ip address dhcp
auto duplex
auto speed

Virtual-PPP1 interface
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1300
ip verify unicast reverse-path
ip tcp adjust-mss 1200
load-interval 30
no cdp enable
ppp chap hostname mylogin @ realm
ppp chap password 0 xxx
ppp ipcp dns request
ppp ipcp route default
pseudowire 10.10.10.1 1 l2tpv2 pw-class L2TP encapsulation

ip route 0.0.0.0 0.0.0.0 Virtual-PPP1
ip route 10.10.10.1 255.255.255.255 FastEthernet4 dhcp




In debug L2TP all i have:



*Sep 10 05:00:46.359: L2TP app _____:00001004:XCON: APP->L2TP: activate,
*Sep 10 05:00:46.359: L2TP app _____:00001004:XCON: client
00001004
*Sep 10 05:00:46.359: L2TP app _____:00001004:XCON: app
XCONNECT
*Sep 10 05:00:46.359: L2TP app _____:00001004:XCON:
*Sep 10 05:00:46.359: L2TP _____:________: Find cc between
*Sep 10 05:00:46.359: L2TP _____:________:
10.153.60.172<->10.10.10.1
*Sep 10 05:00:46.359: L2TP _____:________: with class: PW
*Sep 10 05:00:46.359: L2TP _____:________: and IP proto: L2TPoUDP
*Sep 10 05:00:46.359: L2TP _____:________: and framing type: none
*Sep 10 05:00:46.359: L2TP _____:________: and bearer type: none
*Sep 10 05:00:46.359: L2TP _____:________: and version: V2
*Sep 10 05:00:46.359: L2TP _____:________: and local hostname: C881
*Sep 10 05:00:46.359: L2TP _____:________: Need to instigate control
channel
*Sep 10 05:00:46.359: L2X tnl 08706:________: Create logical tunnel
*Sep 10 05:00:46.359: L2TP tnl 08706:________: Create tunnel
*Sep 10 05:00:46.359: L2TP tnl 08706:________: version set to V2
*Sep 10 05:00:46.359: L2TP tnl 08706:________: remote ip set
to 10.10.10.1
*Sep 10 05:00:46.359: L2TP tnl 08706:________: local ip set to
10.153.60.172
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: class name PW
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: class name PW
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: FSM-CC ev App-Conn
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: FSM-CC Idle->Wt-Sock
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: FSM-CC do App-Connect-Sock
*Sep 10 05:00:46.359: L2TP app 08706:00001004:XCON: Created
*Sep 10 05:00:46.359: L2TP app 08706:00001004:XCON: App count now 1
*Sep 10 05:00:46.359: L2X _____:________: l2x_open_socket: is called
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: Open sock
10.153.60.172:1701-> 10.10.10.1 :1701
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: FSM-CC ev Sock-Ready
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: FSM-CC Wt-Sock->Wt-SCCRP
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: FSM-CC do Tx-SCCRQ
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B:
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: O SCCRQ to 10.10.10.1
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: IETF v2:
*Sep 10 05:00:46.359: L2TP tnl 08706:0000055B: Protocol Version 1,
Revision 0
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: Framing Cap
none(0x0)
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: Tie Breaker
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: 6097E495022261A9
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: Firmware Ver 0x1130
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: Hostname "C881"
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: Vendor Name
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: "Cisco Systems, Inc."
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: Assigned Tunnel I
0x0000055B (1371)
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B: Recv Window Size 512
*Sep 10 05:00:46.363: L2TP tnl 08706:0000055B:
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: StopCCN: skip authen, no
nonce yet
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Drain unsentQ, cur/max
resendQ sz 0/4, unsentQ 0
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B:
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: I StopCCN, flg TLS, ver 2,
len 36
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: IETF v2:
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Result Code
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Requester is not
authorized to establish a control channel(4)
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Error code
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: No error(0)
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Assigned Tunnel I
0x0000FFFF (65535)
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B:
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: O ZLB ACK to
10.10.10.1 tnl 65535
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B:
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: FSM-CC ev Rx-StopCCN
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: FSM-CC in Wt-SCCRP
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: FSM-CC do Rx-StopCCN
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B:
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Shutting down tunnel
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: With 1 app
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Result Code
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Requester is not
authorized to establish a control channel
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Error Code
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: No error
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Vendor Error
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: None
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B:
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: FSM-CC ev Shut-Now
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: FSM-CC
Wt-SCCRP->Wt-STOPACK
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: FSM-CC do Shutnow-Error
*Sep 10 05:00:46.723: L2TP tnl 08706:0000055B: Notify 1 app cc, FAILED
*Sep 10 05:00:46.723: L2TP app 08706:00001004:XCON:
*Sep 10 05:00:46.723: L2TP app 08706:00001004:XCON: APP<-L2TP: notify cc,
*Sep 10 05:00:46.723: L2TP app 08706:00001004:XCON: client
00001004
*Sep 10 05:00:46.723: L2TP app 08706:00001004:XCON: app
XCONNECT
*Sep 10 05:00:46.723: L2TP app 08706:00001004:XCON: FAILED
*Sep 10 05:00:46.727: L2TP app 08706:00001004:XCON:
*Sep 10 05:00:46.727: L2TP _____:________: L2TUN: app XCONNECT cc
status
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: FSM-CC ev App-Disc
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: FSM-CC in Wt-STOPACK
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: FSM-CC do App-Disc-Shut
*Sep 10 05:00:46.727: L2TP app 08706:00001004:XCON: Destroyed
*Sep 10 05:00:46.727: L2TP app 08706:00001004:XCON: App count now 0
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: FSM-CC ev Shut-Comp
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: FSM-CC Wt-STOPACK->Dead
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: FSM-CC do
Shutdown-Completed
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: Control channel down
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B:
10.153.60.172<->10.10.10.1
*Sep 10 05:00:46.727: L2TP tnl 08706:0000055B: Destroying tunnel
*Sep 10 05:00:46.727: L2TP: Removing per-cc stats db entry, tun-id 1371
*Sep 10 05:00:46.727: L2X tnl 08706:________: Destroying logical tunnel
*Sep 10 05:00:46.727: L2X _____:________:
*Sep 10 05:00:46.727: L2X _____:________: APP->L2TP: Disconnect [10],
*Sep 10 05:00:46.727: L2X _____:________: sock 00001005
*Sep 10 05:00:46.727: L2X _____:________: serv 00000000
*Sep 10 05:00:46.727: L2X _____:________: replied on same
socket
*Sep 10 05:00:46.727: L2X _____:________:






I do not know this error "Requester is not authorized to establish a
control channel" anyone have any idea of the problem?

thank you
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: Cisco L2TP Failed [ In reply to ]
cisco-nsp at puck
Sep 10, 2021, 9:46 AM
Post #2 of 3 (474 views)
Permalink
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Attached Files:

Re: Cisco L2TP Failed [ In reply to ]
cnsp at marenda
Sep 13, 2021, 4:24 AM
Post #3 of 3 (472 views)
Permalink
Hi,

a) i have hostname/password/authentication on dthe L2tp-classm matching the
central site

In some IOS Versions, the password must not be too long
(initally works fine, afer wr and reboot, the cisco7 representation was too
long)

b) starting with some IOS, I had to add
ppp direction callout
to the int virt-ppp X
(and I also have "ppp authentication chap pap callin" on it

c) license issue (LIC-AIS-800 or so needed) ?

d) why using an 881 when a 1812 with internal power-supply performs better ?

e) I suggest putting either the dhcp-wan interface or the virtual-ppp
interface into a VRF to make routing easy


just my $0.01

Juergen.

_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal