No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

L2TP Tunnel can not Set Up Because the Authentication of Tunnel of LNS Differs to That of LAC

Publication Date:  2012-07-27  |   Views:  2  |   Downloads:  0  |   Author:  Wu Zheng  |   Document ID:  EKB0000133502

Contents

Issue Description

Topology: PC--LAC(R company)--LNS(AR46-40)
Problem: AR46-40 functions as LNS, of which the tunnel authentication of L2TP is undo tunnel authentication (without authentication on tunnel). However, the tunnel between LNS and LAC cannot set up. 

Alarm Information

No

Handling Process

The problem is solved by configuring tunnel password at AR46-40. 

Root Cause

Turn on the debugging switch for L2TP at AR46-40, and execute the command as follows: terminal debugging, terminal monitor and debugging l2tp all; it prompts the following information: 
........
*0.4066900 JBVPDN L2TP/8/L2TDBG: L2TP::Parse AVP Host name, value: BSsms10k
*0.4066900 JBVPDN L2TP/8/L2TDBG: L2TP::Tunnel Password in l2tp Group:   //the peer is not configured with Tunnel password. 
*0.4066900 JBVPDN L2TP/8/L2TDBG: L2TP::Parse AVP Vendor name, value: RedBack Networks
........
*0.4066910 JBVPDN L2TP/8/L2TDBG: L2TP::Get a challenge in SCCRQ. //it needs to encapsulate one challenge into SCCRQ, and the LAC needs to perform Tunnel authentication. 
*0.4066910 JBVPDN L2TP/8/L2TDBG: L2TP::Clear Tunnel remote ID:23029, local ID:1//clear the tunnel in establishing
..........
According to the debugging information above, LAC needs to perform Tunnel authentication. AR46-40 needs a challenge during encapsulation for SCCRQ, namely, tunnel password of AR46-40. However, AR46-40 is not configured with Tunnel password, failing the set-up of tunnel. 

Suggestions

For the negotiation of Tunnel in L2TP, if one side needs to perform tunnel authentication, the other side must be configured with Tunnel password, or the tunnel cannot set up.