Topology: PC--LAC(R company)--LNS(AR46-40)
Problem: AR46-40 functions as LNS, of which the tunnel authentication of L2TP is undo tunnel authentication (without authentication on tunnel). However, the tunnel between LNS and LAC cannot set up.
The problem is solved by configuring tunnel password at AR46-40.
Turn on the debugging switch for L2TP at AR46-40, and execute the command as follows: terminal debugging, terminal monitor and debugging l2tp all; it prompts the following information:
*0.4066900 JBVPDN L2TP/8/L2TDBG: L2TP::Parse AVP Host name, value: BSsms10k
*0.4066900 JBVPDN L2TP/8/L2TDBG: L2TP::Tunnel Password in l2tp Group: //the peer is not configured with Tunnel password.
*0.4066900 JBVPDN L2TP/8/L2TDBG: L2TP::Parse AVP Vendor name, value: RedBack Networks
*0.4066910 JBVPDN L2TP/8/L2TDBG: L2TP::Get a challenge in SCCRQ. //it needs to encapsulate one challenge into SCCRQ, and the LAC needs to perform Tunnel authentication.
*0.4066910 JBVPDN L2TP/8/L2TDBG: L2TP::Clear Tunnel remote ID:23029, local ID:1//clear the tunnel in establishing
According to the debugging information above, LAC needs to perform Tunnel authentication. AR46-40 needs a challenge during encapsulation for SCCRQ, namely, tunnel password of AR46-40. However, AR46-40 is not configured with Tunnel password, failing the set-up of tunnel.
For the negotiation of Tunnel in L2TP, if one side needs to perform tunnel authentication, the other side must be configured with Tunnel password, or the tunnel cannot set up.