Configuration and dismantling of the L2TP tunnel (2023)

introduction

This document explains the construction and decommissioning of the Layer Two Tunneling Protocol (L2TP) tunnel. The document also provides an overview of PPP and L2TP.

requirements

Requirements

There are no special requirements for this document.

used components

The information in this document is based on Cisco IOS® Software Release 12.0(1)T and later.

The information in this document was created using the equipment in a specific laboratory environment. All devices used in this document started with an excluded (default) configuration. If your network is active, make sure you understand the potential impact of each command.

Convention

Refer toCisco Tech Tips Conventionsfor more information on document conventions.

PPA

PPP is a symmetric peer-to-peer protocol that carries L2 and Layer 3 (L3) traffic over point-to-point links. There are three main components:

• encapsulation

• Link Control Protocol (LCP)

• Network Control Protocol (NCP)

  (Video) VPN Protocols Explained - PPTP vs L2TP vs SSTP vs OpenVPN

Datagrams are encapsulated in PPP. LCP allows configuration options to be negotiated to allow the establishment of a connection. NCPs are negotiated for each of the L3 protocols running on the link.

During the lifetime of a PPP session, the connection goes through four distinct phases:

• Connection establishment: As part of the connection establishment phase, PPP uses an LCP function that must be completed and declared open before the link enters the authentication phase, if applicable, and negotiates the opening of the connection layer. grid. LCP is also used to terminate the PPP connection.

• Authentication – The authentication phase is implementation specific and is not a mandatory requirement for a move from LCP to NCP. When negotiated and agreed during the LCP phase, the remote end must identify itself and go through the agreed authentication procedure before PPP passes to the network layer.

• Network layer: NCP negotiation ensures that both peers agree to the characteristics of the L3 protocol. In the case of IP, the control protocol is called IP Control Protocol (IPCP). In addition to peer-to-peer trading, there is also an element of attribution. This is common with remote Microsoft Windows clients that do not have an assigned IP address and rely on the service provider to assign the IP address on the connection.

• Disconnect – The Disconnect phase can be entered at any time during the call lifecycle. The LCP is used to deliver the completion request.

L2TP

L2TP extends the point-to-point nature of PPP. L2TP provides an encapsulation method to transmit encapsulated PPP frames, with which PPP endpoints can be encapsulated in a packet-switched network. L2TP is most commonly implemented in remote access scenarios that use the Internet to provide intranet-like services. The concept is that of a Virtual Private Network (VPN).

The two main physical elements of L2TP are the L2TP Access Concentrator (LAC) and the L2TP Network Server (LNS):

• LAC: The LAC is an LNS peer that acts as one end of the tunnel. The LAC terminates the remote PPP connection and sits between the remote and the LNS. Packets are forwarded to and from the remote connection over the PPP connection. Packets to and from the LNS are forwarded through the L2TP tunnel.

• LNS: The LNS is a peer of the LAC that acts as one end of the tunnel. The LNS is the endpoint for encapsulated PPP LAC sessions. This is used to aggregate the various LAC tunneled PPP sessions and penetrate the private network.

There are two different types of messages that L2TP uses:

• Control messages: L2TP routes data and control messages on separate data and control channels. The in-band control channel forwards sequence control connection management, call handling, error reporting, and session control messages. Initiation of the control connection is neither LAC nor LNS specific, but the originator and receiver of the tunnel are relevant to establishing the control connection. A shared secret challenge authentication method is used between tunnel endpoints.

• Data messages – Data messages are used to encapsulate PPP frames that are sent through the L2TP tunnel.

L2TP uses the User Datagram Protocol (UDP) registered port 1701, and the entire L2TP packet is encapsulated in a UDP datagram. As with normal UDP operation, the tunnel initiator selects an available UDP port and forwards port number 1701 to the UDP destination. In the response, the destination port number is the same as the source port number used in the incoming UDP header. The source port is defined based on a free port found. Once the source and destination ports are established, the ports should remain unchanged during the tunnel. In Cisco IOS Software, the source and destination port numbers are always defined as UDP port number 1701.

Observation:Layer 2 Forwarding Protocol (L2F) and L2TP share the same UDP port number. The Version field in the header allows you to distinguish between the two protocols. A value of 1 indicates L2F and a value of 2 indicates L2TP.

Summary of PPP and L2TP flow

The control connection and session must be established before PPP frames can be forwarded through the tunnel.

After successfully establishing the control channel, sessions are created for each PPP connection. Session establishment is directed in terms of LAC and LNS. For incoming calls, the LAC requests the LNS to accept the session. For outgoing calls, LNS requests the LAC to accept the session.

The PPP/L2TP connection stringThis section of this document describes the configuration of PPP and L2TP calls when a remote access user initiates a call on the LAC. This example uses the Dialed Number Identification Service (DNIS) to start the L2TP tunnel, although you can also use the domain name for this purpose. The sequence shows PPP session initiation from a SOHO 2500 router, LCP negotiation between the remote access user and the LAC, and partial authentication. The LAC then proceeds to establish the L2TP tunnel and the session within the tunnel. A session is established for each PPP connection between the LAC and LNS. L2TP uses session identifiers and tunnel pairs in all outgoing messages to multiplex and demultiplex PPP connections. These identifiers are assigned and exchanged during the respective connection control and session establishment phases. Tunnel and session IDs have local significance only. Tunnel endpoints have different identifiers for the same tunnel and session.

Observation:The value 0 has a unique meaning and is only used if the tunnel and session identifiers have not yet been assigned.

After the tunnel is established, the PPP authentication process between the remote access user and the LNS is completed. The LAC continues to receive PPP frames. The link frame and cyclic redundancy check (CRC) are stripped, encapsulated in LT2P, and tunneled to the LNS. There, the L2TP packet is received and treated as if it terminated on a local PPP interface. PPP NCP negotiation takes place and then IPCP is declared open. The connection is complete.

The PPP/L2TP connection string

This is the event connection string:

1. The remote user initiates a PPP connection. The LAC accepts the connection. A PPP connection is established.

2. The LCP is negotiated between the remote user and the LAC. The LAC issues a Challenge Handshake Authentication Protocol (CHAP) challenge to perform partial authentication of the remote user. The response is sent to LNS during session setup. The response is sent as an attribute value pair (AVP) 33 Incoming Connected Call Proxy Authentication Response (ICCN).

3. DNIS is used to determine if the user is a VPDN (Virtual Private Dial-Up Network) customer.

4. Since there is no tunnel to the dialed number (614629), a new tunnel must be created. RADIUS is queried and the tunnel information is downloaded to the LAC.

5. The control connection is started. The tunnel is in the INACTIVE state:

   • The tunnel initiator (in this case, the LAC) sends an Initial Control Connection Request (SCCRQ) to the LNS. The SCCRQ contains an AVP 11 challenge indicating that the LAC wants to authenticate the tunnel using CHAP-style authentication. Both ends of the tunnel know the same secret. The tunnel is now in a WAIT-CTL-RESPONSE state.

   • The LNS can open the tunnel, then the LNS responds with an Initial Control Connection Response (SCCRP). The SCCRP contains an AVP challenge 11 and an AVP challenge response 13 in response to the SCCRQ. The tunnel is now in a WAIT-CTL-RESPONSE state.

   • The LAC responds with a Start-Control-Connection-Connected (SCCCN) message. The SCCCN contains an AVP 13 in response to the SCCRP. The tunnel is now in a restored state.

   • The LNS sends a Zero Length Body (ZLB) message to the LAC. The ZLB message is a sequential acknowledgment. The tunnel is now in a restored state.

6. Tunnel authentication is now complete and the tunnel is established. The session is now in an INACTIVE state.

7. Now that the tunnel exists, a three-way session configuration exchange is performed within the tunnel:

   • The LAC sends an Incoming Call Request (ICRQ) with the parameter information for the session. The session is now in awaiting response state.

   • The LNS sends an Incoming Call Response (ICRP) containing the session ID. The session is now in a state of waiting for connection.

   • The LAC sends an ICCN and provides the LNS with additional information for the answered call. This information includes the LCP information of the negotiation between the LAC and the remote user. The session is now in the Established state.

   • The LNS sends a ZLB message, which is a sequential acknowledgment, to the LAC. The session is now in the Established state.

8. Once the session is established, a virtual access interface is created on the LNS. The LCP configuration information provided in ICCN is forced into the PPP stack of the virtual access interface. This information includes partial authentication information.

9. LNS generates an authentication query. The AVP 33 proxy authentication response delivered to the ICCN is reproduced.

10. Normal authentication, authorization, and accounting (AAA) or PPP authentication and authorization is performed.

11. A RADIUS access request is sent for per-user authentication and authorization.

    (Video) MikroTik - L2TP Configuration

12. A RADIUS access accept is received.

    Observation:RADIUS has been configured to allow the IP address that the remote user provided in the incoming IPCP configuration request.

13. A CHAP success message is sent to the remote user.

14. The PPP-IPCP negotiation is closed and declared OPEN. A host route is installed on the remote interface. The remote user is now connected and the traffic can start.

Call history for PPP and L2TP connections

LAC debug showing PPP and L2TP call configuration

Jan 1 00:04:10.235: %LINK-3-UPDOWN: Serial0:0 interface, state changed to up Jan 1 00:04:10.455: Se0:0 PPP: treatment of connection as caller 1 of Jan 00:04:10.455: Se0 :0 PPP: Phase is ESTABLISH, passive open [0 session, 0 load] Jan 1 00:04:10.455: Se0:0 CHAP: Alternate Hostname Usage 5300-1Jan 1 00:04:10,455: If0:0 LCP: state is listeningJan 1 00:04:10.455: Se0:0 LCP: I CONFREQ [Listen] id 118 len 10 Jan 1 00:04:10.455: Se0:0 LCP: MagicNumber 0x6EE4E865 (0x05066EE4E865) 1. Jan 00:04:10.455 : Se0: 0 CHAP: Using or alternate hostname 5300-1 1. Jan. 00:04:10.455: Se0:0 LCP: O CONFREQ [Listen] id 11 len 28. 1 Jan. 00:04:10.455: Se0:0 LCP : AuthProto CHAP (0x0305C22305) Jan 1 00:04:10.455: Se0:0 LCP: MagicNumber 0x109D08F2 (0x0506109DRU8F2) Jan 1 00:04:10.455: Se0:0 1524 (0x110405F4) 0.410: Four 10:10. : Se0 : 0 LCP : EndpointDisc 1 Local ( 0x130901353330302D31 ) Jan 1 00 : 04 : 10.455 : Se0 : 0 LCP : O CONFACK [ Listen ] id 118 len 10 Jan 1 00 : 04 : 10.455 : Se0 : 0 LCP : MagicNumber 0x6EE4E865 ( 0x05066EE4E865) Jan 1 00:04: 10.495: Se0:0 LCP: I CONFREJ [ACKsent] id 11 len 17 Jan 1 00:04:10.495: Se0:0 LCP: MRRU 1524 (0x110405F4) :04:10.495: Se0:0 LCP: EndpointDisc 1 Local (0x130901353330302D31) Jan 1 00:04:10.495: Se0:0 LCP: O CONFREQ[ACKsent] id 12 len 15 Jan 1 00:04:10.495: Se0:10. 0 LCP: AuthProto CHAP (0x0305C22305 ) Jan 1 00:00 4:10.495: Se0: 0 LCP: MagicNumber 0x109D08F2 (0x0506109D08F2) Jan 1 00:04:10.527: Se0:0 LCP: I CONFACK [ACKsent] id 12 len 15 Jan 1 00:04:10.527 : Se0:0 LCP: AuthProto CHAP (0x0305C22305) Jan 1 00:04:10.527: Se0:0 LCP: MagicNumber 0x109D08F2 (0x0506109D08F2);Jan 1 00:04:10.527:Se0:0 LCP: Open StatusJan 1 00:04:10527: If0:0 PPP: Phase is AUTHENTICATED, this ends [0 session, 0 load] Jan 1 00:04:10527: Se0:0 CHAP: Using alternate hostname 5300 -11. Jan 00:04:10.527: Se0:0 CAP: THE CHALLENGE id 6 len 27 of "5300-1" 1. Jan 00:04:10.555: Se0:0 CAP: I ANSWER id 6 len 27 of "2500- 1 "Jan 1 00:04:10555: If0:0 PPP: phase is FORWARD [0 session, 0 load]Jan 1 00:04:10555: Se0:0 VPDN: Received DNIS string 614629 Jan 1 00:04:10555: Se0:0 VPDN: Seeking tunnel -- dnis:614629 --1. Jan 00:04:10.555: Serial0:0 AAA/AUTHOR/VPDN (1692520761): Port='Serial0:0' list='default' service=NET 1. Jan 00:04:10.555: AAA/AUTHOR /VPDN : Serial0 :0 (1692520761) user='dnis:614629' Jan 1. 00:04:10.555: Serial0:0 AAA/AUTHOR/VPDN (1692520761): AV-Recent send=ppp 1.00:04 Jan: 10.555: Serial0:0 AAA/AUTHOR/VPDN (1692520761): send AV protocol=vpdn 1. Jan 00:04:10.555: Serial0:0 AAA/AUTHOR/VPDN (1692520761): found List "default" 1. Jan 00 : 04 : 10.555 : Serial0 : 0 AAA / AUTHOR / VPDN ( 1692520761 ): Method = NSA_LAB ( Radio ) 1 . Jan 00 : 04 : 10.559 : RADIUS : Initial transmit Serial0 : 0 id 18 10.51.6.3 : 1645 , Request of access, len 112 1. Jan 00:04:10.559: Attribute 4 6 0A330644 1. Jan 00:04:10.559: Attribute 5 6 00000000 1. Jan 00:04:10.559: Attribute 26 17 00000009020B5365 0 0 :0 1. 10.59: 00.59 Attribute 61 6 00000002 1. Jan. 00:59:14 13 646E6973 1. Four. 00:04:10.559: Attribute 30 8 36313436 1. Jan. 00:04:10.559: Attribute 31 12 32303835 1. Jan. : Attribute 2 18 D0A81832 1. Jan 00:04: 10.559: Attribution t 6 6 00000005 1. Jan 00:04:10.559: RADIUS: Capture of ID 18 10.51.6.3:1645, Access-Accept, len 156.1 :04:10.559: Atribut 6 6 00000005 1. Ene 00:04: 10.559: Atribuições 26 29 0000000901177670 1. Jan 00: 04: 10.559: Atribuições 26 26 0000000901147670 1. Jan 00: 04: 10.559: Atributo 26 36 00000009011e7670 1. Jan 00 : 04 : 10.559Jan 1 00:04:10563: RADIUS: Stored authorization data for user 626A0C10 at 62258960 AVPair "vpdn:tunnel-id=hgw" Jan 1 00:04:10563: RADIUS: Cisco AVPair "vpdn:ip-addresses =10.51.6.82 " Jan 1 00:04:10.563: RADIUS: Cisco AVPair "vpdn:l2tp-tunnel-password=hello"Jan 1 00:04:10563: AAA/AUTHOR(1692520761): Post Authorization Status = PASS_ADD Jan 1 00:04:10563: AAA/AUTHOR/VPDN: Processing AV Service = ppp Jan 1 00:04:10563 : AAA/AUTHOR /VPDN: Processing AV Tunnel Type = vpdn Jan 1 00:04:10563: AAA/AUTHOR/VPDN: Processing AV Tunnel Type = l2tp Jan 1 00:04:10563: AAA /AUTHOR/VPDN : Processing AV Tunnel ID =hgw Jan 1 00:04:10.563: AAA/AUTHOR/VPDN: Processing AV IP addresses = 10.51.6.82 04:10.563: Se0:0 VPDN/RPMS/: Tunneling information received for dnis:614629 Jan 1 00:04:10,563: Se0:0 VPDN/RPMS/:LAC hgw Jan 1 00:04:10,563: Se0:0 VPDN/ RPMS/: l2tp-busy-disconnect yes Jan 1 00:04:10,563 : Se0:0 VPDN/RPMS/: l2tp-tunnel- password xxxxxx Jan 1 00:04:10.563: Se0:0 VPDN/RPMS/:IP 10.51. 6.82 Jan 1 00:04:10.563: If0:0 VPDN/: curlvl 1 address 0: 10.51.6.82, Priority 1 Jan 1 00:04:10.563: If0:0 VPDN/: select address not active 10.51 Jan 1 from 00:04:10567: Tnl 17688 L2TP: SM idle status Jan 1 00:04:10567: Tnl 17688 L2TP: SCCRQ1. Enero 00:04:10.567: Tnl 17688 L2TP: O SCCRQ, flg TLS, ver 2, len 128, tnl 0, cl 0, ns 0, nr 0C8 02 00 80 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 0 0 Jan 0 01. :10567: Tnl 17688 L2TP: Tunnel state change from idle to wait-ctl-response Jan 1 00:04:10567: Tnl 17688 L2TP: SM State wait-ctl-responseJan 1 00:04:10567: Se0:0 VPDN: Lookup LNS process created1. Ene 00:04:10.567: Se0:0 VPDN: Weiterleiten an Adresse 10.51.6.82 1. Ene 00:04:10.567: Se0:0 VPDN: Ausstehend 1. Ene 00:04:10.567: Se0:0 VPDN: Proceso erstellt am 1. Ene 00:04:10.655: Tnl 17688 L2TP: Analizar AVP 0, len 8, Flag 0x8000 (M) 1 de enero 00:04:10.655: Tnl 17688 L2TP: Analizar SCCRP 1 de enero 00:04:10.655 : Tnl 17688 L2TP: Parse AVP 2, len 8, Flag 0x8000 (M) 1. Jan 00:04:10.655: Tnl 17688 L2TP: Protokoll Ver 256 1. Jan 00:04:10.655: Tnl 17688 L2TP: Parse AVP 3, len 10, Flag 0x8000 (M) 1. 1 de enero 00:04:10.655: Tnl 17688 L2TP: Cap de trama 0x3 1. 00:04:10.655 de enero: Tnl 17688 L2TP: Parse AVP 4, len 10, flag 0x8000 (M) 1. Ene 00:04:10.655: Tnl 17688 L2TP: Bearer Cap 0x3 1 de enero 00:04:10.659: Tnl 17688 L2TP: Analizar AVP 6, len 8, indicador 0x0 1 de enero 00:04:10.659: Tnl 17688 L2TP: Firmware Ver 0x1120 1 de enero 00:04:10.659: Tnl 17688 L2TP: Parse AVP 7, len 13, indicador 0x8000 (M) 1. 00:04:10.659 de enero: Tnl 17688 L2TP: Nombre de host l2tp-gw 1. 00:04 de enero: 10.659: Tnl 17688 L2TP: Parse AVP 8, len 25, Flag 0x0 1. Januar 00: 0 4:10.659: Tnl 17688 L2TP: Anbieter Name Cisco Systems, Inc. 1 de enero 00:04:10.659: Tnl 17688 L2TP: Parse AVP 9, len 8, Flag 0x8000 (M) 1 de enero 00:04:10.659: Tnl 17688 L2TP: Túnel Zugewiesene-ID 55270 1. 00 de enero: 04:10.659: Tnl 17688 L2TP: Parse AVP 10, len 8, Flag 0x8000 (M) 1. 00:04:10.659 de enero: Tnl 17688 L2TP: Tamaño de ventana Rx 300 1. Ene 00: 04: 10.659: TNL 17688 L2TP: Analizar AVP 11, LEN 22, Bandeira 0x8000 (M) 1 de enero 00: 04: 10.659: TNL 17688 L2TP: Chlng 98B296C28429E7Adc767237a 453 M 0. Ene. 0 flag 00:04:10.659: Tnl 17688 L2TP: Chlng Resp 7C358F7A7BA21957C07801195DCADFA6 1. Januar 00:04:10.659: Tnl 17688 L2TP: Keine fehlenden AVP1. Enero 00:04:10.659: Tnl 17688 L2TP: I SCCRP, flg TLS, ver 2, len 154, tnl 17688, cl 0, ns 0, nr 1C8 02 00 9A 45 18 00 00 00 00 00 01 80 08 00 00 00 00 00 02 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 0 0 0 6 0 9: Tnl 17688 L2TP: I SCCRP de l2tp-gwJan 1 00:04:10659: Tnl 17688 L2TP: Received a challenge from the other end, l2tp-gw Jan 1 00:04:10659: Tnl 17688 L2TP: Received a response from the other end, l2tp-gw Jan 1 00 :04 :10.659: Tnl 17688 L2TP: Tunnel authentication successfulJan 1 00:04:10659: Tnl 17688 L2TP: Tunnel state change from wait-ctl-response to established Jan 1 00:04:10663: Tnl 17688 L2TP: SCCCN for l2tp-gw tnlid 552701. Enero 00:04:10.663: Tnl 17688 L2TP: O SCCCN, flg TLS, ver 2, len 42, tnl 55270, cl 0, ns 1, nr 1C8 02 00 2A D7 E6 00 00 00 01 00 01 80 08 00 00 00 00 00 03 80 16 00 00 00 0D 96 39 53 18 41 AC 22 E3 10 3E 20 8E F7 D9 09 89 6 January 1 January State : 04:10663: Tnl/Cl 17688/7 L2TP: FS session activated on Jan 1 00:04:10663: Tnl/Cl 17688/7 L2TP: Session state change from idle to tunnel waitingJan 1 00:04:10.663:Se0:0 Tnl/Cl 17688/7 L2TP: Create session1. 00:04:10.663 de enero: Tnl 17688 L2TP: SM State gegründet 1. 00:04:10.663 de enero: Se0:0 Tnl/Cl 17688/7 L2TP: O ICRQ an l2tp-gw 55270/01. Enero 00:04:10.663: Se0:0 Tnl/Cl 17688/7 L2TP: O ICRQ, flg TLS, ver 2, len 91, tnl 55270, cl 0, ns 2, nr 1c8 02 00 5b 12 00 00 Jan 1 00:04:10.667:Se0:0 Tnl/Cl 17688/7 L2TP: session state changed from waiting for tunnel to waiting for response1. Enero 00:04:10.703: Tnl 17688 L2TP: I ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 17688, cl 0, ns 1, nr 2Jan 1 00:04:10795: Se0:0 Tnl/Cl 17688/7 L2TP: Analyze AVP 0, len 8, flag 0x8000 (M) Jan 1 00:04:10795: Se0:0 Tnl/Cl 17688/7 L2TP: Parse ICRP 1 00:04:10.795: Se0:0 Tnl/Cl 17688/7 L2TP: Parse AVP 14, len 8, flag 0x8000 (M) Jan 1 00:04:10.795: Se0:0 Tnl/Cl 17688 /7 L2TP : Assigned Caller ID 45 Jan 1 00:04:10795: Se0:0 Tnl/Cl 17688/7 L2TP: No AVP missing in ICRP1. Enero 00:04:10.795: Se0:0 Tnl/Cl 17688/7 L2TP: I ICRP, flg TLS, ver 2, len 28, tnl 17688, cl 7, ns 1, nr 300:04:10.795: Se0:0 Tnl/Cl 17688/7 L2TP: O ICCN an l2tp-gw 55270/451. Enero 00:04:10.795: Se0:0 Tnl/Cl 17688/7 L2TP: O ICCN, flg TLS, ver 2, len 151, tnl 55270, cl 45, ns 3, nr 2C8 02 00 97 D7 E6 00 2D 00 03 00 02 80 08 00 00 00 00 00 0C 80 0A 00 00 00 18 00 00 FA 00 00 0A 00 00 00 26 00 00 FA 00 80 0A : Se 18 010 January Tnl/Cl 17688/7 L2TP: Session state changed from Wait-Answer to Established1. Enero 00:04:10.899: Tnl 17688 L2TP: I ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 17688, cl 0, ns 2, nr 4Jan 1 00:04:11667: %LINEPROTO-5-UPDOWN: Line protocol on Serial0:0 interface, state changed to up Jan 1 00:04:16239: %ISDN-6-CONNECT: Serial0 interface :0 is now connected 2085730592 2500-1

LNS debug showing PPP and L2TP call setup

1. 00:04:10.916 de enero: L2X: análisis AVP 0, longitud 8, indicador 0x0x8000 (M) 1. 00:04:10.920 de enero: L2X: análisis SCCRQ 1. 00:04:10.920 de enero: L2X: análisis AVP 2 , len 8 , Flag 0x0x8000 (M) 1. Jan 00:04:10.924: L2X: Protokoll Ver 256 1. Jan 00:04:10.924: L2X: Parse AVP 3, len 10, Flag 0x0x8000 (M) 1. Jan 00 :04:10.928: L2X: Framing Cap 0x0x3 1. Ene 00:04:10.928: L2X: Parse AVP 4, len 10, Flag 0x0x8000 (M) 1. Jan 00:04:10.932: L2X: Bearer Cap 0x0x3 1. Ene 00:04:10.932: L2X: Analisar AVP 6, len 8, Flag 0x0x0 1. Ene 00:04:10.936: L2X: Firmware Ver 0x0x1130 1. Jan 00:04:10.936: L2X: Analisar AVP 7, len 9, Flag 0x0x8000 (M) 1. Ene 00:04:10.940: L2X: Nombre de host hgw 1. Ene 00:04:10.940: L2X: Parse AVP 8, len 25, Flag 0x0x0 1. Ene 00:04:10.944: L2X: Herstellername Cisco Systems, Inc. 1. Ene 00:04:10.948: L2X: Parse AVP 9, len 8, Flag 0x0x8000 (M) 1. Ene 00:04:10.952: L2X: Zugewiesene Tunnel-ID 17688 1. Ene 00:04: 10.952: L2X: Parse AVP 10, len 8, Flag 0x0x8000 (M) 1 de enero 00:04:10.956: L2X: Rx-Fenstergröße 800 1. Ja nuar 0 0:04:10.956: L2X: Parse AVP 11, len 22, Flag 0x0x8000 (M) 1. Jan 00:04:10.960: L2X: Chlng 545A2343FBE20EA08BCA7B56E4A7D29E 1. Jan 00:04:10.964: Keine AVP en SC: fehlendenQJan 1 00:04:10.968: L2X: I SCCRQ, flg TLS, ver 2, len 128, tnl 0, cl 0, ns 0, nr 0 contiguous packet, size 128C8 02 00 80 00 00 00 00 00 00 00 00 80 08 00 00 00 00 00 01 80 08 00 00 00 02 01 00 80 0A 00 00 00 03 00 00 00 03 80 0A 0 0 Jan 0 01. :10.975: L2TP: I SCCRQ from hgw tnl 17688 Jan 1 00:04:10.983: Tnl 55270 L2TP: There is a challenge in SCCRQ, hgw Jan 1 00:04:10.983: Tnl 55270 L2TP: New tunnel created for remote hgw , address 10.51.6.68 Jan 1 00:04:10.987: Tnl 55270 L2TP: OR SCCRP for hgw tnlid 176881. Enero 00:04:10.991: Tnl 55270 L2TP: O SCCRP, flg TLS, ver 2, len 154, tnl 17688, cl 0, ns 0, nr 1Jan 1 00:04:10,999: contiguous buffer, size 154 C8 02 00 9A 45 18 00 00 00 00 00 01 80 08 00 00 00 00 00 02 80 08 00 00 00 02 01 00 80 0A 0 00 0 0 0 A 00 00 ... Jan 1 00:04:11.003: Tnl 55270 L2TP: tunnel state change from idle to standby ctrl-response Jan 1 00:04:11.019: Tnl 55270 L2TP: parse AVP 0, len 8, flag 0x0x8000 (M) Jan 1 00:04:11.019: Tnl 55270 L2TP: Parse SCCCN Jan 1 00:04:11.023: Tnl 55270 L2TP: Parse AVP 13, len 22, flag 0x0x8000 (M) Jan 1 00: 04:11.023: Tnl 55270 L2TP: Chlng Resp 9639531841AC22E3103E208EF7D90989 Jan 1 00:04:11.031: Tnl 55270 L2TP: No missing AVP in SCCCN1. Enero 00:04:11.031: Tnl 55270 L2TP: I SCCCN, flg TLS, ver 2, len 42, tnl 55270, cl 0, ns 1, nr 1 Contiguous Pak, Größe 42C8 02 00 2A D7 E6 00 00 00 01 00 01 80 08 00 00 00 00 00 03 80 16 00 00 00 0D 96 39 53 18 41 CA 22 E3 10 3E 20 8E F7 D9 09 891. Enero 00:04:11.043: Tnl 55270 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 17688, cl 0, ns 1, nr 2Jan 1 00:04:11.047: contiguous buffer size 12 C8 02 00 0C 45 18 00 00 00 01 00 02 Jan 1 00:04:11.051: Tnl 55270 L2TP: I hgw SCCCN tnl 17688 Jan 1 00: 04:11.055 : Tnl 55270 L2TP: Challenge response received on SCCCN from hgwJan 1 00:04:11.055: Tnl 55270 L2TP: Authentication tunneling successfulJan 1 00:04:11.059: Tnl 55270 L2TP: Tunnel state change from wait-ctl-response to scan established AVP 0, len 8, flag 0x0x8000 (M) Jan 1 00:04:11.071: Tnl 55270 L2TP : ICRQ Analysis 1 00:04:11.071 Jan: Tnl 55270 L2TP: Parse AVP 14, len 8, flag 0x0x8000 (M) Jan 1 00:04:11.075: Tnl 55270 L2TP: Assigned Caller ID 7. Jan 1 00:04:11.075: Tnl 55270 L2TP: Parse AVP 15, len 10, flag 0x0x8000 (M) Jan 1 00:04:11.079: Tnl 55270 L2TP: Serial number Jan 1 00:04:11.083: Tnl 55270 L2TP : Parse AVP 18, len 10, flag 0x0x8000 ( M) Jan 1 00:04:11.083: Tnl 55270 L2TP: Carrier Type 1 Jan 1 00:04:11.087: Tnl 55270 L2TP: Parse AVP 22, len 16, flag 0x0x8000 (M) Jan 1 00:04:11.087: Tnl 55270 L2TP: Call number 2085730592 Jan 1 00:04:11.095: Tnl 55270 L2TP: Parse AVP 21, len 12 , Flag 0x0x8000 (M) Jan 1 00:04:11.095: Tnl 55270 L2TP 06:24 Number called January 5 41 009 11.099: Tnl 55270 L2TP: Analyze Cisco AVP 100, len 15, flag 0x0x0 Yes n 1 00:04:11.102: Tnl 55270 L2TP: Cl NAS By rt Serial0:0 Jan 1 00:04:11.106: Tnl 55270 L2TP: No AVP missing in ICRQJan 1 00:04:11.106: tnl 55270 L2TP: I ICRQ, flg TLS, ver 2, len 91, tnl 55270, cl 0, ns 2, nr 1 Contiguous packet, size 91c8 02 00 5b 12 00 00 Jan 1 00:04:11.118: Tnl 55270 L2TP: I hgw ICRQ tnl 17688 45 L2TP: Session state change from idle to standby connected Jan 1 00:04:11.126: Tnl/ Cl 55270/ 45 L2TP: New session created Jan 1 00:04:11.130: Tnl/Cl 55270/45 L2TP: The ICRP in hgw 17688/71. Enero 00:04:11.134: Tnl/Cl 55270/45 L2TP: O ICRP, flg TLS, ver 2, len 28, tnl 17688, cl 7, ns 1, nr 3Jan 1 00:04:11.138: contiguous buffer, size 28 C8 02 00 1C 45 18 00 07 00 01 00 03 80 08 00 00 00 00 00 0B 80 08 00 00 00 0E 00 2D Jan 1 00:04: Tn. : Tn.154: .154 .154: Tnl.154: Tnl.154: Tnl.154 /Cl 55270/45 L2TP: Analyze AVP 0, len 8, flag 0x0x8000 (M) Jan 1 00:04:11.158: Tnl / Cl 55270/45 L2TP : Analyze ICCN 1 00:04:11.162: Tnl/Cl 55270/ 45 L2TP: Analyze AVP 24, len 10, flag 0x0x8000 (M) Jan 1 00:04:11.162: Tnl/Cl 55270/ 45 L2TP : Link speed 64000 1.00:04:11.166 Jan: Tnl/Cl 55270/45 L2TP: Parse AVP 38, len 10, flag 0x0x0 Jan 1 00:04:11.166: Tnl/Cl 55270/45 L2TP : Rx speed 64000 Jan 1 00:04:11.170: Tnl/Cl 55270/45 L2TP: Parse AVP 19, len 10 , flag 0x0x8000 (M) Jan 1 00:04:11.174: Tnl/Cl 55270/45 L2TP: Structure Type 2 Jan 1 00:04:11.174: Tnl/Cl 55270/45 L2TP: parse AVP 27, len 17, flag 0x0x0 Jan 1 00:04:11.178: Tnl/Cl 55270/45 L2TP: Last Send LCPREQ 0305C223050506109D08F2: Jan 4 00 :1n.1828:1nl.1828 /Cl 55270/45 L2TP: Analyze AVP 28, len 12, flag 0x0x0 Jan 1 00:0:11.186 : Tnl/Cl 55270 /45 L2TP: Last Rx LCPREQ 05066EE4E865 Jan 1 00:04:1 1.190: Tnl/Cl 55270/45 L2TP: Parse AVP 31, len 22, flag 0x0x0 Jan 1 00:04:11.194: Tnl/Cl 55270 /45 L2TP: Proxy Auth Chal 5D0D008CB1677CF8BC354556321A70/45 01.10:19:19 Tnl70/5: Tnl70/5 45 L2TP: AVP 32, len 8, flag 0x0x0 parse 30, len 12, flag 0x0x0 Jan 1 0 x0: Jan 1 0 x020: 6: : Tnl/Cl 55270/45 L2TP: Name proxy authentication 2500-1 Jan 1 00:04:11.210: Tnl/Cl 55270/45 L2TP: Parse AVP 33, len 22, flag 0x0x8000 (M) Jan 1 00:04:11.214: Tnl/Cl 55270/ 45 L2TP: Proxy Auth Resp CA1CC2E4FA6899E8DF1B695C0A80883E Jan 1 00:04:11.222: Tnl/Cl 55270/45 L2TP: Parse AVP 8, len flag 29 0x0x0 Jan 1: 01:002: T2527/Cl L2TP: Proxy Jan Auth Type 2 1 00:04:11.225: Tnl/Cl 55270/45 L2TP: Absent sem AVPs no ICCN1. Enero 00:04:11.229: Tnl/Cl 55270/45 L2TP: I ICCN, flg TLS, ver 2, len 151, tnl 55270, cl 45, ns 3, nr 2 Contiguous Pak, Größe 151C8 02 00 97 D7 E6 00 2D 00 03 00 02 80 08 00 00 00 00 00 0C 80 0A 00 00 00 18 00 00 FA 00 00 0A 00 00 00 26 00 00 FA 00 80 0A 1 0 01. Enero 00:04:11.241: Tnl/Cl 55270/45 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 17688, cl 0, ns 2, nr 4Jan 1 00:04:11.245: contiguous buffer, size 12 C8 02 00 0C 45 18 00 00 00 02 00 04 Jan 1 00:04:11.249: Tnl/Cl 55270/45 L2TP: I ICCN from hgw tnl 17688, cl 7 Jan 1 00:04:11.253: Tnl/Cl 55270/45 L2TP: Session state change from Wait for connection to established Jan 1 00:04:11.257: Vi4 VTEMPLATE: Hardware address 0030.94fe.1bbf 1 of Jan 00:04:11.257: Vi4 VPDN: Virtual interface created for 2500-11. Jan 00:04:11.261: Vi4 PPP: Phase ist DOWN, ConfigurationJan 1 00:04:11.261: Vi4 VPDN: Vtemplate clone 1 filterPPP=0 blocking Jan 1 00:04:11.265: Vi4 VTEMPLATE: has a new cloneblk vtemplate, now has vtemplate Jan 1 00:04:11.269 : Vi4 VTEMPLATE: * ************ VACCESS4 Clone **************** Jan 1 00:04:11.273: Vi4 VTEMPLATE: clone of interface virtual-template1 virtual - access4 default ip address no ip address encap ppp ip no number ethernet0 no default ip address ppp peer authentication cap vpdn ppp authorization vpdn default ip address default ppp peer group mu end jan 1 00:04:12.892 : %LINK-3-UPDOWN: Virtual-Access4 Interface, changed state until Jan 1 00:04:12,908: Vi4 PPP: use Set Call Direction on Jan 1 00:04:12,908: Vi4 PPP: treat the connection as call on Jan 1 00:04:12,912: Vi4 PPP: Phase is SETUP, open passiveJan 1 00:04:12,912: Vi4 LCP: Status is listed Jan 1 00:04:12,920: Vi4 LCP: FORZÉ CONFREQ len 11Jan 1 00:04:12.924: Vi4 LCP: AuthProto CHAP (0x0305C22305) Jan 1 00:04:12.924: Vi4 LCP: MagicNumber 0x109D08F2 (0x0506109D08F2) Jan 1 00:04:12.928: Vi4 VPDN LCN0: P1PP LC response accepted on Jan 1 :04:12.928 00:04:12.928: Vi4 VPDN: PPP LCP accept sent CONFACKJan 1 00:04:12.928: Vi4 PPP: phase is AUTHENTICATION, for this purpose Jan 1 00:04:12.932: Vi4 CAP: THE CHALLENGE id 3 len 27 of "1600-3" Jan 1 00:04 :12.940: Vi4 CAP: I ANSWER id 6 len 27 of "2500-1"Jan 1. 00:04:12.967: RADIUS: Initial Transmission Virtual-Access4 id 48 10.51.6.3:1645, Access Request, len 97 1. Jan 00:04:12.971: Attribute 4 6 0A330652 1. 00:04 Jan: 12.975: Attribute 5 6 00000004 Jan 1 00:04:12.975: Attribute 61 6 00000005 Jan 1 00:04:12.975: Attribute 1 8 32353030 Jan 1 00:04:12.979: Attribute 30 3 8 0 :361 3134 04:12.979 12: Attribute 32303835 Jan 1 00:04:12.979: Attribute 3 19 06CA1CC2 Jan 1 00:04:12.983: Attribute 6 6 00000002 Jan 1 00:04:12.973 0 06 10 Jan :04:12.987: RADIUS: Empfangen von id 48 10.51.6.3:1645, Access-Accept, len 38 1. Jan 00:04:12.991: Attribute 6 6 00000002 1. Jan 00:04:12.991: Attribute 7 6 00000001 1 00:04:12.991 Jan: Attribute 8 6 FFFFFFFF 1. 1 Jan 00:04:12.999: AAA/AUTHEN (3530581085): Status = BESTANDEN 1. 00:04:12.999 Jan: Vi4 AAA/AUTOR/LCP : LCP autorisieren 1. 00:04:13.000 Jan: Vi4 AAA/AUTHOR/LCP (1947215169): Port='Virtual-Access4' list='vpdn' service=NET 1. 00:04:13.003 Jan: AAA/AUTHOR/ LCP : V i4 (1947215169) nós er='2500-1' 1. Jan 0 0:04:13.007: Vi4 AAA/AUTHOR/LCP (1947215169): AV-Dienst senden = ppp 1. 00: Jan 04:13.007: Vi4 AAA/AUTHOR/LCP (1947215169): AV-Protokoll senden = lcp 1. Jan 00:04:13.007: Vi4 AAA/AUTHOR/LCP (1947215169): gefundene Liste "vpdn" 1. Jan 00 :04:13.011: Vi4 AAA/AUTHOR /LCP (1947215169): Methode=Radius (Radius) 1. Jan 00:04:13.015: Vi4 AAA/AUTHOR (1947215169): Nachaautorisierungsstatus = PASS_REPL 1. Jan 00:04:13.015: Vi4 AAA/AUTHOR/LCP: AV-Dienst wird verarbeitet=pppJan 1 00:04:13.019: Vi4 CHAP: O SUCCESS id 6 len 4 Jan 1 00:04:13.023: Vi4 PPP: Phase ist UPJan 1 00:04:13.027: Vi4 AAA/AUTHOR/FSM: (0): Can we start or IPCP? Jan 1 00:04:13.027: Vi4 AAA/AUTHOR/FSM (536495163): Port='Virtual-Access4' list='vpdn' service=NET Jan 1 00:04:13.031: AAA/AUTHOR/FSM: Vi4 (536495163 ) user='2500-1' Jan 1 00:04:13.031: Vi4 AAA/AUTHOR/FSM (536495163): AV service send=ppp Jan 1 00:04:13.035: Vi4 AAA/AUTHOR/FSM ( 536495163): send AV protocol=ip Jan 1 00:04:13.035: Vi4 AAA/AUTHOR/FSM(536495163): list found "vpdn" Jan 1 00:04:13.039: Vi4 AAA/AUTHOR/FSM(536495163); : Method=radius(radius)Jan 1 00:04:13.039: RADIUS: Allow address in frame negotiatedJan 1 00:04:13.043: Vi4 AAA/AUTHOR (536495163): Post Authorization Status = PASS_REPL Jan 1 00:04:13.043: Vi4 AAA/AUTHOR/FSM: We can start IPCP Jan 1 00:04:13.047 : Vi4 IPCP : O CONFREQ [Closed] id 1 len 10 Jan 1 00:04:13.051: Vi4 IPCP: address 10.51.6.82 (0x03060A330652) Jan 1 00:04:13.102: Vi4 IPCP: I CONFREQ [REQsent] id 187 len 16 Jan 1 00:04:13.114: Vi4 IPCP: CompressType VJ 15 Slots (0x0206002D0F00) Jan 1 00:04:13.118: Vi4 IPCP: Address 10.10.53.2 (0x03060A0A3502) Jan 1 00:118:13.13. Vi4 AAA/AUT IPCP: Start. Your address 10.10.53.2, we want 0.0.0.0 Jan 1 00:04:13.122: Vi4 AAA/AUTHOR/IPCP (2669954081): Port='Virtual-Access4' list='vpdn' service=NET Jan 1 00:04 :13.126 :AAA/AUTHOR/IPCP: Vi4(2669954081) user='2500-1' Jan 1 00:04:13.126: Vi4 AAA/AUTHOR/IPCP(2669954081): AV service send=ppp Jan 1 00:04 :13.130: Vi4 AAA/AUTHOR/IPCP (2669954081): Send AV Protocol = IP Jan 1 00:04:13.130: Vi4 AAA/AUTHOR/IPCP (2669954081): Send AV Address*10.10.53.2 1. Jan 1 00 :04:13.134: Vi4 AAA/AUTHOR/IPCP (2669954081): Found list "vpdn" Jan 1 00:04:13.134: Vi4 AAA/AUTHOR/IPCP (2669954081): Method=radius (radius)Jan 1 00:04:13.138: RADIUS: Allow negotiated frame address 10.10.53.2Jan 1 00:04:13.142: Vi4 AAA/AUTHOR (2669954081): Post Authorization State = PASS_REPL Jan 1 00:04:13.146: Vi4 AAA/AUTHOR/IPCP: Service Processing AV=ppp Jan 1 00 : 04:13.146: Vi4 AAA/AUTHOR/IPCP: Processing AV Address = 10.10.53.2 Jan 1 00:04:13.150: Vi4 AAA/AUTHOR/IPCP: Authorization Successful Jan 1 00:04:13.150: Vi4 AAA/ AUTHOR/IPCP: Ready. Your address 10.10.53.2, we want 10.10.53.2 1 00:04:13.162: Vi4 IPCP: I CONFACK [REQsent] id 1 len 10 Jan 1 00:04:13.162: Vi4 IPCP: address 10.51.6.82 (0x03060A330652) 1 of Jan 00 :04:13.213: Vi4 IPCP: I CONFREQ [ACKrcvd] id 188 len Jan 10 00:04:13.217: Vi4 IPCP: address 10.10.53.2 (0x03060A0A3502) Jan 1 00:04:13.217: Vi4 AAA/AUTHOR /IPCP: Start Your address is 10.10.53.2, we want 10.10.53.2 Jan 1 00:04:13.221: Vi4 AAA/AUTHOR/IPCP: Processing AV service = ppp Jan 1 00:04:13.221: Vi4 AAA/AUTHOR/ IPCP: Processing AV address = 10.10 .53.2 Jan 1 00:04:13.225: Vi4 AAA/AUTHOR/IPCP: Authorization Successful Jan 1 00:04:13.225: Vi4 AAA/AUTHOR/IPCP: Done. Your address 10.10.53.2, we want 10.10.53.2 Jan 1 00:04:13.229: Vi4 IPCP: O CONFACK [ACKrcvd] id 188 len 10 Jan 1 00:04:13.233: Vi4 IPCP: address 10.10.53.2 (0x03060A0A3502)Jan 1 00:04:13.233: Vi4 IPCP: Status is open Jan 1 00:04:13.261: Install Vi4 IPCP: Path to 10.10.53.2Jan 1 00:04:14.015: %LINEPROTO-5-UPDOWN: Line protocol on interface Virtual-Access4, state changed to up

Die PPP/L2TP-Trennsequenz

1. The remote user disconnects the ISDN connection to disconnect the call to the LAC.

2. The LAC PPP state machine is terminated and the LCP state is closed.

3. To notify the LNS of the session disconnection, the LAC sends a call disconnect notification (CDN) and destroys the session. The CDN contains an AVP 1 result code that has "Bearer Loss" as its disconnect reason. The session is now in an INACTIVE state.

4. The LNS sends a ZLB message which is a sequential acknowledgment and destroys the session. The session is now in an INACTIVE state.

5. LNS shuts down the local PPP interface. The virtual access interface changes state to Down:

   • IPCP is closed, LCP is closed, and the PPP state machine is idle.

   • The host route for the remote user is removed from the LNS routing table.

   • Tunnel status is now "No sessions left" on LAC and LNS.

6. Since this is the last session inside the tunnel, the control connection can now be deactivated. The default tunnel shutdown timers are 10 seconds for the LNS and 15 seconds for the LAC.

7. The LNS sends a Stop Control Connection Notification (Stop CCN) to the LAC to close the control connection and the tunnel. The CCN stop contains the reason for the tunnel disconnection, ie "Request to release the control connection". The tunnel is now in an INACTIVE state.

8. The LAC sends a ZLB message, which is a sequential acknowledgment, to the LNS. The tunnel is now in an INACTIVE state.

9. The tunnel is already closed.

Observation:Both the LAC and the LNS can initiate the session and manage the disconnection. It is not necessary to delete sessions within the tunnel before the tunnel can be terminated.

LAC debug showing disconnection of PPP and L2TP

Jan 1 00:04:27.375: %ISDN-6-DISCONNECT: 2085730592 2500-1 Serial0:0 interface disconnected, call took 17 seconds Jan 1 00:04:27.387: %LINK-3-UPDOWN: Serial0 interface :0, status changed to "idle" on Jan 1 00:04:27387: If0:0 PPP: phase is TERMINATION [0 session, 0 load]Jan 1 00:04:27.387:Se0:0 LCP: closed statusJan 1 00:04:27,387: Se0:0 PPP: Phase is down [0 session, 0 load] Jan 1 00:04:27,387: Se0:0 VPDN: Cleanup Jan 1 00:04:27,387: Se0 :0 VPDN: Reboot Jan 1 00:04:27387: Se0:0 Tnl/Cl 17688/7 L2TP: The CDN for l2tp-gw 55270/451. Enero 00:04:27.387: Se0:0 Tnl/Cl 17688/7 L2TP: O CDN, flg TLS, ver 2, len 38, tnl 55270, cl 45, ns 4, nr 2C8 02 00 26 D7 E6 00 2D 00 04 00 02 80 08 00 00 00 00 00 0E 80 08 00 00 00 0E 00 07 80 0A 00 00 00 01 00 01 00 00Jan 1 00:04:27,387: Se0:0 Tnl/Cl 17688/7 L2TP: session is destroyedJan 1 00:04:27.387: Se0:0 Tnl/Cl 17688/7 L2TP: Session state change from established to free LAC/LNS Tunnel 17688/55270 session 7 state down Jan 1 00:04:27.387: Tnl 17688 L2TP: Tunnel status changed from established to no session remainingJan 1 00:04:27,387: Tnl 17688 L2TP: No more tunnel sessions, shutdown (likely) in 15 seconds Jan 1 00:04:27,431: Tnl 17688 L2TP: I ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 17688, cl 0, ns 2, no. 5Jan 1 00:04:28387: %LINEPROTO-5-UPDOWN: Line protocol on Serial0:0 interface, state changed to down Jan 1 00:04:37383: Tnl 17688 L2TP: Analyze AVP 0, len 8 , flag 0x8000 (M) 00:04:37.383 Jan: Tnl 17688 L2TP: Parse StopCCN Jan 1 00:04:37.383: Tnl 17688 L2TP: Parse AVP 9, len 8, flag 0x8000 (M) Jan 1 00: 04:37.383: Tnl 17688 L2TP: Tunnel ID assigned 55270 Jan 1 00:04:37383: Tnl 17688 L2TP: Analyze AVP 1, len 8, mark 0x8000(M) Jan 1 00:04:37387: L2X: Code Result (1) :1: Connection control removal request Jan 1 00:04:37387: Error code (0): No error Jan 1 00:04:37387: Tnl 17688 L2TP: No AVP missing in StopCCN1. Enero 00:04:37.387: Tnl 17688 L2TP: I StopCCN, flg TLS, ver 2, len 36, tnl 17688, cl 0, ns 2, nr 5C8 02 00 24 45 18 00 00 00 02 00 05 80 08 00 00 00 00 00 04 80 08 00 00 00 09 D7 E6 80 08 00 00 00 01 00 011. Enero 00:04:37.387: Tnl 17688 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 55270, cl 0, ns 5, nr 3C8 02 00 0C D7 E6 00 00 00 05 00 03 1 de enero 00:04:37.387: Tnl 17688 L2TP: I StopCCN de l2tp-gw tnl 55270Jan 1 00:04:37.387: Tnl 17688 L2TP: Tunnel downJan 1 00:04:37387: Tnl 17688 L2TP: Tunnel state changed from 'no sessions left' to 'down'.

LNS debug showing disconnection of PPP and L2TP

Jan 1 00:04:27740: Vi4 Tnl/Cl 55270/45 L2TP: Scan AVP 0, len 8, flag 0x0x8000 (M) Jan 1 00:04:27740: Vi4 Tnl/Cl 55270/45 L2TP: Scan CDN Jan 1 00:04:27744: Vi4 Tnl/Cl 55270/45 L2TP: Parse AVP 14, len 8, flag 0x0x8000 (M) Jan 1 00:04:27748: Vi4 Tnl/Cl 55270/45 L2TP: ID assigned call 7 Jan 1 00:04:27,752: Vi4 Tnl/Cl 55270/45 L2TP: Analyze AVP 1, len 10, flag 0x0x8000 (M) Jan 1 00:04:27,752: Vi4 Tnl/Cl 55270/ 45 L2TP : Result Code (1): 1: Operator Loss Jan 1 00:04:27756: Error Code (0): No Error Jan 1 00:04:27756: Vi4 Tnl/Cl 55270/45 L2TP: No missing AVP on CDN1 de enero 00:04:27.760: Vi4 Tnl/Cl 55270/45 L2TP: I CDN, flg TLS, ver 2, len 38, tnl 55270, cl 45, ns 4, nr 2 Contiguous Pak, Größe 38C8 02 00 26 D7 E6 00 2D 00 04 00 02 80 08 00 00 00 00 00 0E 80 08 00 00 00 0E 00 07 80 0A 00 00 00 01 00 01 00 001. Enero 00:04:27.772: Vi4 Tnl/Cl 55270/45 L2TP: O ZLB ctrl ack, flg TLS, ver 2, len 12, tnl 17688, cl 0, ns 2, nr 5Jan 1 00:04:27776: Contiguous buffer size 12 C8 02 00 0C 45 18 00 00 00 02 00 05 Jan 1 00:04:27780: Vi4 Tnl/Cl 55270/45 L2TP: I hgw CDN tnl 17688 , cl 7Jan 1 00:04:27,780: Vi4 Tnl/Cl 55270/45 L2TP: Session destroyedJan 1 00:04:27784: Vi4 Tnl/Cl 55270/45 L2TP: Session state changed from Established to Inactive 55270/17688 Session State 45 Inactive Jan 1 00:04:27792: Vi4 VPDN: Reset 1 of Jan 00:04:27,792: Tnl 55270 L2TP: Tunnel state change from established to no session remainingJan 1 00:04:27796: Tnl 55270 L2TP: no more tunnel sessions, shutdown (probably) in 10 secondsJan 1 00:04:27,800: %LINK-3-UPDOWN: Virtual-Access4 interface, state changed to downJan 1 00:04:27,816: Vi4 IPCP: Status is ClosedJan 1 00:04:27,820: Vi4 PPP: end phaseJan 1 00:04:27,820: Vi4 LCP: Status is ClosedJan 1 00:04:27,824: Vi4 PPP: Phase is down Jan 1 00:04:27,839: Vi4 IPCP: Remove route to 10.10.53.2 Jan 1 00:04:29,022: %LINEPROTO-5-UPDOWN : line protocol on Virtual -Access4 interface, status changed to "down" on Jan 1 00:04:37720: Tnl 55270 L2TP: O StopCCN to hgw tnlid 176881. Enero 00:04:37.724: Tnl 55270 L2TP: O StopCCN, flg TLS, ver 2, len 36, tnl 17688, cl 0, ns 2, nr 5Jan 1 00:04:37,728: contiguous buffer, size 36 C8 02 00 24 45 18 00 00 00 02 00 05 80 08 00 00 00 00 00 04 80 08 00 00 00 09 D7 E6 80 08 00 01: Jan0 01 04:37736: Tnl 55270 L2TP: Tunnel state changed from No Sessions Remaining to Off.Jan 1 00:04:37.740: Tnl 55270 L2TP: Tunnel downJan 1 00:04:37744: Tnl 55270 L2TP: Tunnel state changed from down to down

related information

• Dial-Up and Access Technology Support Pages