Re: LNS L2TP termination of PPPoE sessions with FreeRADIUS 2

Netzwerker · ‎06-21-2022

Hello,

I'm trying to repro this small lab "https://null.53bits.co.uk/index.php?page=pppoe-initial-set-up-with-freeradius-2" to test PPPoe with FreeRADUIS but I have some issues!

I captured the packed between CPE f0/0 and LAC using wireshark and probably there is a problem with PPP CHAP!

Note: No packets captured between LAC and LNS.

You can find more details in the attached capture.

thank you,

MHM Cisco World · ‎06-21-2022

Can i see config ?

Netzwerker · ‎06-21-2022

yes sure! it's more easy to see the config from this link "https://null.53bits.co.uk/index.php?page=pppoe-initial-set-up-with-freeradius-2"

Thank you

MHM Cisco World · ‎06-21-2022

try open link many times error open,

please share the config

Netzwerker · ‎06-22-2022

Sorry! the link: https://null.53bits.co.uk/index.php?page=pppoe-initial-set-up-with-freeradius-2

MHM Cisco World · ‎06-22-2022

can I see your config, I think you miss one command.

Netzwerker · ‎06-22-2022

Ok you can find the config (CPE, LAC, LNS) in the attached files.

Thank yyou,

MHM Cisco World · ‎06-22-2022

there is no LNS-LAC traffic so
point to check
ping from LNS to LAC using the IP address you use under VPDN group (initiate and terminate)
if Ping success BUT still CPE failed

terminate-from hostname l2tp-tunnel<- change this to IP of LAC

if both failed
Use local AAA instead for FreeRadius

Netzwerker · ‎07-14-2022

Hi,

Thank your for you reply!

The problem now is that when I test the authentification from the lns to the freeradius with #test aaa group radius server 192.0.2.1 auth-port 1812 acct-port 1813 testuser@example.net testpassword legacy, It's working !! but from the CPE to the freeradius, the authentication failed!

Note: there is not an issue between the CPE and the LNS because I used a local AAA and it's working.

You can see the difference between the 2 requests from the lns to the raduis with #test aaa command and from the CPE to the radius in same interface f0/0 of the lns in the attached captures.

MHM Cisco World · ‎07-14-2022

1- command must be delete

ip dhcp pool PPPoEPool <<<- this for ethernet client here it is PPPoE client so delete this 
   network 192.0.2.128 255.255.255.128

2- command must be to add
ip local pool pppoe 192.0.3.10 192.0.3.100

Netzwerker · ‎07-18-2022

Thank you !

But even with the first command it's working when using local AAA! I mean that the issue is related to the authentification using freeradius not the dhcp pool!

MHM Cisco World · ‎07-18-2022

I mention two point,
the DHCP POOL how you config it
and the subnet of DHCP Pool, the issue you use OSPF and use DHCP Pool same subnet that LAC LNS (and I think the radius) use it, so this make me think that this issue is reachable issue not Auth issue, That why I ask you to change the DHCP Pool subnet.
if after change still same issue then with some help of wireshark we can solve the auth.

Netzwerker · ‎07-18-2022

MHM Cisco World · ‎07-18-2022

wireshark
between CPE and LAC and LAC LNS
if you can also LNS Radius

Netzwerker · ‎07-19-2022

Thank you,

Which format do you want ? pcapng is not supported here.