01-13-2023 08:24 AM
Hello,
I have a router running L2TP service. I don't use a radius server. The account base is local to the router.
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
!
username cisco@test.com password 0 CiScO
!
vpdn enable
!
vpdn-group TEST
accept-dialin
protocol l2tp
virtual-template 1
source-ip 10.1.1.1
lcp renegotiation always
no l2tp tunnel authentication
ip mtu adjust
!
L2TP-1#show vpdn session
L2TP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
13520 58354 45207 -, Vi2.1 est 00:30:39 152
I would like to know the user for example cisco@test.com when using the show vpdn command.
How to do this ?
Thanks
01-13-2023 08:50 AM
show vpdn <<- without session keyword
01-13-2023 10:13 AM - edited 01-13-2023 10:14 AM
This gives the same result as show vpdn session...
On the username column (output of show vpdn or vpdn session) I have - and not the local login cisco@test.com
L2TP-1#sh vpdn
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
45207 15874 R892FSP est X.X.X.X 1 TEST
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
13520 58354 45207 -, Vi2.1 est 02:27:29 152
L2TP-1#sh vpdn session
L2TP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
13520 58354 45207 -, Vi2.1 est 02:27:33 152
L2TP-1#
Am I missing something in the configuration ?
With a radius server I have no problem displaying the full login with sh vpdn session...
01-13-2023 10:31 AM
you correct it must show under vi2.1
you can do
show ppp all <<- check the username
01-13-2023 11:26 PM
The show ppp all no display username :
L2TP-1#sh ppp all
Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name
------------ --------------------- -------- --------------- --------------------
Vi2.1 LCP+ IPCP+ LocalT X.X.X.X
01-14-2023 08:30 AM
are you using
ppp pap sent-username <<- udder the PPP interface ?
01-14-2023 09:28 AM - edited 01-15-2023 12:18 AM
Yes ! I use ppp pap sent-username :
interface Dialer0
ip address negotiated
no cdp enable
sent-username cisco@test.com password 7 XXXXXXX
I would rather use CHAP than PAP but I don't understand auth...
I tried with ppp chap hostname and password I can't authenticate on the LNS...
01-15-2023 12:19 AM
To complete my previous answer here is the debug with CHAP enabled :
*Jan 15 07:34:56.121: ppp597 PPP: Queue CHAP code[1] id[1]
*Jan 15 07:34:56.125: ppp597 PPP: Phase is AUTHENTICATING, by both
*Jan 15 07:34:56.125: ppp597 CHAP: O CHALLENGE id 1 len 33 from "L2TP-1"
*Jan 15 07:34:56.125: ppp597 CHAP: Redirect packet to ppp597
*Jan 15 07:34:56.125: ppp597 CHAP: I CHALLENGE id 1 len 43 from "cisco@test.com"
*Jan 15 07:34:56.125: ppp597 CHAP: Waiting for Peer to authenticate first
*Jan 15 07:34:56.125: ppp597 LCP: State is Open
*Jan 15 07:34:56.217: ppp597 CHAP: I RESPONSE id 1 len 43 from "cisco@test.com"
*Jan 15 07:34:56.217: ppp597 PPP: Phase is FORWARDING, Attempting Forward
*Jan 15 07:34:56.217: ppp597 PPP: Phase is AUTHENTICATING, Unauthenticated User
*Jan 15 07:34:56.217: ppp597 PPP: Sent CHAP LOGIN Request
*Jan 15 07:34:56.217: ppp597 PPP: Received LOGIN Response PASS
*Jan 15 07:34:56.217: ppp597 IPCP: Authorizing CP
*Jan 15 07:34:56.217: ppp597 IPCP: CP stalled on event[Authorize CP]
*Jan 15 07:34:56.217: ppp597 IPCP: CP unstall
*Jan 15 07:34:56.217: ppp597 PPP: Phase is FORWARDING, Attempting Forward
*Jan 15 07:34:56.225: Vi2.1 PPP: Phase is AUTHENTICATING, Authenticated User
*Jan 15 07:34:56.225: Vi2.1 PPP: Sent CHAP SENDAUTH Request
*Jan 15 07:34:56.225: Vi2.1 CHAP: O SUCCESS id 1 len 4
*Jan 15 07:34:56.229: Vi2.1 PPP: Received SENDAUTH Response PASS
*Jan 15 07:34:56.229: Vi2.1 CHAP: Using hostname from configured hostname
*Jan 15 07:34:56.229: Vi2.1 CHAP: Using password from AAA
*Jan 15 07:34:56.229: Vi2.1 CHAP: O RESPONSE id 1 len 33 from "L2TP-1"
*Jan 15 07:34:56.337: Vi2.1 PPP: I pkt type 0xC223, datagramsize 29 link[ppp]
*Jan 15 07:34:56.337: Vi2.1 CHAP: I FAILURE id 1 len 25 msg is "Authentication failed"
*Jan 15 07:34:56.337: Vi2.1 PPP DISC: We failed authentication
*Jan 15 07:34:56.337: Vi2.1 PPP: Sending Acct Event[Down] id[26D]
*Jan 15 07:34:56.337: PPP: NET STOP send to AAA.
01-15-2023 02:39 AM
ppp chap hostname
ppp chap password
if you use chap instead of pap use above command for username/password
01-15-2023 03:18 AM
I just found my mistake... I had to remove ppp authentication chap callin on the remote router !
Now on L2TP server is OK for username connected :
L2TP-1#sh vpdn session
L2TP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
2201 33436 62839 cisco@test..., Vi2.1 est 00:32:45 684
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide