1. Home
  2. Cisco Systems
  3. l2tp incompatibility between IOS 12.2 & 12.4?

l2tp incompatibility between IOS 12.2 & 12.4?

A 4700M running 12.2(46a) (but it has run with much earlier versions as well) provides accept-dialout l2tp vpdn access to a synchronous modem (in reality an ISDN terminal adapter, but the 4700M doesn't know).

vpdn-group 1 accept-dialout protocol l2tp dialer 0 terminate-from hostname XXX l2tp tunnel password 7 XXX

Clients running 12.2 (and I think earlier) access the modem resource with request-dialout l2tp vpdn groups.

vpdn-group 1 request-dialout protocol l2tp pool-member 1 initiate-to ip XXX local name XXX l2tp tunnel password 7 XXX

Recently I tried to access the modem from a 12.4(16a) 3640 system (earlier

12.4 versions behave the same). The l2tp dial request fails with an immediate disconnect:

Vi1 Tnl/Sn 50028/3 L2TP: Parse AVP 0, len 8, flag 0x8000 (M) Vi1 Tnl/Sn 50028/3 L2TP: Parse CDN Vi1 Tnl/Sn 50028/3 L2TP: Parse AVP 1, len 52, flag 0x8000 (M) Vi1 Tnl/Sn 50028/3 L2TP: Result code(2): 2: Call disconnected, refer to error msg Error code(0): No error Optional msg: Insufficient config to satisfy dialout req Vi1 Tnl/Sn 50028/3 L2TP: No missing AVPs in CDN

Here is the call request that fails from the 12.4 system as logged on the 4700M:

Tnl 17209 L2TP: Parse AVP 0, len 8, flag 0x8000 (M) Tnl 17209 L2TP: Parse OCRQ Tnl 17209 L2TP: Parse AVP 14, len 8, flag 0x8000 (M) Tnl 17209 L2TP: Assigned Call ID 2 Tnl 17209 L2TP: Parse AVP 15, len 10, flag 0x8000 (M) Tnl 17209 L2TP: Serial Number 703800000 Tnl 17209 L2TP: Parse AVP 14, len 8, flag 0x8000 (M) Tnl 17209 L2TP: Assigned Call ID 2 Tnl 17209 L2TP: Parse AVP 16, len 10, flag 0x8000 (M) Tnl 17209 L2TP: Min BPS 1 Tnl 17209 L2TP: Parse AVP 17, len 10, flag 0x8000 (M) Tnl 17209 L2TP: Max BPS 56000 Tnl 17209 L2TP: Parse AVP 18, len 10, flag 0x8000 (M) Tnl 17209 L2TP: Bearer Type 3 Tnl 17209 L2TP: Parse AVP 19, len 10, flag 0x8000 (M) Tnl 17209 L2TP: Framing Type 3 Tnl 17209 L2TP: Parse AVP 21, len 9, flag 0x8000 (M) Tnl 17209 L2TP: Called Number S=1 Tnl 17209 L2TP: Parse Cisco AVP 102, len 6, flag 0x0 Tnl 17209 L2TP: Username Tnl 17209 L2TP: No missing AVPs in OCRQ

Here is a call request from a 12.2 system that works, again as logged on the 4700M:

Tnl 37026 L2TP: Parse AVP 0, len 8, flag 0x8000 (M) Tnl 37026 L2TP: Parse OCRQ Tnl 37026 L2TP: Parse AVP 14, len 8, flag 0x8000 (M) Tnl 37026 L2TP: Assigned Call ID 2 Tnl 37026 L2TP: Parse AVP 15, len 10, flag 0x8000 (M) Tnl 37026 L2TP: Serial Number 172300000 Tnl 37026 L2TP: Parse AVP 16, len 10, flag 0x8000 (M) Tnl 37026 L2TP: Min BPS 1 Tnl 37026 L2TP: Parse AVP 17, len 10, flag 0x8000 (M) Tnl 37026 L2TP: Max BPS 10000 Tnl 37026 L2TP: Parse AVP 18, len 10, flag 0x8000 (M) Tnl 37026 L2TP: Bearer Type 3 Tnl 37026 L2TP: Parse AVP 19, len 10, flag 0x8000 (M) Tnl 37026 L2TP: Framing Type 3 Tnl 37026 L2TP: Parse AVP 21, len 9, flag 0x8000 (M) Tnl 37026 L2TP: Called Number S=1 Tnl 37026 L2TP: No missing AVPs in OCRQ

The differences I see are:

-The 12.4 system repeats AVP14 (Assigned Call ID).

-The 12.4 system requests a Max BPS of 56000 as opposed to 10000 for the 12.2 system.

-The 12.4 system include Cisco AVP102 (Username) while the 12.2 system does not.

My thought is that one of these differences is upsetting the server, though of course it might be something else in the earlier tunnel negotiation. Unfortunately, the 4700M does not log the reason that it is claiming "Insufficient config" and I see no obvious way to tweak the 12.4 system to make its requests more like the 12.2 system's.

Has anyone seen anything like this?

Before you suggest upgrading the modem server to 12.4, note that that would require replacing the router (since the 4700M tops out as 12.2) and I am concerned about a ripple effect as the 4700M also manages some outgoing l2tp tunnels to other 12.2 devices.

Dan Lanciani ddl@danlan.*com

Reply to
Dan Lanciani
Loading thread data ...

(following up to my own posting)

In article , ddl@danlan.*com (Dan Lanciani) writes:

| A 4700M running 12.2(46a) (but it has run with much earlier versions as | well) provides accept-dialout l2tp vpdn access to a synchronous modem | (in reality an ISDN terminal adapter, but the 4700M doesn't know). | | vpdn-group 1 | accept-dialout | protocol l2tp | dialer 0 | terminate-from hostname XXX | l2tp tunnel password 7 XXX | | Clients running 12.2 (and I think earlier) access the modem resource with | request-dialout l2tp vpdn groups. | | vpdn-group 1 | request-dialout | protocol l2tp | pool-member 1 | initiate-to ip XXX | local name XXX | l2tp tunnel password 7 XXX | | Recently I tried to access the modem from a 12.4(16a) 3640 system (earlier | 12.4 versions behave the same). The l2tp dial request fails with an immediate | disconnect: | | Vi1 Tnl/Sn 50028/3 L2TP: Parse AVP 0, len 8, flag 0x8000 (M) | Vi1 Tnl/Sn 50028/3 L2TP: Parse CDN | Vi1 Tnl/Sn 50028/3 L2TP: Parse AVP 1, len 52, flag 0x8000 (M) | Vi1 Tnl/Sn 50028/3 L2TP: Result code(2): 2: Call disconnected, refer to error msg | Error code(0): No error | Optional msg: Insufficient config to satisfy dialout req | Vi1 Tnl/Sn 50028/3 L2TP: No missing AVPs in CDN | | Here is the call request that fails from the 12.4 system as logged | on the 4700M: | | Tnl 17209 L2TP: Parse AVP 0, len 8, flag 0x8000 (M) | Tnl 17209 L2TP: Parse OCRQ | Tnl 17209 L2TP: Parse AVP 14, len 8, flag 0x8000 (M) | Tnl 17209 L2TP: Assigned Call ID 2 | Tnl 17209 L2TP: Parse AVP 15, len 10, flag 0x8000 (M) | Tnl 17209 L2TP: Serial Number 703800000 | Tnl 17209 L2TP: Parse AVP 14, len 8, flag 0x8000 (M) | Tnl 17209 L2TP: Assigned Call ID 2 | Tnl 17209 L2TP: Parse AVP 16, len 10, flag 0x8000 (M) | Tnl 17209 L2TP: Min BPS 1 | Tnl 17209 L2TP: Parse AVP 17, len 10, flag 0x8000 (M) | Tnl 17209 L2TP: Max BPS 56000 | Tnl 17209 L2TP: Parse AVP 18, len 10, flag 0x8000 (M) | Tnl 17209 L2TP: Bearer Type 3 | Tnl 17209 L2TP: Parse AVP 19, len 10, flag 0x8000 (M) | Tnl 17209 L2TP: Framing Type 3 | Tnl 17209 L2TP: Parse AVP 21, len 9, flag 0x8000 (M) | Tnl 17209 L2TP: Called Number S=1 | Tnl 17209 L2TP: Parse Cisco AVP 102, len 6, flag 0x0 | Tnl 17209 L2TP: Username | Tnl 17209 L2TP: No missing AVPs in OCRQ | | Here is a call request from a 12.2 system that works, again as logged on | the 4700M: | | Tnl 37026 L2TP: Parse AVP 0, len 8, flag 0x8000 (M) | Tnl 37026 L2TP: Parse OCRQ | Tnl 37026 L2TP: Parse AVP 14, len 8, flag 0x8000 (M) | Tnl 37026 L2TP: Assigned Call ID 2 | Tnl 37026 L2TP: Parse AVP 15, len 10, flag 0x8000 (M) | Tnl 37026 L2TP: Serial Number 172300000 | Tnl 37026 L2TP: Parse AVP 16, len 10, flag 0x8000 (M) | Tnl 37026 L2TP: Min BPS 1 | Tnl 37026 L2TP: Parse AVP 17, len 10, flag 0x8000 (M) | Tnl 37026 L2TP: Max BPS 10000 | Tnl 37026 L2TP: Parse AVP 18, len 10, flag 0x8000 (M) | Tnl 37026 L2TP: Bearer Type 3 | Tnl 37026 L2TP: Parse AVP 19, len 10, flag 0x8000 (M) | Tnl 37026 L2TP: Framing Type 3 | Tnl 37026 L2TP: Parse AVP 21, len 9, flag 0x8000 (M) | Tnl 37026 L2TP: Called Number S=1 | Tnl 37026 L2TP: No missing AVPs in OCRQ | | The differences I see are: | | -The 12.4 system repeats AVP14 (Assigned Call ID). | -The 12.4 system requests a Max BPS of 56000 as opposed to 10000 for | the 12.2 system. | -The 12.4 system include Cisco AVP102 (Username) while the 12.2 system | does not. | | My thought is that one of these differences is upsetting the server, | though of course it might be something else in the earlier tunnel | negotiation. Unfortunately, the 4700M does not log the reason that | it is claiming "Insufficient config" and I see no obvious way to | tweak the 12.4 system to make its requests more like the 12.2 system's.

I found that the max BPS is controlled by the bandwidth of the client's dialer interface, so I was able to eliminate that as a potential culprit. I also found that a 12.3 system does not repeat AVP14 but does send AVP102 (Username) and still fails. This strongly suggests that the latter is the problem.

Does anyone know how to prevent 12.4 from sending the (null) Username AVP and/or how to get 12.2 to ignore or accept it? What exactly is the username of a tunnel session anyway? Show vpdn session on all tunnels I use shows the username as blank, but I have seen examples where it corresponds to PPP's PAP user. I'm not sure how this comes about since the session is up before PPP negotiation begins. It may happen only with pre-authenticated and/or post-authentication-projected connections, but what's the point of having it at all?

Dan Lanciani ddl@danlan.*com

Reply to
Dan Lanciani

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.