Junos OS

 View Only
Back to discussions
Expand all | Collapse all

LNS cannot establish L2TP with LAC

  • 1.  LNS cannot establish L2TP with LAC

    This message was posted by a user wishing to remain anonymous
    Posted 9 days ago
    This message was posted by a user wishing to remain anonymous

    Hello eveyone,

    I'm trying to figure out why an existing and working MX204 LNS configuration is not working on my LAB env and on an MX80 too.
    I'm labing on PNETLab with vMX (no licence) but I have the same result with a vMX 18.X eval licenced.

    I'm trying to establish a L2TPv2 tunnel between my LNS (JunOS) and my LAC (Cisco IOS) who is also my PPP endpoint.
    My LAC always got STOPCCN after sending a SCCRQ : 

    I have (on purpose) no authentication on my L2TP. I can't get why this exat configuration is working on my MX204 (no licence) and an C892 ios : 

    set version 22.2R1.9
set system host-name RT-BNG-1
set system root-authentication encrypted-password "$6$sH2SBepI$s8OHoUtkm803IAJFBFH63Rh0tiOj7XYxDSJ03tG/tv.eibEesm60eGf1.3x61btwEGYkaLyeOVTKQp2NCZ/YY1"
set system configuration-database max-db-size 104857600
set system services ssh root-login allow
set system services subscriber-management enable
set system management-instance
set system dynamic-profile-options versioning
set chassis fpc 0 pic 0 inline-services bandwidth 10g
set chassis network-services enhanced-ip
set services l2tp tunnel-group BNG-TUNNEL-1 l2tp-access-profile BNG-LAC-L2TP
set services l2tp tunnel-group BNG-TUNNEL-1 tunnel-timeout 65500
set services l2tp tunnel-group BNG-TUNNEL-1 local-gateway address 5.14.63.58
set services l2tp tunnel-group BNG-TUNNEL-1 local-gateway gateway-name RT-BNG-1
set services l2tp tunnel-group BNG-TUNNEL-1 service-device-pool BNG1-Interface
set services l2tp tunnel-group BNG-TUNNEL-1 dynamic-profile LNS-SUBS-PROFILE
set services service-device-pools pool BNG1-Interface interface si-0/0/0
set interfaces ge-0/0/0 description "BNG1: L3 ACCESS COLLECTE GATE "
set interfaces ge-0/0/0 flexible-vlan-tagging
set interfaces ge-0/0/0 native-vlan-id 1
set interfaces ge-0/0/0 mtu 9216
set interfaces ge-0/0/0 unit 0 vlan-id 1
set interfaces ge-0/0/0 unit 0 family inet mtu 9000
set interfaces ge-0/0/0 unit 0 family inet address 100.64.0.1/24
set interfaces si-0/0/0 encapsulation generic-services
set interfaces si-0/0/0 unit 0 family inet
set interfaces fxp0 unit 0 family inet address 10.200.3.200/24
set interfaces lo0 unit 666 family inet address 5.14.63.58/32
set access group-profile L2TP-BNG-USERS ppp idle-timeout 30
set access group-profile L2TP-BNG-USERS ppp ppp-options pap
set access group-profile L2TP-BNG-USERS ppp ppp-options chap
set access group-profile L2TP-BNG-USERS ppp ppp-options mru 1492
set access group-profile L2TP-BNG-USERS ppp ppp-options mtu 1492
set access group-profile L2TP-BNG-USERS ppp keepalive 30
set access profile BNG-LAC-L2TP client DEFAULT l2tp maximum-sessions 2000
set access profile BNG-LAC-L2TP client DEFAULT l2tp interface-id BNG-LNS
set access profile BNG-LAC-L2TP client DEFAULT l2tp lcp-renegotiation
set access profile BNG-LAC-L2TP client DEFAULT user-group-profile L2TP-BNG-USERS
set routing-instances INTERNET instance-type vrf
set routing-instances INTERNET interface ge-0/0/0.0
set routing-instances INTERNET interface lo0.666
set routing-instances INTERNET route-distinguisher 65000:666
set routing-instances INTERNET vrf-target import target:65000:666
set routing-instances INTERNET vrf-target export target:65000:666
set routing-instances INTERNET vrf-table-label
set routing-instances mgmt_junos routing-options static route 0.0.0.0/0 next-hop 10.200.3.1
set dynamic-profiles LNS-SUBS-PROFILE routing-instances "$junos-routing-instance" interface "$junos-interface-name"
set dynamic-profiles LNS-SUBS-PROFILE routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix next-hop "$junos-framed-route-nexthop"
set dynamic-profiles LNS-SUBS-PROFILE routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix metric "$junos-framed-route-cost"
set dynamic-profiles LNS-SUBS-PROFILE routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix preference "$junos-framed-route-distance"
set dynamic-profiles LNS-SUBS-PROFILE routing-instances "$junos-routing-instance" routing-options access route $junos-framed-route-ip-address-prefix tag "$junos-framed-route-tag"
set dynamic-profiles LNS-SUBS-PROFILE routing-instances "$junos-routing-instance" routing-options access-internal route $junos-subscriber-ip-address qualified-next-hop "$junos-interface-name"
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options l2tp-interface-id BNG-LNS
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" dial-options dedicated
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" routing-service enable
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" ppp-options chap
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" ppp-options pap
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" ppp-options mru 1500
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" ppp-options mtu 1500
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" keepalives interval 30
set dynamic-profiles LNS-SUBS-PROFILE interfaces "$junos-interface-ifd-name" unit "$junos-interface-unit" family inet unnumbered-address "$junos-loopback-interface"

    LAC : 

    l2tp-class LAC
 hostname RT-BNG-1
!
pseudowire-class L2TP
 encapsulation l2tpv2
 protocol l2tpv2 LAC
 ip local interface GigabitEthernet0/0
!
interface GigabitEthernet0/0
 ip address 100.64.0.55 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
interface Virtual-PPP1
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1300
 ip verify unicast reverse-path
 ip tcp adjust-mss 1200
 load-interval 30
 ppp chap hostname test@test.dop
 ppp chap password 0 test
 ppp ipcp dns request
 ppp ipcp route default
 pseudowire 5.14.63.58 1 encapsulation l2tpv2 pw-class L2TP
!
ip route 5.14.63.58 255.255.255.255 100.64.0.1

    Connectivity is OK on both sides.
    Also, I don't have the aaa configuration for the PPP because the radius request seems to be send anyways after the L2TP tunnel establishment (Am I wrong ?).

    Any help is welcome, thank you to those who will take the time to 😀.



    -------------------------------------------