思科路由器设置VPDN的方法

2024年4月27日发(作者：)

思科路由器设置VPDN的方法

1 启用aaa new-model

aaa new-model

2、建立认证方式

aaa authentication ppp mytest local （这里为本地认证）

3、启用VPDN

vpdn enable

4、建立VPDN组

vpdn-group mytest

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

local name mytest-name

lcp renegotiation always //注意非常重要，否则LCP不会自协商，那么

路由

器的MTU值一定要和对

方LAC发过来的要匹配，否则LCP失败

l2tp tunnel password 7 00090A1201481F

5、建立IP 本地POOL

ip local pool mytest-01 172.23.1.2 172.23.1.254

6、配置虚模板

interface Virtual-Template1

ip address 172.23.1.1 255.255.255.0

peer default ip address pool mytest-01

ppp authentication pap mytest

5200g

domain

authentication-scheme vpdn_none

accounting-scheme vpdn_none

l2tp-group

l2tp-group

tunnel password simple mytest

tunnel name mytest

start l2tp

tunnel source LoopBack0

附：L2TP

协议

结构

1、IP包头 20字节

2、UDP报头 8字节

3、L2TP报头 12字节：包括：

1）the version and flag fields （2 bytes）

2）the tunnel id and session id fields （2 bytes each）

3）2 bytes of padding offset

4）4 bytes of Point-to-Point Protocol （PPP） encapsulation

//以下是没有启用LCP自协商的DEBUG 连接失败

Jul 25 00:03:48.084: Vi1 VPDN: Virtual interface created for

*********

Jul 25 00:03:48.084: Vi1 PPP: Phase is DOWN, Setup

Jul 25 00:03:48.084: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking

Jul 25 00:03:48.204: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Jul 25 00:03:48.204: Vi1 PPP: Using set call direction

Jul 25 00:03:48.204: Vi1 PPP: Treating connection as a callin

Jul 25 00:03:48.204: Vi1 PPP: Phase is ESTABLISHING, Passive Open

Jul 25 00:03:48.204: Vi1 LCP: State is Listen

Jul 25 00:03:48.204: Vi1 VPDN: Bind interface direction=2

Jul 25 00:03:48.204: Vi1 LCP: I FORCED CONFREQ len 14

Jul 25 00:03:48.204: Vi1 LCP: MRU 1492 （0x010405D4）

Jul 25 00:03:48.204: Vi1 LCP: AuthProto PAP （0x0304C023）

Jul 25 00:03:48.204: Vi1 LCP: MagicNumber 0x01022143 （0x）

Jul 25 00:03:48.204: Vi1 VPDN: PPP LCP accepted rcv CONFACK

Jul 25 00:03:48.204: Vi1 LCP: I FORCED CONFACK len 10

Jul 25 00:03:48.204: Vi1 LCP: MRU 1480 （0x010405C8）

Jul 25 00:03:48.204: Vi1 LCP: MagicNumber 0x082D5DCE （0x0506082D5DCE）

Jul 25 00:03:48.204: Vi1 VPDN: PPP LCP not accepting sent CONFACK

Jul 25 00:03:48.204: Vi1 VPDN: Unbind interface

Jul 25 00:03:48.296: Vi1 PPP: No remote authentication for call-in

Jul 25 00:03:48.560: Vi1 PPP: Missed link down notification

Jul 25 00:03:48.560: Vi1 LCP: State is Closed

Jul 25 00:03:48.560: Vi1 PPP: Phase is DOWN

//以下是启用了LCP自协商的DEBUG

Jul 24 23:53:08.188: Vi1 VPDN: Virtual interface created for

*********

Jul 24 23:53:08.188: Vi1 PPP: Phase is DOWN, Setup

Jul 24 23:53:08.188: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking

Jul 24 23:53:08.308: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Jul 24 23:53:08.308: Vi1 PPP: Using set call direction

Jul 24 23:53:08.308: Vi1 PPP: Treating connection as a callin

Jul 24 23:53:08.308: Vi1 PPP: Phase is ESTABLISHING, Passive Open

Jul 24 23:53:08.308: Vi1 LCP: State is Listen

Jul 24 23:53:08.308: Vi1 VPDN: Bind interface direction=2

Jul 24 23:53:08.308: Vi1 VPDN: Initiated LCP negotiation

Jul 24 23:53:08.308: Vi1 LCP: O CONFREQ [Listen] id 1 len 14

Jul 24 23:53:08.308: Vi1 LCP: AuthProto PAP （0x0304C023）

Jul 24 23:53:08.308: Vi1 LCP: MagicNumber 0xC1CD483A （0x0506C1CD483A）

Jul 24 23:53:08.308: Vi1 VPDN: O out

Jul 24 23:53:08.308: Vi1 Tnl/Cl 59610/37 L2TP: Proc switch into （1701） （1701），

len 54

Jul 24 23:53:08.316: Vi1 PPP: I pkt type 0xC021, datagramsize 18

Jul 24 23:53:08.316: Vi1 PPP: I pkt type 0xC021, datagramsize 18

Jul 24 23:53:08.316: Vi1 LCP: I CONFREQ [REQsent] id 4 len 14