思科路由器設置VPDN的方法

CCNA 重新認證：CCNA認證證書的時效性是三年。要重新更新證書，必須通過CCNA的考試(如果通過的下一階段CCNP的考試，CCNA認證證書會被自動更新)下面是小編整理的關於思科路由器設置VPDN的.方法，歡迎大家參考!

1 啟用aaa new-model

aaa new-model

2、建立認證方式

aaa authentication ppp mytest local (這裏為本地認證)

3、啟用VPDN

vpdn enable

4、建立VPDN組

vpdn-group mytest

! Default L2TP VPDN group

accept-dialin

protocol l2tp

virtual-template 1

local name mytest-name

lcp renegotiation always //注意非常重要，否則LCP不會自協商，那麼路由器的MTU值一定要和對方LAC發過來的要匹配，否則LCP失敗

l2tp tunnel password 7 00090A1201481F

source-ip x.x.x.x

5、建立IP 本地POOL

ip local pool mytest-01

6、配置虛模板

interface Virtual-Template1

ip address

peer default ip address pool mytest-01

ppp authentication pap mytest

5200g

domain

authentication-scheme vpdn_none

accounting-scheme vpdn_none

l2tp-group

l2tp-group

tunnel password simple mytest

tunnel name mytest

start l2tp ip x.x.x.x

tunnel source LoopBack0

附：L2TP協議結構

1、IP包頭 20字節

2、UDP報頭 8字節

3、L2TP報頭 12字節：包括：

1)the version and flag fields (2 bytes)

2)the tunnel id and session id fields (2 bytes each)

3)2 bytes of padding offset

4)4 bytes of Point-to-Point Protocol (PPP) encapsulation

//以下是沒有啟用LCP自協商的DEBUG 連接失敗

Jul 25 00:03:48.084: Vi1 VPDN: Virtual interface created for

Jul 25 00:03:48.084: Vi1 PPP: Phase is DOWN, Setup

Jul 25 00:03:48.084: Vi1 VPDN: Clone from Vtemplate 1 filterPPP=0 blocking

Jul 25 00:03:48.204: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

Jul 25 00:03:48.204: Vi1 PPP: Using set call direction

Jul 25 00:03:48.204: Vi1 PPP: Treating connection as a callin

Jul 25 00:03:48.204: Vi1 PPP: Phase is ESTABLISHING, Passive Open

Jul 25 00:03:48.204: Vi1 LCP: State is Listen

Jul 25 00:03:48.204: Vi1 VPDN: Bind interface direction=2

Jul 25 00:03:48.204: Vi1 LCP: I FORCED CONFREQ len 14

Jul 25 00:03:48.204: Vi1 LCP: MRU 1492 (0x010405D4)

Jul 25 00:03:48.204: Vi1 LCP: AuthProto PAP (0x0304C023)

Jul 25 00:03:48.204: Vi1 LCP: MagicNumber 0x01022143 (0x050601022143)

Jul 25 00:03:48.204: Vi1 VPDN: PPP LCP accepted rcv CONFACK

Jul 25 00:03:48.204: Vi1 LCP: I FORCED CONFACK len 10

Jul 25 00:03:48.204: Vi1 LCP: MRU 1480 (0x010405C8)

Jul 25 00:03:48.204: Vi1 LCP: MagicNumber 0x082D5DCE (0x0506082D5DCE)

Jul 25 00:03:48.204: Vi1 VPDN: PPP LCP not accepting sent CONFACK

Jul 25 00:03:48.204: Vi1 VPDN: Unbind interface

Jul 25 00:03:48.296: Vi1 PPP: No remote authentication for call-in

Jul 25 00:03:48.560: Vi1 PPP: Missed link down notification

Jul 25 00:03:48.560: Vi1 LCP: State is Closed