Testing L2TP Tunnel Configurations from the LAC
You can test L2TP tunnel configurations on the LAC and successful subscriber authentication and tunneling without bringing up a PPP user and an associated tunnel.
Issue the test services l2tp tunnel command from CLI operational mode to map a subscriber to an L2TP tunnel, verify the L2TP tunnel configuration (both locally on the LAC and on a back-end server such as a RADIUS server), and verify that L2TP tunnels from the LAC can be established with the remote LNS.
The Junos OS LAC implementation enables you to configure multiple tunnels from which one tunnel is chosen for tunneling a PPP subscriber. You can use the test services l2tp tunnel command to test all possible tunnel configurations to verify that each can be established. Alternatively, you can test only a specific tunnel for the subscriber.
You must specify a configured subscriber username when you issue the command. The test generates a dummy password—testpass—for the subscriber, or you can optionally specify the password. The test verifies whether the subscriber identified by that username can be tunneled according to the tunnel configuration. If the subscriber can be tunneled, then the test verifies whether the L2TP tunnel can be established with the LNS according to the L2TP configuration.
You can optionally specify a tunnel ID, in which case only that tunnel is tested; the tunnel must be already configured for that username. If you omit this option, the test is applied to the full set of tunnel configurations that are returned for the username. The tunnel ID you specify is the same as that used by Tunnel-Assignment-Id (RADIUS attribute 82) and specified by the identification statement in the tunnel profile.
To test subscriber authentication and tunnel configuration:
- Specify only the username.
Example 1:
user@host> test services l2tp tunnel user test-user1@example.comSubscriber: test-user1@example.com, authentication failed
The user failed authentication with the generated password and consequently was not tunneled.
Example 2:
user@host> test services l2tp tunnel user user23@example.comSubscriber: user23@example.com, authentication success, l2tp tunneled Tunnel-name Tunnel-peer Logical-System Routing-Instance Status test1tunnel 192.168.2.3 default default Up test2tunnel 172.24.3.3 default default Peer unresponsive test3tunnel 172.24.5.1 default test Up
This user was authenticated with the generated password and successfully tunneled. A set of tunnels was found to be associated with that username and the entire set was tested.
- Specify the username and the user’s configured password.
user@host> test services l2tp tunnel user test-user1@example.com password grZ98#jWSubscriber: test-user1@example.com, authentication success, locally terminated
The subscriber was authenticated. However, the user was terminated locally rather than tunneled; this means that no tunnel was found to be associated with the user.
- Specify the username and a particular tunnel for the subscriber.
user@host> test services l2tp tunnel user rx37w@example.com tunnel-name ce-lacSubscriber: rx37w@example.com, authentication success, l2tp tunneled Tunnel-name Tunnel-peer Logical-System Routing-Instance Status ce-lac 192.168.5.10 default default Up
The subscriber was authenticated and tunneled. The specified tunnel was found for the subscriber and the tunnel was established, confirming the tunnel configuration.
- Specify the username, the user’s configured password,
and a tunnel.
user@host> test services l2tp tunnel user fanta4-mfg-fan@example.com password dieda499 tunnel-name tunnel5Subscriber: fanta4-mfg-fan@example.com, authentication success, l2tp tunneled
The subscriber was authenticated and tunneled. The absence of tunnel information in the output indicates that the specified tunnel configuration does not exist.
