User Manual - Configuration Guide (Volume 3)

Chapter 2

Versatile Routing Platform

Configuration of L2TP

Quidway(config)# interface virtual-template 1

Quidway(config-if-virtual-template1)# ip address 192.168.0.1 255.255.255.0

Quidway(config-if-virtual-template1)# ppp authentication chap

Quidway(config-if-virtual-template1)# peer default ip address pool 1

!Start AAA authentication. Quidway(config)# aaa-enable

Quidway(config)# aaa authentication ppp default local

2.5Fault Diagnosis of L2TP

Before debugging VPN, please confirm that LAC and LNS are on public network. The connectivity between them can be tested with “ping”.

Fault 1: The users fail to log in.

Troubleshooting: Failure reasons are as follows:

1)Fail to establish the tunnel. The reasons are as follows: z At LAC side, LNS addresses are improperly set.

z LNS (usually the router) end is not set to receive VPDN group of opposite end of the channel. For details, view the description of “accept dialin” command.

z Tunnel authentication does not pass. If the authentication is configured, make sure that channel passwords of both sides are consistent.

z If local end forcedly disconnects the connection and opposite end fails to receive the corresponding “Disconnect” message due to network transmission error, an immediately originated tunnel connection will fail. The reason is that both sides cannot detect the disconnected link within certain time, and the tunnel connections originated by two opposite ends with the same IP addresses are not allowed.

2)PPP negotiation does not pass. The reasons may be:

zErrors occur to user name and password set at LAC end, or the corresponding users are not set at LNS end.

zLNS end can not distribute addresses, e.g. the address pool is set to small, or no address pool is set.

zThe types of channel password authentication are inconsistent. The default authentication type of VPN connection created by Windows 2000 is MSCHAP. If opposite end does not support MSCHAP, CHAP is recommended.

Fault 2: Fail to transmit data. After the connection is established, no data can be transmitted, e.g. cannot ping through opposite end.

Troubleshooting: Possible reasons are as follows:

zThe address set by LAC is wrong: Generally, LNS distributes addresses, but LAC can also designate its own address. If the designated address and the address to be distributed by LNS are not in the same network segment, this problem will occur. It is recommended that LNS distribute the addresses.

zNetwork congestion: Congestion occurs to Internet backbone network and packets are often lost. L2TP transmission is based on UDP (User Datagram Protocol). UDP does not control message errors. If L2TP is adopted when line quality is unstable, “Ping” opposite end may fail.

2-19

Page 39
Image 39
Huawei v200r001 user manual Fault Diagnosis of L2TP