Support User Manuals

Huawei v200r001 Network Router User Manual

Open as PDF

of 258

User Manual - Configuration Guide (Volume 3)

Versatile Routing Platform

Chapter 2

Configuration of L2TP

2-19

Quidway(config)# interface virtual-template 1

Quidway(config-if-virtual-template1)# ip address 192.168.0.1 255.255.255.0

Quidway(config-if-virtual-template1)# ppp authentication chap

Quidway(config-if-virtual-template1)# peer default ip address pool 1

! Start AAA authentication.

Quidway(config)# aaa-enable

Quidway(config)# aaa authentication ppp default local

2.5 Fault Diagnosis of L2TP

Before debugging VPN, please confirm that LAC and LNS are on public network. The

connectivity between them can be tested with “ping”.

Fault 1: The users fail to log in.

Troubleshooting: Failure reasons are as follows:

1) Fail to establish the tunnel. The reasons are as follows:

z At LAC side, LNS addresses are improperly set.

z LNS (usually the router) end is not set to receive VPDN group of opposite end of

the channel. For details, view the description of “accept dialin” command.

z Tunnel authentication does not pass. If the authentication is configured, make

sure that channel passwords of both sides are consistent.

z If local end forcedly disconnects the connection and opposite end fails to receive

the corresponding “Disconnect” message due to network transmission error, an

immediately originated tunnel connection will fail. The reason is that both sides

cannot detect the disconnected link within certain time, and the tunnel connections

originated by two opposite ends with the same IP addresses are not allowed.

2) PPP negotiation does not pass. The reasons may be:

z Errors occur to user name and password set at LAC end, or the corresponding

users are not set at LNS end.

z LNS end can not distribute addresses, e.g. the address pool is set to small, or no

address pool is set.

z

The types of channel password authentication are inconsistent. The default

authentication type of VPN connection created by Windows 2000 is MSCHAP. If

opposite end does not support MSCHAP, CHAP is recommended.

Fault 2: Fail to transmit data. After the connection is established, no data can be

transmitted, e.g. cannot ping through opposite end.

Troubleshooting: Possible reasons are as follows:

z The address set by LAC is wrong: Generally, LNS distributes addresses, but LAC

can also designate its own address. If the designated address and the address to

be distributed by LNS are not in the same network segment, this problem will

occur. It is recommended that LNS distribute the addresses.

z Network congestion: Congestion occurs to Internet backbone network and

packets are often lost. L2TP transmission is based on UDP (User Datagram

Protocol). UDP does not control message errors. If L2TP is adopted when line

quality is unstable, “Ping” opposite end may fail.

previous next