USG5100(V100R005)L2TP拨号失败

发布时间:  2014-12-25 浏览次数:  496 下载次数:  0
问题描述
使用VPN client和XP自带的客户端拨号,均提示用户名和密码错误。
设备L2TP配置如下:
l2tp enable
interface Virtual-Template1
ppp authentication-mode chap
ip address 10.0.0.254 255.255.255.0
remote address pool 10      
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/1      
add interface Virtual-Template1
l2tp-group 1
undo tunnel authentication
allow l2tp virtual-template 1
tunnel name LNS
#
aaa
local-user yujia password cipher =-6E).%8;**,YWX*NZ55OA!!
local-user yujia service-type web terminal telnet
local-user yujia level 15
local-user admin password cipher ]MQ;4\]B+4Z,YWX*NZ55OA!!
local-user admin service-type web terminal
local-user admin level 3
local-user huawei password simple Huawei123
local-user huawei service-type ppp
ip pool 10 10.0.0.2 10.0.0.100
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
nqa-jitter tag-version 1

#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
ip route-static 192.168.0.0 255.255.255.0 192.168.1.1
客户端的配置:


处理过程
多次检查配置没有问题。
Debug信息如下:
[USG5100]
2011-11-14 15:29:10 USG5100 %%01IFNET/4/LINK_STATE(l): Line protocol on interface Virtual-Template1:0 has turned into UP state.
2011-11-14 15:29:10 USG5100 %%01IFNET/4/LINK_STATE(l): Line protocol on interface Virtual-Template1:0 has turned into DOWN state.
*0.21938600 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: UCM->AAA      authen request  UserID: 112
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Event AAA_MAIN->AAA_AUTHEN:NomalAuthenReq
  CID=112
  Action=NullAction
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Result=SUCCESS
  FSM:
  AuthenState=AuthenIdle
  AcctState=AcctIdle
  AuthorState=AuthorIdle          ELAState=ELAIdle
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 112,UserName = huawei Start authen
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 112,get domain index 0 to temp domain index
*0.21938600 USG5100 AAA/7/AAADBG:
AAA ERROR:CID = 112,UserName = huawei domain is Block
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:CID 112 State From aaa_auth_idle To aaa_authed
*0.21938600 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: AAA->UCM      authen ack  UserID: 112
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 112,UserName =  Authen State is OK
*0.21938600 USG5100 PPP/7/debug2:
  PPP Error:
      Virtual-Template1:0 PAP : Server failed No.  1 !
*0.21938600 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: UCM->AAA      cut command  UserID: 112
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Event AAA_MAIN->AAA_ACCT:LeavingReq
  CID=112
  Action=NullAction
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Result=SUCCESS
  FSM:
  AuthenState=Authened
  AcctState=AcctIdle
  AuthorState=AuthorIdle          ELAState=ELAIdle
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 112,UserName =  UCM Send Offline Req TO AAA
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Event AAA_ACCT->AAA_ACCT:Leaving-StopAcctReq
  CID=112
  Action=LeavingAction
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Result=INVALID
  FSM:
  AuthenState=Authened
  AcctState=AcctIdle
  AuthorState=AuthorIdle          ELAState=ELAIdle
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:CID 112 State From aaa_acct_idle To aaa_acct_idle
*0.21938600 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: AAA->UCM      cut command ack  UserID: 112
*0.21938600 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 112,UserName =  Offline Success
*0.21938600 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: UCM->AAA      authen request  UserID: 113
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Event AAA_MAIN->AAA_AUTHEN:NomalAuthenReq
  CID=113
  Action=NullAction
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Result=SUCCESS
  FSM:
  AuthenState=AuthenIdle
  AcctState=AcctIdle
  AuthorState=AuthorIdle          ELAState=ELAIdle
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 113,UserName = huawei Start authen
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 113,get domain index 0 to temp domain index
*0.21938610 USG5100 AAA/7/AAADBG:
AAA ERROR:CID = 113,UserName = huawei domain is Block
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:CID 113 State From aaa_auth_idle To aaa_authed
*0.21938610 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: AAA->UCM      authen ack  UserID: 113
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 113,UserName =  Authen State is OK
*0.21938610 USG5100 PPP/7/debug2:
  PPP Error:
      Virtual-Template1:0 PAP : Server failed No.  2 !
*0.21938610 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: UCM->AAA      cut command  UserID: 113
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Event AAA_MAIN->AAA_ACCT:LeavingReq
  CID=113
  Action=NullAction
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Result=SUCCESS
  FSM:
  AuthenState=Authened
  AcctState=AcctIdle
  AuthorState=AuthorIdle          ELAState=ELAIdle
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 113,UserName =  UCM Send Offline Req TO AAA
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Event AAA_ACCT->AAA_ACCT:Leaving-StopAcctReq
  CID=113
  Action=LeavingAction
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:
  Result=INVALID
  FSM:
  AuthenState=Authened
  AcctState=AcctIdle
  AuthorState=AuthorIdle          ELAState=ELAIdle
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:CID 113 State From aaa_acct_idle To aaa_acct_idle
*0.21938610 USG5100 AAA/7/AAADBG:
[AAA debug]  Code: AAA->UCM      cut command ack  UserID: 113
*0.21938610 USG5100 AAA/7/AAADBG:
AAA EVENT:CID = 113,UserName =  Offline Success
[USG5100]
通过:huawei domain is Block 这条信息得出,客户在domain default下面输入过state block


解决方案
aaa
domain default
state active
active后问题解决。
建议与总结
由于误操作照成了这个原因。希望此问题对出现类似问题的工程师有帮助。

END