AR1200-S L2TP业务拨号故障

发布时间:  2017-05-08 浏览次数:  143 下载次数:  0
问题描述

版本信息:AR1200-S,V200R006C00SPCD00

组网概述:AR1200-S设备双出口采用PPPOE拨号上网,同时作为L2TP网络里的LAC设备,进行L2TP拨号。

组网拓扑:无

配置脚本:

[V200R006C10SPC300]
 l2tp enable
dhcp enable
acl name GigabitEthernet0/0/9 2998 
 rule 5 permit
acl name GigabitEthernet0/0/8 2999 
 rule 5 permit
ip pool pool1
 gateway-list 192.168.1.1
 network 192.168.1.0 mask 255.255.255.0
 dns-list 114.114.114.114
interface Dialer1
 link-protocol ppp
 ppp chap user SZFTTH1080515517@16900.gd
 ppp chap password cipher %@%@K:f;+L3ad!)l_2J:@un+,&fZ%@%@
 ppp pap local-user SZFTTH1080515517@16900.gd password cipher %@%@C$nwGm'i>(k2BZX;`0$Z,&|1%@%@
 ppp ipcp dns admit-any
 ppp ipcp dns request
 description Unicom 100M PPPoE
 tcp adjust-mss 1200
 ip address ppp-negotiate
 dialer user arweb
 dialer bundle 1
 dialer number 1
 dialer-group 1
 nat outbound 2999
interface Dialer2
 link-protocol ppp
 ppp chap user 075501311566@163.gd
 ppp chap password cipher %@%@L#c>4k3OE.FES&9*}5k)"KST%@%@
 ppp pap local-user 075501311566@163.gd password cipher %@%@L#c>4k3OE.FES&9*}5k)"KST%@%@
 ppp ipcp dns admit-any
 ppp ipcp dns request
 description Telecom 100M PPPoE
 tcp adjust-mss 1200
 ip address ppp-negotiate
 dialer user arweb
 dialer bundle 2
 dialer number 2
 dialer-group 1
 ddns apply policy DDNS1
 nat outbound 2998
interface Virtual-Template1
 ppp chap user yhj
 ppp chap password cipher %@%@YGf%1(%J%Qt4p!-:F.R9#2pe%@%@
 ip address ppp-negotiate
 l2tp-auto-client enable
interface GigabitEthernet0/0/0
 undo portswitch
 ip address 192.168.1.1 255.255.255.0
 dhcp select global
interface GigabitEthernet0/0/8
 pppoe-client dial-bundle-number 1
 description Unicom 100M PPPoE
interface GigabitEthernet0/0/9
 pppoe-client dial-bundle-number 2
 description Telecom 100M PPPoE
dialer-rule
 dialer-rule 1 ip permit
l2tp-group 1
 tunnel password cipher %@%@1z381;n_P61[2E#S*7;W#3$V%@%@
 tunnel name lac
 start l2tp ip 119.145.16.222 fullusername yhj
ip route-static 0.0.0.0 0.0.0.0 Dialer1 preference 30
ip route-static 0.0.0.0 0.0.0.0 Dialer2 preference 50
ip route-static 119.145.16.222 255.255.255.255 Dialer2
ip route-static 192.168.1.0 255.255.255.0 Virtual-Template1
ip route-static 192.168.10.0 255.255.255.0 Virtual-Template1
ip route-static 192.168.20.0 255.255.255.0 Virtual-Template1
ip route-static 192.168.30.0 255.255.255.0 Virtual-Template1
ip route-static 192.168.100.0 255.255.255.0 Virtual-Template1

 

告警信息

2017-5-8 13:24:27+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[55]:The line protocol PPP on the interface Virtual-Template1:0 has entered the UP state.
[1220E-S-Virtual-Template1]
2017-5-8 13:24:27+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[56]:The line protocol PPP on the interface Virtual-Template1:1 has entered the UP state.
[1220E-S-Virtual-Template1]
2017-5-8 13:24:39+00:00 1220E-S %%01PPP/4/PHYSICALDOWN(l)[57]:On the interface Virtual-Template1:1, PPP link was closed because the status of the physical layer was Down.
[1220E-S-Virtual-Template1]
2017-5-8 13:24:39+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[58]:The line protocol PPP on the interface Virtual-Template1:1 has entered the DOWN state.
[1220E-S-Virtual-Template1]
2017-5-8 13:24:39+00:00 1220E-S %%01PPP/4/PHYSICALDOWN(l)[59]:On the interface Virtual-Template1:0, PPP link was closed because the status of the physical layer was Down.
[1220E-S-Virtual-Template1]
2017-5-8 13:24:39+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[60]:The line protocol PPP on the interface Virtual-Template1:0 has entered the DOWN state.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:12+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[61]:The line protocol PPP on the interface Virtual-Template1:0 has entered the UP state.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:12+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[62]:The line protocol PPP on the interface Virtual-Template1:1 has entered the UP state.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:24+00:00 1220E-S %%01PPP/4/PHYSICALDOWN(l)[63]:On the interface Virtual-Template1:1, PPP link was closed because the status of the physical layer was Down.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:24+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[64]:The line protocol PPP on the interface Virtual-Template1:1 has entered the DOWN state.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:24+00:00 1220E-S %%01PPP/4/PHYSICALDOWN(l)[65]:On the interface Virtual-Template1:0, PPP link was closed because the status of the physical layer was Down.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:24+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[66]:The line protocol PPP on the interface Virtual-Template1:0 has entered the DOWN state.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:56+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[67]:The line protocol PPP on the interface Virtual-Template1:0 has entered the UP state.
[1220E-S-Virtual-Template1]
2017-5-8 13:25:56+00:00 1220E-S %%01IFNET/4/LINK_STATE(l)[68]:The line protocol PPP on the interface Virtual-Template1:1 has entered the UP state.

处理过程

检查用户配置,首先根据physical layer was Down信息,排查PPPOE拨号端口是否有link up 或者down的现象,但链路一直很稳定,出口线路并没有问题。

然后将分析焦点定位在L2TP配置上,检查了很多遍也没有发现问题。

最后了解客户的网络结构,其中有一条公网PPPOE链路目前是没有接线的,处于备用状态,再仔细检查路由设置ip route-static 119.145.16.222 255.255.255.255 Dialer2这条到对端LNS设备路由的下一跳刚好是备用线路。

根因

到LNS设备路由配置了错误的静态路由。

解决方案

ip route-static 119.145.16.222 255.255.255.255 Dialer1

建议与总结

包括L2TP等各种VPN故障,除了排查配置,安全策略,会话信息外,路由可达才是根本之根本。

END