No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR Router Troubleshooting Guide

This Product Documentation provides guidance for maintaining AR Enterprise Router, covering common information collection and fault diagnostic commands, typical fault troubleshooting guide, and troubleshooting.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
When an AR Is Deployed as the LNS to Assign IP Addresses to PCs Through the RADIUS Server, PCs Fail to Obtain IP Addresses Through Dial-up

When an AR Is Deployed as the LNS to Assign IP Addresses to PCs Through the RADIUS Server, PCs Fail to Obtain IP Addresses Through Dial-up

This section provides a troubleshooting case for the following fault: PCs fail to obtain IP addresses through dial-up when an AR is deployed as the L2TP network server (LNS) to assign IP addresses to PCs through the RADIUS server.

Networking

Figure 25-22  Configuring remote users to initiate dial-up connections through an L2TP tunnel

LNS configurations:

#
 l2tp enable
#
interface Virtual-Template1
 ppp authentication-mode chap domain hbpostmbp.vpdn.hb  
#
radius-server template hbtest
 radius-server shared-key cipher %@%@a&*3R}%)tY1u!Z1=E1*5<F)c%@%@
 radius-server authentication 10.2.1.2 1812 weight 80
 radius-server accounting 10.2.1.2 1813 weight 80
 undo radius-server user-name domain-included
#
aaa
 authentication-scheme hbpost1207
 accounting-scheme hbpost1207
 domain hbpostmbp.vpdn.hb
  authentication-scheme hbpost1207
  accounting-scheme hbpost1207
  radius-server hbtest 
#
l2tp-group 1
 allow l2tp virtual-template 1
#
return

Fault Description

An AR is deployed as the LNS to assign IP addresses to PCs through the RADIUS server, but PCs fail to obtain IP addresses through dial-up. As a result, L2TP services are interrupted.

Fault Analysis

  1. Run the display l2tp tunnel command on the LNS. In the command output, verify that the L2TP tunnel and session have been established, indicating that the L2TP configuration is correct.
    [LNS] display l2tp tunnel
    
     Total tunnel : 1
     LocalTID RemoteTID RemoteAddress    Port   Sessions RemoteName
     1        1         10.2.1.8         1701   1        LAC
  2. Run the debugging radius all command on the LNS to check the debugging information about the RADIUS module.
    <LNS> debugging radius all
    Dec  9 2014 18:24:21.32.3+00:00 LNS RDS/7/DEBUG:
    [RDS(Evt):] Recv a msg(Auth req)
    [RDS(Evt):] Send a packet(IP:10.2.1.2,Port:1812,Code:authentication request,ID:145 )
    Dec  9 2014 18:24:21.42.4+00:00 LNS RDS/7/DEBUG:
      RADIUS Sent a Packet.
    [RDS(Evt):] Receive a packet(IP:10.2.1.2,Port:1812,Code:authentication accept,ID:145 )
    Dec  9 2014 18:24:21.42.9+00:00 LNS RDS/7/DEBUG:
      RADIUS Received a Packet.
  3. According to the debugging information, when receiving a request packet from a PC, the LNS forwards the request packet to the RADIUS server, and the RADIUS server returns an authentication success message. However, the PC displays information indicating that the IP address is not obtained. The analysis is as follows: The LNS checks the global address pool before delivering an IP address to the PC, but the LNS is not configured with a global address pool. As a result, IP address verification fails, and the LNS does not deliver an IP address. Therefore, the PC cannot obtain an IP address.
  4. Create a global address pool on the LNS and ensure that the address pool is on the same network segment as the IP addresses delivered by the RADIUS server. After the configuration, the PC can obtain an IP address successfully. The fault is rectified.

Procedure

Create a global address pool on the LNS and ensure that the address pool is on the same network segment as the IP addresses delivered by the RADIUS server.
<LNS> system-view
[LNS] ip pool l2tp
[LNS-ip-pool-l2tp] gateway-list 10.2.1.1
[LNS-ip-pool-l2tp] network 10.2.1.0 mask 255.255.255.0

Conclusions and Suggestions

If the RADIUS server is used to assign IP addresses during L2TP dial-up, you are advised to create a global address pool on the device and ensure that the address pool is on the same network segment as the IP addresses delivered by the RADIUS server. The device uses the address pool to manage assigned addresses in a unified manner. This prevents multiple users from obtaining the same IP address from the RADIUS server. Otherwise, abnormalities will occur on the user using the same IP address.

Translation
Download
Updated: 2019-05-10

Document ID: EDOC1000079719

Views: 446301

Downloads: 4301

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next