No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 Troubleshooting Guide V1.0 (VRPv8)

This document provides the maintenance guide of the device, including daily maintenance, emergence maintenance, and typical troubleshooting.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Troubleshooting L2TP

Troubleshooting L2TP

An L2TP User Fails to Get Online

Common Causes

This fault is commonly caused by one of the following:

  • Layer 3 forwarding between the LAC and the LNS fails.
  • L2TP is not enabled on the LAC or the LNS.
  • L2TP group attributes of the LAC and the LNS are not matched.
  • The LAC and the LNS do not have the consistent tunnel authentication scheme or password.
  • Strict tunnel authentication has been configured for the LAC, and the remote tunnel name configured on the LAC is inconsistent with the tunnel name configured on the LNS.
  • The LNS group is incorrectly bound to the tunnel board and loopback interface.
  • The PPPoX service fails.
  • The IP address pool is incorrectly configured, and the IP address pool fails to allocate a correct IP address to the L2TP user.
  • The VPN accessed by the L2TP user is incorrectly configured.
Troubleshooting Flowchart

After L2TP is configured, it is found that L2TP users cannot get online.

The troubleshooting roadmap is as follows:

  1. Check the Layer 3 connectivity between the LAC and the LNS.
  2. Check that L2TP configurations are correct and attributes are matched.
  3. Check other features relevant to the L2TP networking.

Figure 4-160 shows the troubleshooting flowchart.

Figure 4-160 Troubleshooting flowchart for the failure of the L2TP user to get online

Troubleshooting Procedure

NOTE:
Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Procedure

  1. Check that the LAC can ping the LNS successfully.

    If the ping operation succeeds, it indicates that the Layer 3 forwarding between the LAC and the LNS is normal. Then, go to Step 2.

    If the ping operation fails, you need to check the Layer 3 connectivity between the LAC and the LNS.

  2. Check that L2TP is enabled on the LAC and the LNS.

    Run the display current-configuration | include l2tp command on the LAC and the LNS.

    If the command output shows l2tp enable, it indicates that L2TP is correctly enabled on the LAC and the LNS. In this case, go to Step 3.

    If the command output does not show l2tp enable, you need to configure the l2tp enable command to enable L2TP. After the configuration, if the fault persists, go to Step 3.

  3. Check that the L2TP group attributes of the LAC and the LNS are correctly configured.

    • On the LAC

      Run the display l2tp-group group-name command and check whether the LNS address specified by the LnsIPAddress field is the same as the actual LNS address. If they are different, run the start l2tp command to set them the same.

    • On the LNS

      Run the display l2tp-group group-name command to check the following fields.
      • Check the RemoteName field to see whether the tunnel name specified on the LNS is the same as the tunnel name specified on the LAC.
      • Check the VTNum field to see whether the bound VT is the same as the VT of the tunnel interface.
      NOTE:
      The name of the remote tunnel end, that is, remote-name, must be specified for the L2TP group (except the default L2TP group, default-lns) when the L2TP tunnel is configured on the LNS.
      If the specified remote tunnel end is inconsistent with the actual remote tunnel end, you need to run the allow l2tp virtual-template virtual-template-number remote remote-name command to make them the same.

    If the L2TP group attributes are correctly configured but the fault persists, go to Step 4.

  4. Check that the LNS group is correctly configured.

    Run the display lns-group name lns-name command on the LNS to check the Slot and Interface fields to see whether the tunnel group is bound to the tunnel board and loopback interface. If the tunnel group is not bound to the tunnel board and loopback interface, run the bind slot slot-id and the bind source interface-type interface-number commands in the LNS group view to bind them.

    If the LNS group is correctly configured but the fault persists, go to Step 5.

  5. Check that consistent tunnel authentication scheme and password are configured on the LAC and the LNS.

    Run the display l2tp-group group-name command on the LAC and the LNS to check the TunnelAuth, Tunnel aaa Auth, and RADIUS-auth fields. These fields show whether the authentication schemes of both the LAC and the LNS are the same. If these fields indicate that the authentication schemes are different, you need to set them the same. For details, refer to "L2TP Configuration" in the HUAWEI ME60 Multiservice Control Gateway Configuration Guide - User Access.

    If the tunnel authentication scheme is configured, you need to check whether the tunnel authentication passwords configured on the LAC and the LNS are the same. If they are different, run the tunnel password { simple | cipher } password command to set the same password.

    NOTE:

    The tunnel authentication request can be initiated by the LAC or the LNS. As long as one end is enabled with tunnel authentication, the authentication is performed in the tunnel setup process. The tunnel can be set up only if the passwords of both ends are the same and not vacant.

    If the authentication schemes and passwords are the same on both tunnel ends but the fault persists, go to Step 6.

  6. Check that strict tunnel authentication is configured for the LAC, and the remote tunnel name configured on the LAC is consistent with the tunnel name configured on the LNS.

    Run the display l2tp-group group-name command on the LAC. If Use tunnel authentication strict is displayed in the TunnelAuth field, strict tunnel authentication is configured for the LAC.

    • If strict tunnel authentication is used, check that the remote tunnel name configured on the LAC is consistent with the tunnel name configured on the LNS.
      • If they are inconsistent, run the start l2tp [ ip ip-address [ weight lns-weight ] ] & <1-8> command on the LAC and run the tunnel name tunnel-name command on the LNS to change the remote tunnel name on the LAC and the tunnel name on the LNS to be consistent.
      • If they are consistent, go to Step 7.
    • If strict tunnel authentication is not configured, go to Step 7.
  7. Check that the PPPoX service is normal.

    For details, refer to "Troubleshooting PPPoX" in the HUAWEI ME60 Multiservice Control Gateway Troubleshooting - User Access.

    If the PPPoX service is normal but the fault persists, go to Step 7.

  8. Check that the L2TP user is assigned an IP address.

    If the user is not assigned an IP address, you need to correctly configure the IP address pool on the LNS. For details, refer to "Locating the Fault that a Client Fails to Obtain an IP Address" in the HUAWEI ME60 Multiservice Control Gateway Troubleshooting - User Access

    If the user is assigned a correct IP address but the fault persists, go to Step 8.

  9. Check that the VPN instance is correctly configured.

    If the L2TP user accesses the VPN, run the display current-configuration command to check the following:

    • Check whether the VPN instance is configured with the RD.

    • Check whether the interface connecting to the enterprise is bound to a VPN instance.

    • Check whether the domain is bound to the VPN instance.

    • Check whether the IP address pool is bound to the VPN instance.

    If the VPN instance is correctly configured but the fault persists, go to Step 9.

  10. Collect the following information and contact Huawei technical support personnel.

    • Results of the preceding troubleshooting procedure
    • Configuration files, log files, and alarm files of the devices

Relevant Alarms and Logs

Relevant Alarms

BRASL2TP_1.3.6.1.4.1.2011.5.25.40.3.2.2.0.1 hwL2tpTunnelUpOrDown

Relevant Logs

None.

L2TP IPv6 Users Cannot Get Online

This section describes the troubleshooting flowchart and provides a step-by-step troubleshooting procedure for the fault that an L2TP user cannot get online when the user attempts to access the IPv6 network.

Common Causes

This fault is commonly caused by one of the following:

  • GTL was not enabled.
  • L2TP was not enabled globally.
  • L2TP tunnels or sessions cannot be established.
  • The IPv6 function is not globally enabled.
  • The address allocation mode is not correctly configured.
  • The DUID function is not configured when addresses are allocated in DHCPv6 mode.
  • The IPv6 function is disabled on the source interface of the L2TP tunnel on the LNS.
  • The IPv6 address pool is not configured or incorrectly configured.
Troubleshooting Flowchart

This section describes the troubleshooting flowchart for the fault that an L2TP user cannot obtain an IPv6 address and cannot get online when the user attempts to access the IPv6 network.

The troubleshooting roadmap is as follows:

  • Check that both L2TP tunnels and sessions can be properly established.
  • Check that an IPv6 address pool has been correctly configured.
  • Check that other IPv6-related information has been correctly configured.

Figure 4-161 shows the troubleshooting flowchart.

Figure 4-161 Troubleshooting flowchart for the fault that L2TP IPv6 users cannot get online

Troubleshooting Procedure

Before performing the following steps, you can refer to Common Causes for Failing to Get Online and correct the fault according to prompts displayed by the device.

NOTE:
Saving the results of each troubleshooting step is recommended. If your troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.
NOTE:

Before performing the following steps, ensure that GTL is enabled, and L2TP is enabled globally.

Procedure

  1. Check that both L2TP tunnels and sessions can be properly established.

    Run the test l2tp-tunnel l2tp-group group-name ip-address ip-address command in the user view to check whether L2TP tunnels and sessions can be properly established.

    • If Test L2TP tunnel connectivity success is displayed, L2TP tunnels and sessions can be properly established. Go to step 2.
    • If Test L2TP tunnel connectivity fail is displayed, L2TP tunnels or sessions cannot be properly established. Refer to the section about the failure of L2TP users to get online.

  2. Check that the IPv6 function is globally enabled.

    Run the display current-configuration command on the LNS to check whether the IPv6 function is globally enabled.

    • If the IPv6 function is globally enabled, go to step 3.
    • If the IPv6 function is not globally enabled, globally enable the IPv6 function. If the fault persists, go to step 3.

  3. Check that the IPv6 function is enabled on the source interface of the L2TP tunnel on the LNS.

    Run the display this command in the interface view to check whether the IPv6 function is enabled and whether the IPv6 link-local address has been configured.

    • If the IPv6 function is enabled and the IPv6 link-local address has been configured, go to step 4.
    • If the IPv6 function is disabled, run the ipv6 enable command to enable the IPv6 function, and then run the ipv6 address auto link-local command to configure the IPv6 link-local address.

  4. Check that an IPv6 address pool has been correctly configured.

    Check whether the corresponding IPv6 prefix pool and address pool have been configured, and whether the domain is associated with the IPv6 address pool. If VPNs have been configured, ensure that the VPN configured for the domain and the VPN configured for the IPv6 address pool are the same.

    • If the IPv6 address pool has been correctly configured, go to step 5.
    • If the IPv6 address pool is incorrectly configured, modify the address pool configuration information.

  5. Check that the address allocation mode and DUID have been correctly configured, including whether the configuration is necessary.

    The address allocation mode of an L2TP user is configured in the domain view. If IPv6 addresses are obtained through the DHCPv6 protocol, the address allocation mode and DHCPv6 DUID must be configured; otherwise, they do not need to be configured.

    Run the display this command in the domain view to check whether the address allocation mode value has been correctly configured. If ipv6 nd autoconfig managed-address-flag is displayed, the address allocation mode has been configured.

    Run the display this command in the system view to check whether the DUID function has been correctly configured. If dhcpv6 duid duid-value is displayed, the DUID function has been configured.

    • If the M value and the DUID function have been correctly configured, go to step 6.
    • If the configuration is incorrect, correctly configure the M value and the DUID function.

  6. Collect the following information and contact Huawei technical support personnel.

    • Results of the preceding troubleshooting procedure
    • Configuration files, log files, and alarm files of the devices

Relevant Alarms and Logs

Relevant Alarms

BRASL2TP_1.3.6.1.4.1.2011.5.25.40.3.2.2.0.1 hwL2tpTunnelUpOrDown

Relevant Logs

None.

\

IPv6 L2TP Access Troubleshooting

This section describes the notes about configuring L2TP access, and provides the L2TP access troubleshooting flowchart and the troubleshooting procedure in a typical L2TP access networking.

Typical Networking

Figure 4-162 shows the typical networking of L2TP access. L2TP access troubleshooting is based on this networking.

Figure 4-162 Typical networking diagram of L2TP access

As shown in Figure 4-162:

  • The ME60 functions as an L2TP Access Concentrator (LAC) or L2TP network server (LNS).

  • The client is connected to the LAC through an access network.

  • The ME60 is connected to the RADIUS server to implement authentication and accounting for the user.

The user accesses the LAC in L2TP mode. The LNS assigns an IPv6 address to the user and manages the user.

Troubleshooting Flowchart

On the network shown in Typical Networking, after an L2TP server is configured, the user cannot get online. You can locate the fault based on the following troubleshooting flowchart.

Figure 4-163 Troubleshooting flowchart of L2TP access

Troubleshooting Procedure

Procedure

  1. Check that the configuration of the interface connecting the server to the client is correct.

    Run the display this command in the interface view to check whether the configuration of the interface is correct. For the correct interface configuration, refer to the chapter "Configuring the IPv6 Access Service" in the Configuration Guide - BRAS.

    • If the interface configuration is incorrect, you need to modify the interface configuration to be correct. For details, refer to the chapter "Configuring the IPv6 Access Service" in the Configuration Guide - BRAS.
    • If the interface configuration is correct, go to Step 2.

  2. Check that there are reachable routes between the LAC and LNS.

    Ping the LNS from the LAC to check whether the ping operation succeeds.

    • If the ping succeeds, it indicates that there are reachable routes between them.
    • If the ping fails, it indicates that there are no reachable routes between them. In this case, you need to ensure that there are reachable routes between them.

  3. Check that L2TP is enabled on the LAC and the LNS.

    Run the display this command in the system views of the LAC and the LNS to check whether L2TP is enabled.

    • If l2tp enable is not displayed in the command output, it indicates that L2TP is not enabled on the LAC or the LNS. You need to run the l2tp enable command in the system views of the LAC and the LNS to enable L2TP.
    • If L2TP is enabled, go to 4.

  4. Check that the L2TP group of the LAC and attributes of the L2TP group are correctly configured.

    Run the display this command in the L2TP group view of the LAC to check whether the LNS address configured in the L2TP group is consistent with the address configured on the LNS.

    • If they are inconsistent, run the start l2tp { ip ip-address [ weight lns-weight | preference preference | remote lns-name | identifier-name identifier-name ] * } &<1-8> command in the L2TP group view of the LAC to configure an LNS address to be consistent with the address configured on the LNS.
    • If they are consistent, go to Step 5.

  5. Check that the L2TP group of the LNS and attributes of the L2TP group are correctly configured.

    Run the display this command in the L2TP group view of the LNS to check whether the configured tunnel name and VT are correct.

    • If they are incorrect, run the allow l2tp virtual-template virtual-template-number remote lac-name command to configure a correct tunnel name and a VT. Ensure that the tunnel name configured on the LNS is the same as that configured on the LAC.
    • If they are correct, go to Step 6.

  6. Check that the LAC and the LNS are configured with the same tunnel authentication mode and authentication password.

    Run the display this command in the L2TP group views of the LAC and the LNS to check whether they are configured with the same tunnel authentication mode and authentication password.

    If they are configured with different authentication modes or authentication passwords, modify the configuration of one end to be the same as the configuration of the other end.

    If the client still cannot obtain an IPv6 address, contact Huawei technical personnel.

An L2TP User Fails to Go Online on the Slave Device

This section provides the troubleshooting flowchart and procedure for the fault that when an L2TP user attempts to go online but fails after data is backed up on the slave device.

Common Causes

This fault is commonly caused by one of the following:

  • The RBPs bound to interfaces on the master and slave devices are not the same.
  • User entries of the MPU and LPU on the slave device are not associated.
Troubleshooting Flowchart

A user attempts to go online but fails after data is backed up on the slave device.

The troubleshooting roadmap is as follows:

  • Check whether backup-ids of the RBP bound to interfaces on the master and slave devices are the same.
  • Check whether L2TP configurations on the slave device are the same with those on the master device.
  • Check whether user entries of the MPU and LPU on the slave device are associated.
Troubleshooting Procedure

Before performing the following steps, users can check the Common Causes for Failure in Going Online to correct the fault according to the prompts.

NOTE:
Saving the results of each troubleshooting step is recommended. If troubleshooting fails to correct the fault, you will have a record of your actions to provide Huawei technical support personnel.

Procedure

  1. Check whether the RBP is bound to BAS interfaces on the master and slave devices.

    Run the display remote-backup-profile command to check whether the RBP is configured at BAS interfaces.

    • If yes, go to Step 2.
    • If no, run the remote-backup-profile command to configure the RBP at BAS interfaces in the BAS interface view. If the fault is not corrected, go to Step 2.

  2. Check whether backup-ids of the RBP bound to interfaces on the master and slave devices are the same.

    Run the display remote-backup-profile command to check whether backup-ids of the RBP bound to interfaces on the master and slave devices are the same.

    • If yes, go to Step 3.
    • If no, run the backup-id backup-id remote-backup-service name command to configure the two devices with the same backup-id in the RBP view. If the fault is not corrected, go to Step 3.

  3. Check whether L2TP configurations on the slave device and those on the master device are the same.

    • If no, modify L2TP configurations on the slave device to be the same with those on the master device. See L2TP Users Fail to Go Online for detailed troubleshooting methods.
    • If yes, go to Step 4.

  4. Check whether entries of the MPU and LPU on the slave device are associated.

    Run the display l2tp tunnel command to view the Sessions.

    • If the Sessions value is 0, go to Step 5.
    • If the Sessions value is not 0, run the display l2tp session lac command to view the information.
      1. If user information is displayed, the fault is corrected.
      2. If no user information is displayed, entries of the MPU and LPU are not associated. In this case, go to Step 5.

  5. Collect the following information and contact Huawei technical support personnel.

    • Results of the preceding troubleshooting procedure;
    • Configuration files, log files, and alarm files of the devices.

Alarms and Logs

Alarms

BRASL2TP_1.3.6.1.4.1.2011.5.25.40.3.2.2.0.1 hwL2tpTunnelUpOrDown

Logs

None

Translation
Download
Updated: 2019-06-11

Document ID: EDOC1000175918

Views: 13818

Downloads: 257

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next