The AR28 functions as L2TP Network Server (LNS) and other manufacturer's BAS functions as L2TP Access Concentrator (LAC). The Radius distributes authentication attributes. The LNS uses Radius. After the user dials up, it prompts that the username and password are incorrect. The tunnel and session are set up during debugging. The PPP process cannot be displayed. Change the Radius to local authentication. There is no PPP process.
1. Check the debugging information. The username and domain name are correct. The tunnel and session are set up normally. According to the L2TP procedure, the PPP session should be performed; however, there is no information when debugging.
2. Compare debug packets and the configuration on the device. When the user dials up, the tunnel name at the LAC side is l2tp-host, and l2tp-group used by the authentication domain specifies the remote tunnel name as jkl.jdz. L2TP-group 1 is configured on the device. When the remote tunnel name is not specified, the tunnel name sent by the LAC is not in the specified range. Then the tunnel name is sent to L2TP-group 1 for authentication. The specified VT1 of L2TP-group 1 is not configured on the device. That is, the tunnel name is processed by L2TP-group 1, but no session is set up with the VT. The username and password are displayed incorrect at the dialup side.
3. Change the tunnel name distributed by the Radius. Then the problem is solved. The user can access network.
For details, refer to the attachment.
1. When the user dials up, the domain is incorrect. As a result, the authentication fails.
2. The user account and password are incorrect.
3. There is no correct virtual template (VT) for the PPP session.
During the check of L2TP dialup, after the tunnel and session are set up, username cannot be authenticated, and there is no information about the PPP session during debugging, check in which L2TP-group the tunnel is and whether the VT is set correctly.