No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

An L2TP User's Dial-up Access Fails Due to an Attribute Configured by RADIUS

Publication Date:  2012-07-27  |   Views:  3  |   Downloads:  0  |   Author:  SU1001733820  |   Document ID:  EKB0000399856


Issue Description

1. Version
The version of AR28-09 is VRP340-R0202P02.
2. Networking
The L2TP users attached to AR28-09 cannot access the network through dial-up after the RADIUS server is replaced. 

Alarm Information


Handling Process

1. The engineer only replaces the RADIUS server without making any modification. Therefore, the access failure cannot be related to the configuration.
2. Run the debugging radius packet command to collect information.
RADIUS packet:
receive radius packet from
code=2 id=43 length=32
8c ed e7 38 8e ad 6a d0
a5 cd 66 42 d5 17 e7 f6
attribute(6)(User-Service): 0x2
attribute(27)(Session-TimeOut): 0x20c49c
According to the preceding information, the session-timeout attribute is configured on the RADIUS server for this user, with the value set to 27 days. After receiving this field sent by the RADIUS server, AR28-09 should create a timer. The 27-day timer, however, falls beyond the scope of timers that AR28-09 supports. Because AR28-09 adopts 32-bit CPUs, it supports only the value equal to or smaller than 24, which cannot be modified in software. The value of session-timeout falls beyond the permitted scope, leading to the failure in timer creation. As a result, the user gets connected and then immediately disconnected, hence the failure of dial-up access.
3. Set session-timeout to a value equal to or smaller than 24 days for the user on the RADIUS server. After this operation, the dial-up access succeeds. 

Root Cause

1. Problem related to the configuration of AR28-09
2. Problem related to RADIUS settings