The version of AR28-09 is VRP340-R0202P02.
The L2TP users attached to AR28-09 cannot access the network through dial-up after the RADIUS server is replaced.
1. The engineer only replaces the RADIUS server without making any modification. Therefore, the access failure cannot be related to the configuration.
2. Run the debugging radius packet command to collect information.
receive radius packet from 172.31.4.1:1645
code=2 id=43 length=32
8c ed e7 38 8e ad 6a d0
a5 cd 66 42 d5 17 e7 f6
According to the preceding information, the session-timeout attribute is configured on the RADIUS server for this user, with the value set to 27 days. After receiving this field sent by the RADIUS server, AR28-09 should create a timer. The 27-day timer, however, falls beyond the scope of timers that AR28-09 supports. Because AR28-09 adopts 32-bit CPUs, it supports only the value equal to or smaller than 24, which cannot be modified in software. The value of session-timeout falls beyond the permitted scope, leading to the failure in timer creation. As a result, the user gets connected and then immediately disconnected, hence the failure of dial-up access.
3. Set session-timeout to a value equal to or smaller than 24 days for the user on the RADIUS server. After this operation, the dial-up access succeeds.
1. Problem related to the configuration of AR28-09
2. Problem related to RADIUS settings