Country S IPS J has two ME60 work as LAC and LNS for its l2tp service. the version for both devices are V100R006C05SPC600. LAC configured two different l2tp-group but with the same tunnel name. one is binded with eth-trunk0, and another is binded with loopback20. LNS configured only 1 l2tp-group. when test user test1 try to establish connection from LAC to LNS via eth-trunk0, the tunnel is established and everything is ok. Keep this test1 online, and user test2 try to establish connection from loopback20, the user also can connect, but when use command "display l2tp tunnel" check l2tp information, found test2 were not carried on another tunnel but connect with LNS via the same tunnel which carries test1.
1. l2tp-group for test2 and l2tp-group for test1 have the same configuration(same tunnel name but different port ip address), should work fine. and when problem happen, test2 still can acess but just on wrong tunnel, so the configuration mistake could be excluded.
2. in lab we reshow the problem, change both port eth-trunk or both port loopback, the situation is the same. so the l2tp mechanism for eth-trunk and loopback are different is excluded.
3. while we do the test, we found when we make test2 access first, the tunnel for test2 can be built correctly, but after keeping test2 online and try test1, test1 will be carried on the same tunnel of test2. And when we try test1(or test2) first, then make this user offline, wait for several minutes(tunnel break down time), then make another user online, two user can be carried on different tunnels successfully.
4. based on the test phenomenon, we assume the problem is because when LAC send tunnel establishment request to LNS, LNS will build tunnel based on tunnel name information in the request packet but not the source port information. so when test1 user established tunnel, and test2 request the same tunnel name. LNS will treat them as users which should be carried on the same tunnel.
5. configure the two l2tp-group different tunnel-names, configure LNS two l2tp-group, each corresponds one l2tp-group on LAC, test again, the problem solved.
There are several possible reason for this problem:
1. l2tp-group for test2 were not configured correctly.
2. ME60 l2tp mechanism for eth-trunk and loopback are different.
3. other reason, need to analyze further and deeper.