No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.

Knowledge Base

Radius certification of USG2210 failed when l2tp dialing

Publication Date:  2019-07-11  |   Views:  943  |   Downloads:  0  |   Author:  x00226184  |   Document ID:  EKB1000014696


Issue Description

Topology of user as picture bellow:

USG2210 as LNS, pc constitutes l2tp vpn through vpn client dialing, certificate with radius. Prompt username and password wrong when dialing certification, check username and password on radius server and they are correct. After change account into local certification, dialing normally.

Alarm Information


Handling Process

check the status of radius server and network connecting, effective, do dialing test on radius server, effective. It says that username and password are correct.
2、check the radius certification configuration of user
local-user maintain password simple XXX
local-user maintain level 3
local-user admin password simple XXX
local-user admin service-type web terminal telnet
local-user admin level 3
authentication-scheme default
authentication-scheme auth1
authentication-mode radius
authorization-scheme default
accounting-scheme default
domain default
domain dot1x
domain net
authentication-scheme auth1
radius-server temp
ip pool 1
Finding out that user configured a domain named net and applied radius template and certification plan, but the account used to access is in the format without domain name, and this leads to user access certification failed, change user configuration into:
domain default
authentication-scheme auth1
radius-server temp
ip pool 1
dialing normally after modify the configuration.

Root Cause

1、 radius server of user matters
2、 radius certification configuration of user firewall matters


 When configure radius certification, if username has no domain name, then the domain is the default domain, if username has domain name, it needs to configure domain name in aaa and apply radius template and certification plan in domain.