Got it

[Troubleshooting Series] Case 8 Network problem when goes through L2TP tunnel

749 0 1 0 1

Hello everyone,

Today I will tell you how to deal with the network problem when goes through L2TP tunnel.

Network Topology

Physical Network Topology

Figure 1-1 Network problem when traffic goes through L2TP  tunnel093008w9ea2mre2mmkxk7g.png


Fault Description

Customer can't ping from one side (101.1.1.1) to the other side (202.1.1.1).

Configuration Files

LAC1

#
 sysname LAC1
#
 l2tp enable
#
interface Virtual-Template1
 ppp pap local-user huawei password cipher %^%#'&=6Q(|7-#|.]EB`mK$(h7[CY`2m}-YT)Q=Oh2~2%^%#
 ip address ppp-negotiate
 l2tp-auto-client enable
#
interface GigabitEthernet1/0/0
 ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
 ip address 101.1.1.1 255.255.255.0
#
l2tp-group 1
 tunnel password cipher %@%@/-#)Lg[S4F:#2~ZNvqa$]\DL%@%@
 tunnel name lac
 start l2tp ip 172.168.1.2 fullusername huawei
#
return

LNS

#
 sysname LNS
#
l2tp enable 

ip pool 1 
gateway-list 10.1.1.1 
network 10.1.1.0 mask 255.255.255.0 

aaa 
local-user huawei password cipher %#%#_<`.CO&(:LeS/$#F\H0Qv8B]KAZja3}3q'RNx;VI%#%# 
local-user huawei service-type ppp 

interface Virtual-Template1 
ppp authentication-mode chap 
remote address pool 1 
ip address 10.1.1.1 255.255.255.0 
ospf network-type p2mp 
ospf timer hello 10 
ospf p2mp-mask-ignore 

interface GigabitEthernet1/0/0 
ip address 172.168.1.1 255.255.255.0 

interface GigabitEthernet2/0/0 
ip address 202.1.1.1 255.255.255.0 

l2tp-group 1 
allow l2tp virtual-template 1 
tunnel password cipher %@%@EB~j7Je>;@>uNr''D=J<]\WL%@%@ 
tunnel name lns 

ip route-static 101.1.1.0 255.255.255.0 Virtual-Template1 
ip route-static 303.1.1.0 255.255.255.0 Virtual-Template1 
#
return

LAC2

#  

sysname LAC2
#
 l2tp enable
#
interface Virtual-Template1
 ppp chap user huawei
 ppp chap password cipher %^%#'&=6Q(|7-#|.]EB`mK$(h7[CY`2m}-YT)Q=Oh2~2%^%#
 ip address ppp-negotiate
 l2tp-auto-client enable
#
interface GigabitEthernet1/0/0
 ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet2/0/0
 ip address 303.1.1.1 255.255.255.0
#
l2tp-group 1
 tunnel password cipher %@%@/-#)Lg[S4F:#2~ZNvqa$]\DL%@%@
 tunnel name lac2
 start l2tp ip 172.168.1.2 fullusername huawei
#
return

Troubleshooting Location

Troubleshooting Procedure

Step 1     Checking the L2TP tunnel status. If the L2TP tunnel is not established, checking the parameter of the L2TP  tunnel. Modify the error parameters.

Step 2     After checking the parameters, the L2TP  tunnel established now.

093009sbt2ybye7iz7ybuy.jpg

Step 3     Checking the routing table,  the out interface go to the LAC2 is the same virtual-template interface.

093009xemeetj2tm56m63o.jpg

Step 4     On LNS, if there only one L2TP tunnel, the users of two sites can ping each other. But if there are more than one tunnels on LNS, the packets will be dropped when go out through the Virtual-template interface. Because all the tunnel's next-hop and out-interface is the same. There's no exactly route for packet.

Soultion: Add exact static route on router, then ping works.

ip route-static 101.1.1.0 255.255.255.0 10.1.1.253
ip route-static 303.1.1.0 255.255.255.0 10.1.1.254

----End

Root Cause

Check the parameter of the L2TP tunnel.

For the traffic can't be forwarded correctly, add the static route.

 

 


  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.