Error Messages

This section introduces some of the more commonly seen error messages and explains their meanings and their resolutions. These messages can be seen if VPDN logging is enabled.

Example 2-132 shows how to enable VPDN logging.

Example 2-132. Enabling VPDN logging

LODI_NAS1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
LODI_NAS1(config)#vpdn logging
LODI_NAS1(config)#exit
LODI_NAS1#

Note that VPDN logging is enabled by default.

%VPDN-6-AUTHENERR Error Message

This error indicates that the NAS or Home Gateway was not able to connect to an AAA server to authenticate a user or tunnel. This may indicate misconfiguration of AAA parameters on the NAS/Home Gateway, a problem with connectivity between the NAS/Home Gateway and the AAA server, or even that the AAA server is offline.

To resolve this issue, check the AAA configuration on the NAS/Home Gateway, ensure connectivity with the AAA server using ping and traceroute, and ensure that the AAA server is online.

%VPDN-6-AUTHENFAIL Error Message

This error indicates that authentication has failed for a user or tunnel on the NAS or Home Gateway.

In this case, you should ensure that the remote access client's domain name or DNIS corresponds to a tunnel configuration/definition on the NAS or AAA server. Additionally, verify tunnel authentication using the debug vpdn events command.

If tunnel authentication fails, check that tunnel passwords are correctly configured.

%VPDN-6-AUTHORERR Error Message

This error means that authorization has produced an error condition for the user or tunnel in question. This indicates that the AAA server is not able to be contacted by the NAS/Home Gateway.

Once again, examine the AAA configuration on the NAS/Home Gateway to ensure that it is correct. Also ensure that there is connectivity between the AAA server and the NAS/Home Gateway using ping and traceroute.

%VPDN-6-AUTHORFAIL Error Message

This indicates that authorization for the user or tunnel has failed on the NAS or Home Gateway.

Check the AAA configuration on the NAS/Home Gateway, as well as the configuration of the AAA server.

%VPDN-6-CLOSED Error Message

This message is generic in nature and indicates simply that an L2F_CLOSE message has been received on either the NAS or Home Gateway. The L2F_WHY suboption might be listed, together with the L2F_CLOSE_STR. These two suboptions might indicate the reason for the close. See Table 2-2 for L2F_CLOSE reason codes.

It might be useful to examine the output of the debug vpdn l2x-events, debug vpdn l2x-error, and debug ppp negotiation on the NAS or Home Gateway. Also examine the output of the show vpdn history failure command.

Possible reasons for tunnel closure include tunnel authentication failure, insufficient resources on the NAS/Home Gateway, or termination of the connection by the client.

%VPDN-6-MAX_SESS_EXCD Error Message

This message shows that the maximum number of sessions permissible in a tunnel has been exceeded. This session maximum is configurable using the vpdn session-limit command.

To remedy this error, examine the configuration, and either remove the session limit or adjust it upward.

%VPDN-4-MIDERROR Error Message

This error is generic, and it indicates that there is a configuration or resource issue on the Home Gateway. You should check the configuration of the Home Gateway to ensure that it is correct.

%VPDN-5-NOIDB Error Message

The NOIDB error can be seen on the Home Gateway when it has no more Interface Data Blocks (IDBs) with which to terminate tunnel sessions.

IDBs contain data such as addressing and statistics associated with an interface. One is allocated to every physical interface, subinterface, and, importantly in this case, virtual interface associated with an L2F session.

The number of IDBs available depends on the hardware platform. As of Cisco IOS 12.2, for 2500 series access servers, there are 300 IDBs available; for 3620s and 3640s, 800 IDBs; for AS5300s, 800 IDBs; and for AS5800s, there are 2048 IDBs.

To resolve this issue, you should contact Cisco Technical Assistance Center (TAC).

%VPDN-3-NORESOURCE Error Message

This error indicates that the NAS or the Home Gateway is out of resources needed either to forward or to terminate a user session or tunnel. Contact Cisco TAC to resolve this issue.

%VPDN-4-REFUSED Error Message

If you see this error, it means that the Home Gateway has refused to terminate a L2F session. You should examine the Home Gateway's configuration to ensure that it is correct.

%VPDN-6-RESIZE Error Message

This indicates that the MID table size has been altered on the NAS or Home Gateway. Examine your configurations to ensure that they are correct.

%VPDN-6-SOFTSHUT Error Message

This message tells you that the vpdn softshut command has been configured on the NAS or Home Gateway. This command allows L2F sessions to be gracefully terminated, while not allowing any new session to be established.

To resolve this, you should examine the configuration of the NAS or Home Gateway and remove this command (no vpdn softshut).

%VPDN-6-TIMEOUT Error Message

You will see this error message if the user session within the tunnel has timed out. This can be because of either PPP negotiation failing or the absolute timeout for the session expiring. This timeout is used to close user sessions if there is no user activity.

%VPDN-5-UNREACH Error Message

This error is seen on the NAS if it fails to establish connectivity to the Home Gateway. This is seen when either IP or L2F connectivity cannot be established.

Examine the NAS's configuration to ensure that the IP address of the Home Gateway is configured correctly (initiate-to ip).

%VPDN-6-DOWN Error Message

This message is displayed when a tunnel connection has been terminated by the Home Gateway.

Use the debug vpdn l2x-events and debug vpdn l2x-error commands to examine the L2F_CLOSE_WHY and L2F_CLOSE_STR fields of the L2F_CLOSE message. The cause codes contained within the L2F_CLOSE_WHY suboption can be found in Table 2-3. Also examine the output of the show vpdn history failure command. Resolution of this issue will depend on the cause of the close.