Previous Page
Next Page

Error Messages

This section explains L2TP error messages and associated solutions. Note that these error messages are visible only if VPDN logging is enabled.

Example 4-147 shows how to enable VPDN logging.

Example 4-147. Enabling VPDN Logging
CalCity_LAC#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
CalCity_LAC(config)#vpdn logging
CalCity_LAC(config)#exit
CalCity_LAC#

Note that VPDN logging is enabled by default.

%VPDN-6-AUTHENERR

This error can be seen on either the LAC or the LNS when using remote AAA to authenticate either an L2TP tunnel or remote access client (user). It indicates that the AAA server is unreachable.

To resolve this issue, ensure that the address of the AAA server is correctly configured on the LAC/LNS. Also, ensure reachability from the LAC/LNS to the AAA server.

%VPDN-6-AUTHENFAIL

This error can be seen on either the LAC or the LNS and indicates that authentication for the remote access client (user) or tunnel has failed.

If local authentication is configured for the remote access client, check the username/password database to ensure that both username and password are correctly configured. If remote AAA is being used, check that the username and password are correctly configured on the AAA server. Finally, ensure that username and password are correctly configured on the remote access client.

In the case of tunnel authentication failure, ensure that the tunnel password is correctly configured either locally on the LAC/LNS (vpdn group group_name…..l2tp tunnel password password) or on the AAA server with the tunnel definition.

%VPDN-6-AUTHORERR

This indicates that an error has resulted on the LAC/LNS when authorizing either a L2TP tunnel or a remote access client (user). This is caused when the AAA server is unreachable.

Again, resolve this issue by examining the configuration of the LAC/LNS (ensure that the IP address/UDP port of the AAA server is correctly configured). Also, ensure that there is reachability from the LAC/LNS to the AAA server.

%VPDN-6-AUTHORFAIL

This error message indicates that authorization for the remote access client (user) or L2TP tunnel has failed.

Ensure that authorization is correctly configured on the LAC/LNS (aaa authorization…), and make sure that attributes are correctly configured on the AAA server.

%VPDN-6-CLOSED

This error indicates that an L2TP session has been disconnected by the LNS. The Result/Error codes contained within the CDN specify the cause.

Tables 4-5 and 4-6 detail L2TP result and error codes contained within CDN messages.

%VPDN-6-MAX_SESS_EXCD

This error message indicates that the maximum number of sessions in a L2TP tunnel has been exceeded. This session maximum is configurable via the vpdn session-limit command. To resolve this error, either remove the session limit or adjust it upward.

%VPDN-4-MIDERROR

This is a generic error that indicates that there is a configuration or resource issue on the LNS. Check the LNS to ensure correct configuration.

%VPDN-5-NOIDB

The NOIDB error can be seen on the LNS when it runs out of Interface Descriptor Blocks (IDBs) to terminate sessions. The IDB is a data structure associated with each physical or logical interface.

Use the show idb command to verify the maximum number of available IDBs, together with IDBs in use. The maximum number of IDBs available depends on the hardware platform and Cisco IOS version. In Cisco IOS 12.2, for 2500 series access servers, there are 300 IDBs; for 3620s and 3640s, 800 IDBs; for AS5300s, 800 IDBs; and for AS5800s, there are 2048 IDBs.

To resolve this issue, you should contact the Cisco Technical Assistance Center (TAC).

%VPDN-3-NORESOURCE

This error indicates that the LAC/LNS is out of resources needed to either forward or terminate a session or tunnel. Contact Cisco TAC to resolve this issue.

%VPDN-4-REFUSED

This error shows that the LNS has refused to terminate a session. Examine the LNS's configuration to ensure that it is correct.

%VPDN-6-SOFTSHUT

If you see this message, it indicates that VPDN softshut has been configured on the LAC/LNS. VPDN softshut allows graceful L2TP session/tunnel shutdown, by not allowing the establishment of new sessions, while at the same time allowing the existing session to terminate naturally.

To resolve this issue, use the no vpdn softshut command to disable VPDN softshut.

%VPDN-6-TIMEOUT

You will see this error if a session within the L2TP tunnel has timed out. This can be because of either PPP negotiation failure or the expiration of the timer for the session. This absolute timeout is used to close user sessions if there is no user activity.

To resolve this issue, ensure that PPP negotiation for the remote access client (user) succeeds.

%VPDN-5-UNREACH

You can see this error on the LAC/LNS if it fails to establish connectivity to the LNS/LAC.

Ensure that the IP address of the LNS is correctly configured on the LAC with the initiate-to ip command within the VPDN group. If tunnel definitions are stored on the RADIUS server, ensure that the IP address is correctly configured within the tunnel definition.

Also, ensure that there is IP connectivity between the LAC and the LNS.


Previous Page
Next Page
Three-minute dating, she explained is a variation on speed dating, also known as.