TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1211

10-92

Troubleshooting

Troubleshooting the TMS zl Module in Routing Mode

Table 10-16. RADIUS Attributes Required for L2TP RADIUS Access-Accept

Messages

Note Some implementations of Microsoft Internet Authentication Service (IAS) do

not allow you to specify the Framed-IP-Address attribute; you will not see the

attribute in the list in the Advanced tab of the policy’s dial-in profile. In this

case, you can set the other two required attributes in the Advanced tab, but

you must set the address settings (if not specified in the AD user accounts) in

the IP tab. In this tab, select either:

■ Assign a static IP address and type the specific IP address that will be

assigned to the user.

■ Server must supply an IP address

This setting allows the TMS zl Module to assign IP addresses to users from

the range configured in the Network > Authentication > L2TP Users window.

• Another reason that the RADIUS server might grant the user access,

but the user still fails to connect is that the RADIUS server and the

TMS zl Module shared secrets do not match.

On IAS, reset the shared secret as follows:

i. Open IAS from the Administrative Tools.

ii. Expand Radius Clients. You should see an entry for the TMS zl

Module.

iii. Edit the entry and reset the shared secret.

Attribute Value Additional Guidelines

Service-Type Framed

Filter-ID Name of a user group on the TMS zl Module The value must match exactly a name that you

configured in “Create a User Group” on page

7-165. When a user authenticates with this

policy, the firewall access policies configured for

this group on the module will control the user’s

access.

Framed-IP-Address If each user’s account specifies an IP address

(for example in AD):

No setting necessary

If the RADIUS server assigns users’ IP

addresses:

An exact IP address

You must create a different policy for each user.

If the TMS zl Module assigns users’ IP

addresses:

255.255.255.254

Remember to configure the range of IP

addresses in the Network > Authentication >

L2TP Users window.