JUNOSe 11.1.x Broadband Access Configuration Guide
Verifying That a Locked-Out Destination Is Available
You can use the l2tp destination lockout-test command to configure L2TP to test
locked-out destinations; this verifies that a previously locked-out destination is
available before the router changes the destination's status.
Configuring a Lockout Timeout
You use the l2tp destination lockout-timeout command to configure the amount
of time (in seconds) between when an L2TP destination is found to be unavailable
and when it is eligible for unlocking. When the timeout period expires, L2TP either
begins the lockout test procedure (if configured to do so) or immediately returns the
destination to available state.
BEST PRACTICE: Always configure the lockout timeout to be shorter than the destruct
timeout. The destruct timeout (as described in "Specifying a Destruct Timeout for
L2TP Tunnels and Sessions" on page 345) overrides the lockout timeout when the
destruct timeout expires, all information about the locked out destination is deleted,
including the time remaining on the destination's lockout timeout and the requirement
to run a lockout test prior to returning the destination to service.
You can specify a lockout timeout in the range 60–3600 seconds (1 minute–1 hour).
The router uses a timeout value of 300 seconds by default.
Unlocking a Destination that is Currently Locked Out
You use the l2tp unlock destination command to force L2TP to immediately unlock
the specified L2TP destination, which is currently locked out and unavailable. L2TP
then considers the destination to be available. Any remaining lockout time and the
lockout test setting (if configured) are not taken into account.
You must be at privilege level 10 or higher to use this command.
368
Verifying That a Locked-Out Destination Is Available
To verify the availability of locked out destinations:
host1(config)#l2tp destination lockout-test
To configure an L2TP lockout timeout:
host1(config)#l2tp destination lockout-timeout 500
The new lockout timeout only affects future locked-out destinations; it does not
affect destinations that are currently locked out.
To unlock a currently locked-out destination:
host1(config)#l2tp unlock destination ip 192.168.1.98