Figure 9: Lockout States - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - BROADBAND ACCESS CONFIGURATION GUIDE 2010-10-12 Configuration Manual

JunosE 11.3.x Broadband Access Configuration Guide
366
only after successful completion of the lockout test. Therefore, if lockout testing is
enabled, the destination is actually locked out longer than the lockout timer you specify.
NOTE: Always configure the lockout timeout to be shorter than the destruct
timeout. The destruct timeout (as described in "Specifying a Destruct Timeout
for L2TP Tunnels and Sessions" on page 346) overrides the lockout
timeout—when the destruct timeout expires, all information about the locked
out destination is deleted, including the time remaining on the destination's
lockout timeout and the requirement to run a lockout test prior to returning
the destination to service. As a result, the locked out destination might be
returned to service prior to expiration of your configured lockout timeout and
without completion of the lockout test you specified.
Figure 9 on page 366 shows how locked-out destinations transition from a locked-out
state to available status when using the default lockout configuration, a configuration
that includes a modified lockout timer, and a configuration with both a modified timer
and the lockout test.

Figure 9: Lockout States

You can use the following commands to manage L2TP destination lockout and configure
a lockout process that meets the needs of your network environment:
Use the l2tp destination lockout-timeout command to modify the default lockout
timeout period.
Use the l2tp destination lockout-test command to configure L2TP to perform a lockout
test, which verifies that a currently locked out destination is now available and to
include it in the selection algorithm.
Use the l2tp unlock destination command to force L2TP to immediately unlock the
specified locked out destination; the destination is then considered to be available by
the selection algorithm. L2TP disregards any time remaining in the existing lockout
timeout and also disregards the lockout test (if configured).
Use the l2tp unlock-test destination command to force L2TP to immediately begin
the lockout testing procedure for the specified destination; any time remaining in the
existing lockout timeout is not taken into account.
Use the show l2tp and show l2tp destination lockout commands to view information
about the L2TP configuration and statistics.
Copyright © 2010, Juniper Networks, Inc.