How to deal with that MA5200F users cannot access network

Publication Date:  2012-07-27 Views:  129 Downloads:  0
Issue Description
A company feedbacks that the services attached to MA5200F is abnormal, and users cannot access network. Log in to the equipment at site, a great deal of alarm information of accounting failure is found on it.

Version: MA5200 MA2.10-7145 (independent of releases)


Alarm Information
The alarm information is as follows (abstract of alarm information; other alarm information is similar, with user name diversity only):
% [06/30/2005 08:09:12-] AAA-5-02041000:  dx_hf_fc_MA5200F-vlan-19-0087@huaba   
% [06/30/2005 08:09:12-] AAA-5-02041000:  dx_hf_f050630080912ecfc602000035      
% [06/30/2005 08:09:12-] AAA-5-02041002:  dx_hf_fc_MA5200F-vlan-19-0087@huaba  
% [06/30/2005 08:09:12-] AAA-5-02041002:  dx_hf_f050630080912ecfc602000035 

Handling Process

1. Dispaly local accounting information
[MA5200F]display local-accounting bill-info                             
  Bills:              4925    Void-No:            0                            
  Max-Volume:       4945
    Alarm-Threshold: 75%(3709)                         
  Bill-Size:         208    Locked:               No                           
  Bills-Backed:    14978    Void-Blocks:          0                            
  WPtr-BlockNo:       11    WPtr-BillNo:        1118                           
  Read-BlockNo:        0    Read-BillNo:           0                           
  Total-Blocks:       56    Bad-Blocks:            0                           
  Block-Volume:     1260    Alarm-Threshold:   75%(42)  

2.In AAA mode of MA5200F, revise the local authentication and local accounting of the users to local authentication and non-accounting, and they could come online normally. By test, services are normal then.


Root Cause
Execute the display accessuser command to check online users. It is found that the users under”guanli” domain are normal, but others under the other domains are not online. Check the configurations of MA5200F, and it is found that the domain named guanli on MA5200F uses local authentication and non-accounting, but the other domains use local authentication and local accounting. Check the local bill pool of FLASH, and it is found full, resulting in failure of local accounting, and even in that users using local accounting cannot come online.

Currently, net-bar users and leased line uses employ monthly fee mode, so it is suggested to configure uses attached to MA5200F to local authentication and non-accounting, which simplifies the configurations and reduces the authentication steps, avoiding the generation of futile bills and lightening the load of CPU.