No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Dial-up Users Whose IP Addresses Were Allocated Through RADIUS Failed to Access the Internet

Publication Date:  2013-09-25 Views:  38 Downloads:  0
Issue Description
After a service cutover, all ports were allocated with IP addresses.
PPPoE users can access the Internet, whereas Internet cafe users, whose IP addresses were allocated through RADIUS, failed to access the Internet. The Internet cafe users can be pinged from ME60 and the gateway.
ME60: V100R005C02B01B
+
SP12
This problem was related to the VRP5.30 platform.
Handling Process

Huawei completed the following steps to diagnose the problem:

1. Checked whether the PCs (dial-up users) in the Internet cafe obtained IP addresses and DNS parameters. The IP addresses were 222.xxx.95.45. DNS parameters were obtained. The upstream interface on the ME60 can be also pinged.
  [SN_BAS]dis access-user username syd5741092
  --------------------------------------------------------------------------
  UserID  Username                Interface      IP address       MAC
  --------------------------------------------------------------------------
  64163   syd5741092              GE3/0/2.4      222.xxx.95.45    00e0-4cc2-6a2e

2. Checked whether the IP addresses allocated to the PCs were filtered out by antivirus software or other ACLs. The IP addresses were valid.
3. Checked whether the routes of these IP addresses were advertised on the network.
I. Issued dis ip rou pro unr. The routes for 222.xxx.95.45 were not found. However, the routes for the IP addresses of PPPoE users existed.
II. Issued dis ospf lsdb ase 222.xxx.95.45. The routes for 222.xxx.95.45 were neither found in the OSPF LSDBs.
4. Issued dis ip rou 222.xxx.95.45 to check whether 222.xxx.95.45 was user network routes (UNRs).
These IP addresses were direct routes, which were not imported into the OSPF.

SN_BAS] dis ip routing-table 222.xxx.95.45
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
  222.xxx.95.52/32  Direct 0    0           D  222.xxx.95.45  GigabitEthernet3/0/2.4
 
5. Rectified device configurations to imported direct routes into the OSPF. The cafe users can access the Internet.
The OSPF LSDBs also contained LSA items.
  dis ospf lsdb ase 222.xxx.95.45
         OSPF Process 99 with Router ID 218.xxx.193.28
                 Link State Database
    Type      : External
    Ls id     : 222.xxx.95.45
    Adv rtr   : 218.xxx.193.28  
    Ls age    : 147 
    Len       : 36 
    Options   :  E  
    seq#      : 80000010 
    chksum    : 0x3a23
    Net mask  : 255.255.255.255 
    TOS 0  Metric: 1 
    E type    : 2
    Forwarding Address : 0.0.0.0 
    Tag       : 1
Root Cause
Address pools were not configured locally and the IP addresses allocated through RADIUS were not advertised.
Solution
Import direct routes into the OSPF.
Suggestions
If IP addresses of dial-up users are allocated through RADIUS and UNRs are advertised through a dynamic routing protocol, ensure that direct routes are imported into the protocol.
In other cases, do not import direct routes.

END