Questo sito utilizza cookie di profilazione (propri e di terze parti) per ottimizzare la tua esperienza online e per inviarti pubblicità in linea con le tue preferenze. Continuando a utilizzare questo sito senza modificare le tue preferenze acconsenti all’uso dei cookie. Se vuoi saperne di più o negare il consenso a tutti o ad alcuni cookie clicca qui>
The website that you are visiting also provides Arabian language. Do you wish to switch language version?
يوفر موقع الويب الذي تزوره المحتوى باللغة العربية أيضًا. هل ترغب في تبديل إصدار اللغة؟
The website that you are visiting also provides Russia language Do you wish to switch language version?
Данный сайт есть в английской версии. Желаете ли Вы перейти на английскую версию?
Some PPP users connecting to an ME60 that implemented NAT failed to dial up to go online, and the error code "691" was returned. The BAS recorded that Add nat user data fail(Syn User To CPU Fail).
About 9000 users subordinated to the NAT domain of the BAS. Some users could go online after dozens of dialup.
Version: V600R005C00SPC600. This issue is not related to version.The cause of the failure was Add nat user data fail(Syn User To CPU Fail).
This issue might be caused by:
1. RADIUS server
2. NAT license
3. NAT board performance
To address the issue, Huawei performed the following operations and observed the following information:
1. Run the dis aaa online-fail-record brief command on the BAS to obtain the failure cause. A large number of records Add nat user data fail was found. Checked the RADIUS server. No records showing that users were rejected or users failed to go online were found. Therefore, the issue was not caused by the RADIUS server.
2. Checked the NAT entries and licenses of involved boards. The NAT entries were correct and licenses were efficient.
3. Checked the NAT board performance. As the total number of NAT users on ME60 was only 9000, the NAT board was light-loaded and provided stable performance. Therefore, this issue was not caused due to poor NAT board performance.
4. Checked the NAT configurations and found that some private network addresses were not configured in the ACLs.
acl number 3000
rule 5 permit ip source 10.64.0.0 0.0.15.255
rule 10 permit ip source 10.64.16.0 0.0.7.255
acl number 3001
rule 5 permit ip source 10.64.16.0 0.0.15.255
rule 10 permit ip source 10.64.40.0 0.0.7.255
Some IP addresses in rule 5 of acl 3001 conflicted with acl 3000. This, however, did not affect user online actions. The network segment 10.64.32.0 0.0.7.255 was not configured between rule 5 and rule 10. If users obtained addresses on this network segment, NAT could not be implemented and users failed to go online.
After the NAT configurations were modified as follows, the problem was resolved.
acl number 3000
rule 5 permit ip source 10.64.0.0 0.0.7.255
rule 10 permit ip source 10.64.8.0 0.0.7.255
rule 15 permit ip source 10.64.16.0 0.0.7.255
acl number 3001
rule 5 permit ip source 10.64.24.0 0.0.7.255
rule 10 permit ip source 10.64.32.0 0.0.7.255
rule 15 permit ip source 10.64.40.0 0.0.7.255