FAQ- Why Is The Alarm of “Illegal PPPoE SERVER (FE port 7 VLAN 126 MAC 0090-d07f-0deb)” Prompted at Release R007

Publication Date:  2012-07-27 Views:  75 Downloads:  0
Issue Description
Version: MA5200 MA2.10-71xx
In the alarm information, there is one piece of
"
illegal PPPoE SERVER(FE port 7 VLAN 126 MAC 0090-d07f-0deb)"
Alarm Information

Illegal PPPoE SERVER(FE port 7 VLAN 126 MAC 0090-d07f-0deb)

Handling Process

Disadvantages of illegal PPPOE SERVER: if one network contains multiple PPPOE SERVER, the user could receive multiple PADO echoes after it transmits PADI packets; the user will select one as server (it is usually the one responding first), so illegal PPPOE SERVER on network will fail the authentication of users’, even theft of a bulk of usernames and passwords. Once a user passes DISCOVERY stage, it will be authenticated for username and password, so if it is PAP authentication, username and password will be decoded.

 

Solution: Locate the user according to the alarm, and disable PPPOE service.

There is an exception; that is, the MAC of illegal PPPOE server in alarm is the one of MA5200F. This indicates that the packet transmitted by it to detect illegal PPPOE server has been received by itself, meaning that layer 2 network contains a loop. Thus, check the layer 2 network and remove the loop.
Root Cause

MA5200F R7 is able to detect the illegal PPPOE server. That is, MA5200 could emulate an user to transmit PADI packet outward. If a user uses illegal PPPOE server, it will echo PADO packets to MA5200; once MA5200 receives the response for PADI packet that it has transmitted, it ascertains there is illegal PPPOE SERVER; at the same time, it prompts “illegal PPPoE SERVER(FE port x VLAN y MAC HH-HH-HH)”, indicating that the illegal server locates at vlan y of port-x, with HH-HH-HH as user’s MAC.

END