由于掩码不一致导致MA5200下PPPoE通过DHCP服务器无法获取地址的问题

发布时间:  2012-07-26 浏览次数:  61 下载次数:  0
问题描述

MA5200F下PPPoE用户配置通过MA5200F做代理从DHCP服务器获取IP地址,但测试中发现用户始终上线失败,通过相关调试信息发现用户上线失败原因是因为用户分配IP地址失败。

告警信息

* [3.4048164012-] PPPOE-8-01603000:                                            
  2005-12-6 15:57:16.900: PPPoE Event: Ethernet8, IN PADI packet                                                           
……                        
* [3.4048164012-] PPPOE-8-01603000:                                            
  2005-12-6 15:57:16.900: PPPoE Event: Ethernet8, OUT PADO packet              
……
* [3.4048164022-] PPPOE-8-01603000:                                            
  2005-12-6 15:57:16.900: PPPoE Event: Ethernet8, IN PADR packet               
……
* [3.4048164022-] PPPOE-8-01603000:                                            
  2005-12-6 15:57:16.910: PPPoE Event: Ethernet8, OUT PADS packet              
……   //以上是PPPoE Discovery阶段
* [3.4048164172-] PPP-8-01653000:                                              
  PPP Event:                                                                   
      Virtual-Template1:0 LCP RCA(Receive Config Ack)  Event                   
      state reqsent                                                            
……   //收到Config Ack,LCP阶段结束
* [3.4048164192-] PPP-8-01653000:                                              
  PPP State Change:                                                            
      Virtual-Template1:0 LCP : ackrcvd --> opened                             
* [3.4048164352-] DHCPC-8-070a3000:                                            
  [ DHCPC Recv ] : =====                                                       
  [ Xid   ]:187                                                                
  [ cmd   ]:2                                                                  
  [ Htype ]:1                                                                  
  [ Hlen  ]:6                                                                  
  [ Hops  ]:0                                                                  
  [ Secs  ]:0                                                                  
  [ Flag  ]:0                                                                  
  [ Ciadd ]:0.0.0.0                                                            
  [ Yiadd ]:221.130.87.253                                                     
  [ Siadd ]:0.0.0.0                                                            
  [ Giadd ]:221.130.87.1                                                       
  [ Chadd ]:0-d-60-8f-79-8f                                                    
  [ Sname ]:                                                                   
  [ File  ]:                                                                   
  [ Option ]:-----                                                             
  Message type:OFFER                                                           
  Subnet mask:255.255.255.255                                                  
  Server id:211.139.120.50                                                     
  Dns:211.138.200.69 211.103.13.101                                            
  leasetime:7200s                                                              
                                                                               
* [3.4048164352-] DHCPC-8-070a3000:                                            
  [ DHCPC Send ] : =====                                                       
  [ Xid   ]:187                                                                
  [ cmd   ]:1                                                                  
  [ Htype ]:1                                                                  
  [ Hlen  ]:6                                                                  
  [ Hops  ]:0                                                                  
  [ Secs  ]:0                                                                  
  [ Flag  ]:0                                                                  
  [ Ciadd ]:0.0.0.0                                                            
  [ Yiadd ]:221.130.87.253                                                     
  [ Siadd ]:0.0.0.0                                                            
  [ Giadd ]:221.130.87.1                                                       
  [ Chadd ]:0-d-60-8f-79-8f                                                    
  [ Sname ]:                                                                   
  [ File  ]:                                                                   
  [ Option ]:-----                                                             
  Message type:REQUEST                                                         
  Request ip:221.130.87.253                                                    
  Server id:211.139.120.50                                                     
  leasetime:7200s                                                              
                                                                               
* [3.4048164392-] DHCR-8-07093000:                                             
  [ DHCPR Recv from server ] : =====                                           
  [ Xid   ]:187                                                                
  [ cmd   ]:2                                                                  
  [ Htype ]:1                                                                  
  [ Hlen  ]:6                                                                  
  [ Hops  ]:0                                                                  
  [ Secs  ]:0                                                                  
  [ Flag  ]:0                                                                  
  [ Ciadd ]:0.0.0.0                                                            
  [ Yiadd ]:221.130.87.253                                                     
  [ Siadd ]:0.0.0.0                                                            
  [ Giadd ]:221.130.87.1                                                       
  [ Sname ]:                                                                   
  [ File  ]:                                                                   
  [ Option ]:-----                                                             
  Message type:ACK                                                             
  Subnet mask:255.255.255.255       //注意这里掩码为32位                                           
  Server id:211.139.120.50                                                     
  Dns:211.138.200.69 211.103.13.101                                            
  leasetime:7200s                                                              
                                                                               
……      //以上是MA5200代理PPPoE用户向DHCP服务器申请地址的过程,从报文可以看出服务器分配了地址
* [3.4048164402-] PPP-8-01653000:                                              
  PPP Event:                                                                   
      Virtual-Template1:0 LCP Close  Event                                     
      state opened                                                             
* [3.4048164402-] PPP-8-01653000:                                              
  PPP State Change:                                                            
      Virtual-Template1:0 LCP : opened --> closing   //已经分配地址,但状态由opened-->closing

处理过程
1、用户上线失败,通过display aaa offline-record (对于MA5200G VRP3.30-2215及以后版本,上线失败原因查看的命令为display aaa online-fail-record )查看用户下线原因为:CM IP address alloc fail ,可以知道用户上线失败原因是因为地址分配失败。
[MA5200F]display aaa offline-record                          
  -------------------------------------------------------------------          
  User name          : fff@yxt                                                 
  User MAC           : 000d-608f-798f                                          
  User access type   : ppp                                                     
  User access slot   : 0                                                       
  User port type     : Ethernet                                                
  User access port   : 8                                                       
  User access Vlan   : 0                                                       
  User IP address    : 255.255.255.255                                         
  User ID            : 535                                                     
  User authen state  : Authened                                                
  User acct state    : AcctIdle                                                
  User author state  : AuthorIdle                                              
  User acct sessionID:                                                         
  User login time    : 1970/01/01 00:00:00                                     
  User offline time  : 2005/12/06 15:59:33                                     
  User offline reason: CM IP address alloc fail
2、打开相关调试信息开关 (MA5200G没有PPPoE相关的调试命令,可以只打开DHCPR的相关信息,也可以使用两种设备的trace功能):
<MA5200F>debugging pppoe packet
<MA5200F>debugging dhcpr packet
相关信息见告警记录,从其中分析发现DHCP已经获取地址,但是用户却获取地址失败。
3、打开AM(地址管理)的调试信息:
[MA5200F-diagnose]debugging am all
发现认证失败时消息如下:
 DHCPC->AM:                                                                    
 Message: IP Reply                                                             
 Result: ACK                                                                   
 IP: 221.130.87.253                                                            
 DHCP Server: 211.139.120.50 Router: 221.130.87.1                              
 CID: 537 MAC :000d-608f-798f                                                  
 DNS1: 211.138.200.69 DNS2: 211.103.13.101                                     
 NBNS1: 255.255.255.255 NBNS2: 255.255.255.255                                  
 xx_abcd.c  1536   Different Mask  
原因是掩码不一致。
4、检查MA5200F的配置发现远端地址池的掩码为24位,而DHCP服务器下发的地址掩码为32位,这两个掩码不一致,从而导致用户分配IP地址失败。
根因
PPPoE通过DHCP分配地址,其过程是在PPPoE LCP协商成功后,由MA5200代理用户向相应的DHCP服务器发起DHCP申请,在申请到IP地址后再通过IPCP协商将DHCP分配的地址分配给用户。其配置也很简单,就是在PPPoE用户域中指定一个远端地址池,这个地址池关联相应的DHCP服务器就可以了。但在这个案例中,由于DHCP分配地址所带的地址掩码和MA5200上配置的地址池掩码不一致,从而导致用户IP地址分配失败,用户上线不成功。
建议与总结
在配置远端地址池的时候,无论什么情况都需要保持MA5200上地址池的掩码和远端服务器上的掩码是一致的。

END