由于RADIUS在多LNS下没有下发83号属性导致MA5200G不发起L2TP连接

发布时间:  2012-07-26 浏览次数:  79 下载次数:  0
问题描述
组网:
pppoe用户-L2-L2-MA5200G
PPPOE用户数据打上QINQ标签到MA5200G终结,MA5200G做LAC,通过RADIUS下发L2TP属性发起L2TP连接。但是在实际测试中发现,用户RADIUS认证通过,但是MA5200G没有触发L2TP连接。
      
告警信息
通过设备上DEBUG 发现有如下告警:
*Nov  6 15:52:19 2006 GX-H-MA5200G-1 RDS/8/debug2:
  Radius Received a Packet
  Server Template: 1
  Server IP   : 61.139.25.129
  Vpn-Instance: --
  Server Port : 1812
  Protocol: Standard
  Code    : 2
  Len     : 158
  ID      : 218
  [Service-Type(6)                    ] [6 ] [2]
  [Framed-Protocol(7)                 ] [6 ] [1]
  [Framed-IP-Address(8)               ] [6 ] [255.255.255.254]
  [Tunnel-Type(64)                    ] [6 ] [1][3]
  [Tunnel-Medium-type(65)             ] [6 ] [1][1]
  [Tunnel-Server-Endpoint(67)         ] [16] [1][221.236.13.99]
  [Tunnel-password(69)                ] [21] [01b44defd1e1d95e2aacc3605ed1406fac8cda]
  [Tunnel-Type(64)                    ] [6 ] [2][3]
  [Tunnel-Medium-type(65)             ] [6 ] [2][1]
  [Tunnel-Server-Endpoint(67)         ] [17] [2][221.236.13.100]
  [Tunnel-password(69)                ] [21] [02b44defd1e1d95e2aacc3605ed1406fac8cda]
  [Session-TimeOut(27)                ] [6 ] [518000]
*Nov  6 15:52:19 2006 GX-H-MA5200G-1 RDS/8/debug2:
[RDS(Err):] Fail to decode tunnel attribute ,Multiple instances without preference
      
处理过程
协调RADIUS下发83号属性后,L2TP连接建立成功。
消息如下:
Radius Received a Packet
  Server Template: 2
  Server IP   : 61.139.56.10
  Vpn-Instance: --
  Server Port : 1812
  Protocol: Standard
  Code    : 2
  Len     : 155
  ID      : 2
  [Service-Type(6)                    ] [6 ] [2]
  [Framed-Protocol(7)                 ] [6 ] [1]
  [Framed-IP-Address(8)               ] [6 ] [255.255.255.254]
  [Session-TimeOut(27)                ] [6 ] [518000]
  [Tunnel-Type(64)                    ] [6 ] [1][3]
  [Tunnel-Medium-type(65)             ] [6 ] [1][1]
  [Tunnel-Server-Endpoint(67)         ] [16] [1][221.236.13.99]
  [Tunnel-password(69)                ] [21] [01c691b3214dd3c7a1fd728a469d6a50b78c1d]
  [Tunnel-Preference(83)              ] [6 ] [1][1]
  [Tunnel-Type(64)                    ] [6 ] [2][3]
  [Tunnel-Medium-type(65)             ] [6 ] [2][1]
  [Tunnel-Server-Endpoint(67)         ] [17] [2][221.236.13.100]
  [Tunnel-password(69)                ] [21] [02c691b3214dd3c7a1fd728a469d6a50b78c1d]
  --[2006/11/6 17:11:32-][RADIUS][000f-1f9f-0341]:
  [Tunnel-Preference(83)              ] [6 ] [2][2]
  --[2006/11/6 17:11:32-][RADIUS][000f-1f9f-0341]: Send a msg(Auth accept)
  --[2006/11/6 17:11:32-][AAA][000f-1f9f-0341]:Receive authentication accept from RADIUS successfully(UserID = 40847)
  --[2006/11/6 17:11:32-][AAA][000f-1f9f-0341]:Send authentication ack to UCM successfully(UserID = 40847, Result = SRV_AUTH_PASS)
  --[2006/11/6 17:11:32-][CM][000f-1f9f-0341]:Receive AAA_AUTH_ACK from AAA (userid:40847)
  --[2006/11/6 17:11:32-][CM][000f-1f9f-0341]:Send PPP_AUTH_ACK to PPP (userid:40847)
  --[2006/11/6 17:11:32-][PPP][000f-1f9f-0341]:Received successful authentication ack message from ucm
  --[2006/11/6 17:11:32-][PPP][000f-1f9f-0341]:Send l2tp up message successfully
  --[2006/11/6 17:11:32-][L2TP][000f-1f9f-0341]:Receive SRV_MSG_PPP_L2TP_SESSION_REQ from PPP successfully(userid=40847,pppIndex=-1436935574)
  --[2006/11/6 17:11:32-][L2TP][000f-1f9f-0341]:Send SCCRQ to LNS (userid=40847,callid=5911,tunnelid=6)
  --[2006/11/6 17:11:32-][L2TP][000f-1f9f-0341]:Receive SCCRP from LNS and send SCCN to LNS successfully (userid=40847,callid=5911,tunnelid=6)
  --[2006/11/6 17:11:32-][L2TP][000f-1f9f-0341]:Send ICRQ to LNS(userid=40847,callid=5911,tunnelid=6)
  --[2006/11/6 17:11:32-][L2TP][000f-1f9f-0341]:Receive ICRP from LNS successfully (callid=5911,tunnelid=6)
  --[2006/11/6 17:11:32-][L2TP][000f-1f9f-0341]:Send SRV_MSG_L2TP_PPP_SESSION_ACK to PPP successfully (callid=5911,tunnelid=6)
  --[2006/11/6 17:11:32-][PPP][000f-1f9f-0341]:Received L2TP session ack message
  --[2006/11/6 17:11:32-][PPP][000f-1f9f-0341]:Create session successfully, send UP message to ucm
      
根因
根据告警可知,用户RADIUS认证通过,CODE2报文同时也返回了L2TP信息。但是由于没有下发LNS优先级属性,MA5200G不能确认采用哪一个LNS服务器导致没有触发L2TP连接。
      
建议与总结

END