ME60三层web中继方式用户无法获取IP地址

发布时间:  2015-12-08 浏览次数:  696 下载次数:  0
问题描述

三层WEB认证,在配置完成之后,发现用户无法获取到IP地址。通过抓包发现用户发动的DHCP DISCOVER报文已经通过中继S12700交换机到了ME60,在CPU级别也能够Trace到DHCP SERVER回应了OFFER报文,但是在下行交换机入方向并没有抓到ME60回应的OFFER报文。

组网拓扑如下

ME60-----------S12700--------接入SW--------PC 
  (DHCP server)   (DHCP中继

ME60关键配置:

ip pool huawei bas local
 gateway 192.169.254.254 255.255.255.0
 section 0 192.169.254.10 192.169.254.20
 dns-server 210.140.13.188
#

interface GigabitEthernet5/0/2.10
 vlan-type dot1q 10
 ip address 192.168.10.1 255.255.255.0
 bas
#
  access-type layer3-subscriber default-domain authentication isp2
#
 ip route-static 192.169.254.0 255.255.255.0 192.168.10.2

#

S12700关键配置:

#
interface Vlanif10
 ip address 192.168.10.2 255.255.255.0
#
interface Vlanif169
 ip address 192.169.254.254 255.255.255.0
 dhcp select relay
 dhcp relay server-ip 192.168.10.1       
#

处理过程

(1)首先通过Trace信息来查看

DHCPACC receive a packet.         //收到用户的DHCP DISCOVER报文,并回应给relay设备一个offer报文
DHCPACC proc a DISCOVER pkt
Giaddr:C0A9FEFE
DhcpaccIndex:187, DhcpaIndex:4294967295, cib:187, state:4(DHCPACC_DIS_WAIT_CLIENT_REQ), DownReason:255]
[ME60_X8]
Aug 14 2015 12:16:47.20.4 ZJSRU_Me60_X8 BTRC/7/BTRC_TraceInfo:[objectID=1][slotID=0][DHCPACC][user info:
  MAC Address    : xxxx-xxxx-xxxx 
  IP Address     : 192.169.254.14      //分配给用户的IP地址;
  Interface      : GigabitEthernet5/0/2.10
  PE VLAN ID     : 10
  Access Mode    : IPoE
  Circuit ID     : 0502-0010-GE
  Remote ID      : Me60_X8-0502-0010-GE ]
[trace info:
45 00 01 48 1a 48 00 00 10 11 96 0b c0 a9 fe fe
c0 a8 0a 01 00 43 00 43 01 34 1b 36 01 01 06 01
c7 d9 92 4f 1d 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 c0 a9 fe fe 3c 97 0e 37 58 d7 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 0

(2)在S12700连接ME60的口子镜像抓包,发现根本就没有收到ME60回复的OFFER报文;在此接口就只能看到发给ME60的DISCOVER报文



(3)在ME60上查看互联接口的发包情况,发现ME60与S12700的互联子接口只有input方向的报文,output方向报文为0;

<ME60_X8>display interface gig 5/0/2
 Input:
      Unicast: 8 packets, Multicast: 0 packets
      Broadcast: 0 packets, JumboOctets: 0 packets
      CRC: 0 packets, Symbol: 0 packets
      Overrun: 0 packets, InRangeLength: 0 packets
      LongPacket: 0 packets, Jabber: 0 packets, Alignment: 0 packets
      Fragment: 0 packets, Undersized Frame: 0 packets
      RxPause: 0 packets
 Output:
      Unicast: 0 packets, Multicast: 0 packets
      Broadcast: 0 packets, JumboOctets: 0 packets
      Lost: 0 packets, Overflow: 0 packets, Underrun: 0 packets
      System: 0 packets, Overrun: 0 packets
      TxPause: 0 packets
      Unknown Vlan: 0 packets

说明报文根本就没有发出去,可能就和路由有关了;

(4)在设备上查看去往用户回程路由和用户网关的回程路由;

[ME60_X8]dis ip routing-table 192.169.254.0
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 1   Routes : 1
Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface
192.169.254.0/24   Static   60   0          RD  192.168.10.2     GigabitEthernet5/0/2.10 

[ME60_X8]dis ip routing-table 192.169.254.254
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 1   Routes : 1
Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface
192.169.254.254/32  Unr      61   0          D  127.0.0.1       InLoopBack0         

去往用户网关的路由被送往本地环回口,被丢弃。

根因

在创建好用户地址池ip pool之后就会默认生成两条路由;

(1)去往用户网段/24的路由,指向NULL 0

(2)去往用户网关的/32路由,指向InLoopBack0



即便配置了 ip route-static 192.169.254.0 255.255.255.0 192.168.10.2 去往用户段的路由,但是也仅仅只能够覆盖到用户段的路由,无法覆盖最长/32掩码匹配的主机网关路由,因而导致了DHCP OFFER报文被丢弃在InLoopBack0这个接口。

解决方案

手工强制将到用户网关的/32主机路由:

[ME60_X8] ip route-static 192.169.254.254 32 192.168.10.2

 

建议与总结

采用中继方式一定要注意ME60上的UNR特殊路由。

END