NE40E 做BRAS设备,pppoe拨号和test-aaa 测试都失败

发布时间:  2015-12-31 浏览次数:  1560 下载次数:  0
问题描述

NE40E 做BRAS设备,pppoe拨号和test-aaa 测试都失败,报错如下:

 

<huawei-NE40E-X3-R1>

Dec 29 2015 14:40:22.400.17 QQHR-D-NE40E-X3-R1 BTRC/7/BTRC_TraceInfo:[objectID=1][slotID=0][RADIUS][user info:

  MAC Address    : C80A-A979-00CF

  IP Address     : 255.255.255.255

  Interface      : GigabitEthernet3/0/13.1

  PE VLAN ID     : 2902

  CE VLAN ID     : 501

  User Name      : cs0001@pppoe-qqhe]

[trace info:

  Radius Sent a Packet

  Server Template: 1

  Server IP   : 10.176.0.10

  Vpn-Instance: -

  NAS Port    : 1812

  Protocol: Standard

  Code    : Authentication request

  Len     : 312

  ID      : 63

  [User-Name(1)                       ] [8 ] [cs0001]

  [User-Password(2)                   ] [18] [******]

  [NAS-Port(5)                        ] [6 ] [50385397]

  [NAS-IP-Address(4)                  ] [6 ] [192.168.10.1]

  [Service-Type(6)                    ] [6 ] [2] [Framed]

  [Framed-Protocol(7)                 ] [6 ] [1] [PPP]

  [Calling-Station-Id(31)             ] [19] [c8:0a:a9:79:00:cf]

  [NAS-Identifier(32)                 ] [20] [QQHR-D-NE40E-X3-R1]

  [NAS-Port-Type(61)                  ] [6 ] [15] [Ethernet]

<QQHR-D-NE40E-X3-R1>

Dec 29 2015 14:40:22.400.18 QQHR-D-NE40E-X3-R1 BTRC/7/BTRC_TraceInfo:

  [NAS-Port-Id(87)                    ] [51] [slot=3;subslot=0;port=13;vlanid=501;vlanid2=2902;]

  [Acct-Session-Id(44)                ] [35] [QQHR-D-03013290200501c37940121033]

  [Connect-Info(77)                   ] [12] [1000000000]

  [HW-NAS-Startup-Time-Stamp(Huawei-59)] [6 ] [1414522459]

  [HW-IP-Host-Address(Huawei-60)      ] [35] [255.255.255.255 c8:0a:a9:79:00:cf]

  [HW-Connect-ID(Huawei-26)           ] [6 ] [121033]

  [HW-Version(Huawei-254)             ] [11] [Huawei NE]

  [HW-Product-ID(Huawei-255)          ] [4 ] [NE]

  [HW-Domain-Name(Huawei-138)         ] [12] [pppoe-qqhe]

  [HW-User-Mac(Huawei-153)            ] [19] [c8:0a:a9:79:00:cf]]

 

<QQHR-D-NE40E-X3-R1>

Dec 29 2015 14:40:22.430.1 QQHR-D-NE40E-X3-R1 BTRC/7/BTRC_TraceInfo:[objectID=1][slotID=0][RADIUS][user info:

  MAC Address    : C80A-A979-00CF

  IP Address     : 255.255.255.255

  Interface      : GigabitEthernet3/0/13.1

  PE VLAN ID     : 2902

  CE VLAN ID     : 501

  User Name      : cs0001@pppoe-qqhe]

[trace info:

[RDS(Err):] Receive a illegal packet(Authenticator error)

     (ip:10.176.0.10 port:1812 cid:121033 STIdx:1 PktType:1

      Protocol:1 SrcMsg:0 SerId:4294967295 SerType:0 SndTimes:1 IfRui:0

      Authenticator:8295A52A1173BD310D018E0A5BF2E78D)]

<huawei-NE40E-X3-R1>test-aaa cs0001 12345678 radius-group pppoe-1 trace 
<huawei-NE40E-X3-R1>
  Radius Sent a Packet
  Server Template: 1
  Server IP   : 10.176.0.10
  Vpn-Instance: -
  NAS Port    : 1813
  Protocol: Standard
  Code    : Account request
  Len     : 106
  ID      : 20
  [User-Name(1)                       ] [8 ] [cs0001]
  [Acct-Status-Type(40)               ] [6 ] [2] [Stop]
  [NAS-IP-Address(4)                  ] [6 ] [192.168.10.1]
  [NAS-Identifier(32)                 ] [20] [QQHR-D-NE40E-X3-R1]
  [Acct-Delay-Time(41)                ] [6 ] [0]
  [Acct-Session-Id(44)                ] [34] [QQHR-D00000000000000f9d8d5152580]
  [Acct-Terminate-Cause(49)           ] [6 ] [1] [User Request]
Info: Account test time out!

处理过程

1、用户拨号的trace信息显示,radius收到了一个错误的报文。检查配置都是正确的,也是用的标准的radius协议。

2、test-aaa提示失败,就把计费取消,发现还是test-aaa不成功;

3、唯一没确认的,就是radius服务器和ne40e的验证密钥是否一致。

根因
最后到radius服务器上,确认验证密钥和我们设备设置不一致。
解决方案

修改radius服务器上的验证密钥密码后,认证成功。
建议与总结
遇到radius回应报文错误的trace报错,优先考虑验证密钥radius-server shared-key是否匹配。

END