WLAN的expired地址未及时回收,导致新用户无法获取IP地址,portal认证不能成功无法上网

发布时间:  2016-12-19 浏览次数:  276 下载次数:  0
问题描述

1.采用WLAN portal认证的guest用户无法上网,其他类型用户能正常上网;

2.查询guest用户电脑发现无法获取IP地址;

3.查询AC6605设备的logbuffer,显示内容包含:ERRCODE:102;RESULT:DHCP IP POOL IS OUTFLOW


告警信息

1.AC6605设备的logbuffer有如下信息:

......

2016-12-19 16:36:30+00:00 BJ-HQ-WLAN-6605-AC01 %%01DHCP/4/DHCP_DHCP_ALLOC_ADDRESS(l)[377]:Result of IP address allocation from the DHCP server to wireless users. [WLAN_STA_INFO_IP_CONNECTION]ACMAC:20-3d-b2-62-b7-23;ACNAME:BJ-HQ-WLAN-6605-AC01;APMAC:00-06-f4-e9-4f-00;APNAME:0006-f4e9-4f00;USER:f024756d709b;MAC:f0-24-75-6d-70-9b;TIME:1482165390;ZONE:UTC-0000;DAYLIGHT:false;ERRCODE:102;RESULT:DHCP IP POOL IS OUTFLOW;
2016-12-19 16:36:29+00:00 BJ-HQ-WLAN-6605-AC01 %%01DHCP/4/DHCP_DHCP_ALLOC_ADDRESS(l)[378]:Result of IP address allocation from the DHCP server to wireless users. [WLAN_STA_INFO_IP_CONNECTION]ACMAC:20-3d-b2-62-b7-23;ACNAME:BJ-HQ-WLAN-6605-AC01;APMAC:00-06-f4-e9-43-60;APNAME:0006-f4e9-4360;USER:b0e235c5df92;MAC:b0-e2-35-c5-df-92;TIME:1482165389;ZONE:UTC-0000;DAYLIGHT:false;ERRCODE:102;RESULT:DHCP IP POOL IS OUTFLOW;
2016-12-19 16:36:29+00:00 BJ-HQ-WLAN-6605-AC01 %%01DHCP/4/DHCP_DHCP_ALLOC_ADDRESS(l)[379]:Result of IP address allocation from the DHCP server to wireless users. [WLAN_STA_INFO_IP_CONNECTION]ACMAC:20-3d-b2-62-b7-23;ACNAME:BJ-HQ-WLAN-6605-AC01;APMAC:00-06-f4-e0-d9-80;APNAME:0006-f4e0-d980;USER:949426be9a5a;MAC:94-94-26-be-9a-5a;TIME:1482165389;ZONE:UTC-0000;DAYLIGHT:false;ERRCODE:102;RESULT:DHCP IP POOL IS OUTFLOW;
2016-12-19 16:36:22+00:00 BJ-HQ-WLAN-6605-AC01 %%01DHCP/4/DHCP_DHCP_ALLOC_ADDRESS(l)[380]:Result of IP address allocation from the DHCP server to wireless users. [WLAN_STA_INFO_IP_CONNECTION]ACMAC:20-3d-b2-62-b7-23;ACNAME:BJ-HQ-WLAN-6605-AC01;APMAC:00-06-f4-e9-4f-00;APNAME:0006-f4e9-4f00;USER:f024756d709b;MAC:f0-24-75-6d-70-9b;TIME:1482165382;ZONE:UTC-0000;DAYLIGHT:false;ERRCODE:102;RESULT:DHCP IP POOL IS OUTFLOW;

......

处理过程

1. 查询guest用户的地址分配方式,对应guest用户采用的是全局地址池

interface Vlanif65
 description for guest

 ip address 10.64.64.1 255.255.254.0
 ......
 dhcp select global

2.查询guest 的ip pool地址池配置,没有配置least参数

#
ip pool guest
 gateway-list 10.64.64.3
 network 10.64.64.0 mask 255.255.254.0
 excluded-ip-address 10.64.64.1 10.64.64.2
 excluded-ip-address 10.64.64.4 10.64.64.10
 excluded-ip-address 10.64.64.255 10.64.65.0 
 dns-list 202.106.0.20 114.114.114.114 8.8.8.8

3.查询AC6605设备的logbuffer,显示内容包含:ERRCODE:102;RESULT:DHCP IP POOL IS OUTFLOW

......

2016-12-19 16:36:30+00:00 BJ-HQ-WLAN-6605-AC01 %%01DHCP/4/DHCP_DHCP_ALLOC_ADDRESS(l)[377]:Result of IP address allocation from the DHCP server to wireless users. [WLAN_STA_INFO_IP_CONNECTION]ACMAC:20-3d-b2-62-b7-23;ACNAME:BJ-HQ-WLAN-6605-AC01;APMAC:00-06-f4-e9-4f-00;APNAME:0006-f4e9-4f00;USER:f024756d709b;MAC:f0-24-75-6d-70-9b;TIME:1482165390;ZONE:UTC-0000;DAYLIGHT:false;ERRCODE:102;RESULT:DHCP IP POOL IS OUTFLOW;

......

4.查询ip pool状态,发现expired的地址达到了422,加上使用的75个地址和disable地址,已经达到509,地址池耗尽

<XXX-6605-AC01>disp ip pool name guest
  Pool-name        : guest
  Pool-No          : 1
  Lease            : 0 Days 12 Hours 0 Minutes
  Domain-name      : -
  DNS-server0      : 202.106.0.20   
  DNS-server1      : 114.114.114.114
  DNS-server2      : 8.8.8.8        
  NBNS-server0     : -              
  Netbios-type     : -              
  Position         : Local           Status             : Unlocked
  Gateway-0        : 10.64.64.3     
  Network          : 10.64.64.0
  Mask             : 255.255.254.0
  Logging          : Disable
  Conflicted address recycle interval: -
  Address Statistic: Total       :509       Used        :76
                     Idle        :422       Expired     :422                 
                     Conflict    :0         Disable     :11    

 -------------------------------------------------------------------------------
  Network section
         Start           End       Total    Used Idle(Expired) Conflict Disabled
 -------------------------------------------------------------------------------
      10.64.64.1    10.64.65.254     509     76       422(422)       0    11
 -------------------------------------------------------------------------------

根因

1.WLAN portal 认证的guest用户地址池没有配置租期lease,根据产品默认lease参数为1天;

2.当天WLAN有大量guest用户使用,离开不再使用WLAN后,因为lease参数为1天,地址池没有回收expired地址,导致地址池溢出;

3.新用户再希望使用WLAN,因为地址池溢出无法获取IP地址,无法通过portal认证上网。


解决方案

1.根据controler的配置,guest用户的在线时长为8小时,修改lease为8小时

2.Reset已经expired的地址进行回收,使新用户能能申请到地址,命令是:reset ip pool name guest expired

3.新用户再次发起DHCP能获取地址,能通过portal认证上网

建议与总结

1.建议地址池租期等于用户的在线时长;

2.对于存在大量expired地址导致地址池溢出,建议进行人工reset进行回收;

END