SPUC单板域下配置user-group绑定nat实例导致用户上线失败

发布时间:  2014-07-10 浏览次数:  83 下载次数:  0
问题描述
【Problem Summary】Users do not get the IP after dialing using PPPoE.
【Problem Details】

版本:
ME60  V600R007C00SPC300

组网:
PC ------  ME60 ------ Radius Server

问题描述:

某新开局点PPP用户拨号上线失败,打开trace发现有下面认证失败信息。

Jun 24 2014 04:09:10.910.3+06:00 HUAWEI_BRAS BTRC/7/BTRC_TraceInfo:[objectID=

1][slotID=0][AAA][user info:                                                   

  MAC Address    : XXXX-XXXX-XXXX

  IP Address     : 255.255.255.255                                             

  Interface      : GigabitEthernet5/0/0.76                                     

  PE VLAN ID     : 76                                                          

  User Name      : 1711@btcl2000]                                              

[trace info: User authentication fail, Get nat information error]          

处理过程

查看设备配置:

user-group group1

nat instance 171K                                                              

 add slot 4 master                                                             

 nat address-group 1 X.X.X.197 X.X.X.254                               

 nat outbound any address-group 1    

 

acl number 6001                                                                

 rule 1 permit ip source user-group group1                                     

#                                                                               

traffic classifier c1 operator or                                              

 if-match acl 6001                                                             

#                                                                               

traffic behavior b1                                                            

 nat bind instance 171K                                                        

#                                                                              

traffic policy p1                                                              

 share-mode                                                                    

 classifier c1 behavior b1   

 

#                                                                               

 traffic-policy p1 inbound                                                     

#

 

authentication-scheme msan_auth  

accounting-scheme msan_acct

domain btcl2000                                                               

  authentication-scheme msan_auth                                              

  accounting-scheme msan_acct                                                  

  ip-pool btcl_171k                                                            

  radius-server group msan                                                     

  user-group group1 bind nat instance 171K 

 

ip pool btcl_171k bas local                                                    

 gateway 10.X.0.1 255.255.0.0                                                 

 section 0 10.X.0.2 10.X.255.254                                           

 dns-server X.X.X.243                                                    

 domain-search-list btcl2000  

 

interface GigabitEthernet5/0/0.76                                               

 pppoe-server bind Virtual-Template 1                                          

 description BTCL_171K_Mogbazar_Core_AGW_1                                     

 user-vlan 76                                                                   

 bas                                                                           

 #                                                                             

  access-type layer2-subscriber default-domain authentication btcl2000         

 #            

设备应用了NAT功能,查看单板类型: SPUC单板.

 

==================================================                             

  ===============display device===============                                 

==================================================                             

MultiserviceEngine 60-X8's Device status:                                      

Slot #    Type       Online    Register      Status      Primary               

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -    

3         BSU        Present   Registered    Normal      NA                    

4         SPU        Present   Registered    Normal      NA                    

5         BSU        Present   Registered    Normal      NA                    

9         MPU        Present   NA            Normal      Master                

10        MPU        Present   Registered    Normal      Slave                 

11        SFU        Present   Registered    Normal      NA                    

12        SFU        Present   Registered    Normal      NA                    

13        SFU        Present   Registered    Normal      NA                    

14        CLK        Present   Registered    Normal      Master                

15        CLK        Present   Registered    Normal      Slave                 

16        PWR        Present   Registered    Normal      NA                    

17        PWR        Present   Registered    Normal      NA                     

18        FAN        Present   Registered    Normal      NA                    

19        FAN        Present   Registered    Normal      NA                    

                                                                                

=============================================================          

经确认,NAT实例绑定的单板为4号板,类型为SPUC单板.只支持集中式NAT功能,域下配置user-group不能绑定NAT实例.

 

需要修改:

domain btcl2000                                                               

  authentication-scheme msan_auth                                              

  accounting-scheme msan_acct                                                  

  ip-pool btcl_171k                                                            

  radius-server group msan                                                     

  user-group group1

根因
ME60设备配置问题,SPUC单板做NAT时不支持分布式NAT,即域下不能配置user-group。
解决方案
【Resolution Summary】change the "user-group group1" without bind any nat instance as spuc doesn't support
【Resolution Details】solution analysis: the SPU board only supports integrated NAT function, so it can’t bind user-group to nat instance in domain. domain btcl2000 authentication-scheme msan_auth accounting-scheme msan_acct ip-pool btcl_171k radius-server group msan user-group group1 bind nat instance 171K ->please change it as “user-group group1” Resolution Detail: after change the configuration , user could browse
建议与总结

VSUASPUC单板都是老NAT,只支持集中式NAT,AAA域下配置user-group不用绑定nat实例.

END