IPTV终端用户由于获取不到DNS导致上线失败

发布时间:  2014-12-09 浏览次数:  170 下载次数:  2
问题描述

版本:
NE40E&80E V600R008C10SPC300

 

组网:
NA

 

问题描述:

NE40E设备替换友商E设备后,出现部分IPTV终端使用本地帐号iptv@iptv无法正常拨号上线,问题主要集中在康佳机顶盒上,通过trace用户可以看到PPPoE的发现和会话阶段已经完成,但是在17秒后机顶盒就发送PADT中止了连接,但是相同机顶盒使用本地帐号yne82@itms能够正常上线。

Dec 2 2014 12:12:46.280 NE40E-01 BTRC_DebugInfo: [objectID=3][slotID=0][AAA]

[user info:

  MAC Address    : 001A-XXXX-F509

  IP Address     : X.217.xx.xx

  Interface      : Eth-Trunk2.2001

  PE VLAN ID     : 900

  User Name      : iptv@iptv]

[trace info:User start accounting success]           //前面的pppoe发现及会话阶段已经结束  

Dec 2 2014 12:12:46.680 NE40E-01 BTRC_DebugInfo: [objectID=3][slotID=1][MSEADA]

[user info:

  MAC Address    : 001A-XXXX-F509

  IP Address     : X.217.xx.xx

  Interface      : Eth-Trunk2.2001       

  PE VLAN ID     : 900]                  

[trace info:                             

 Normal Ipv4 User Flow report:Cid:118326, UserIpType:1, UpByte:0, UpPack:0, DnByte:0, DnPack:0]

Dec 2 2014 12:13:2.970 NE40E-01 BTRC_DebugInfo: [objectID=3][slotID=2][PPPOE]

[user info:                              

  MAC Address    : 001A-XXXX-F509        

  Interface      : Eth-Trunk2.2001       

  PE VLAN ID     : 900                   

  Access Mode    : PPPoE ]               

[trace info:Receive a PADT packet       //17秒以后收到终端的PADT报文

        10 51 72 31 99 a8 00 1a 34 d3 f5 09 81 00 03 84

        88 63 11 a7 64 3f 00 24 01 03 00 04 a2 01 00 00

        02 03 00 18 50 50 50 6f 45 3a 20 52 65 63 65 69

        76 65 64 20 73 69 67 6e 61 6c 20 31 00 00 40 00 ]

处理过程

1、查看异常账号iptv@iptv上线表项和正常账号yne82@itms上线表项:

发现正常账号申请到了dns地址,而异常账号没有。

帐号iptv@iptv上线记录:

 

[NE40E-01]dis access-user mac-address 001A-XXXX-F509

  -------------------------------------------------------------------

  User access index             : 176049

  State                         : Used

  User name                     : iptv@iptv

  Domain name                   : iptv

  User backup state             : No

  RUI user state                : -

  User access interface         : Eth-Trunk2.2001

  User access physical interface: GigabitEthernet2/1/4

  User access PeVlan/CeVlan     : 900/-

  User access slot              : 2

  User MAC                      : 001a-xxxx-f509

  User IP address               : X.217.xx.xx

  User IP netmask               : 255.255.255.255

  User gateway address          : X.217.xx.xx

  User Authen IP Type           : ipv4/-/-

  User Basic IP Type            : -/-/-

  User MSIDSN name              : -

  EAP user                      : No

  MD5 end                       : No

  MTU                           : 1492

  MRU                           : 1492

  Vpn-Instance                  : -

  User access type              : PPPoE

  User authentication type      : PPP authentication

  Server-template of second acct: -

  Agent-Circuit-Id              : -

  Agent-Remote-Id               : -

  Access-line-id Information(pppoe+): -

  Current authen method         : Local authentication

  Authen result                 : Success

  Current author method         : Idle

  Author result                 : Idle

  Action flag                   : Idle

  Authen state                  : Authed

  Author state                  : Idle

  Configured accounting method  : No accounting

  Quota-out                     : Offline

  Current accounting method     : No accounting

  Realtime-accounting-switch            : Close    

  Realtime-accounting-interval(sec)     : -

  Realtime-accounting-send-update       : No                 

  Realtime-accounting-traffic-update    : No                 

  Access start time             : 2014-12-02 15:44:20

  Accounting start time         : 2014-12-02 15:44:20

  Online time (h:min:sec)       : 00:00:08

  Accounting state              : Ready

  Idle-cut direction            : Both

  Idle-cut-data (time,rate,idle): 0 sec, 60 kbyte/min, 0 min 0 sec

  Ipv4 Realtime speed           : 0 kbyte/min

  Ipv4 Realtime speed inbound   : 0 kbyte/min

  Ipv4 Realtime speed outbound  : 0 kbyte/min

  Link bandwidth auto adapt     : Disable

  UpPriority                    : Trust-8021p-outer

  DownPriority                  : Trust-dscp-outer

  Multicast-profile             : -

  Multicast-profile-ipv6        : -

  Max Multicast List Number     : 4

  IGMP enable                   : Yes

  User-Group                    : iptv-acl

  Next-hop                      : -

  Policy-route-IPV6-address     : -

  If flow info contain l2-head  : Yes

  Flow-Statistic-Up             : Yes

  Flow-Statistic-Down           : Yes

  Up packets number(high,low)   : (0,0)

  Up bytes number(high,low)     : (0,0)

  Down packets number(high,low) : (0,0)

  Down bytes number(high,low)   : (0,0)

  IPV6 Up packets number(high,low)     : (0,0)

  IPV6 Up bytes number(high,low)       : (0,0)

  IPV6 Down packets number(high,low)   : (0,0)

  IPV6 Down bytes number(high,low)     : (0,0)

  Service-type                  : -

  -------------------------------------------------------------------

 

帐号yne82@itms上线记录:

 

[NE40E-01]dis access-user  mac-address 001a-xxxx-f509

  -------------------------------------------------------------------

  User access index             : 177440

  State                         : Used

  User name                     : yne82@itms

  Domain name                   : itms

  User backup state             : No

  RUI user state                : -

  User access interface         : Eth-Trunk2.2001

  User access physical interface: GigabitEthernet2/1/3

  User access PeVlan/CeVlan     : 900/-

  User access slot              : 2

  User MAC                      : 001a-xxxx-f509

  User IP address               : X.121.x.x

  User IP netmask               : 255.255.255.255

  User gateway address          : X.121.x.x

  User Primary-DNS              : X.111.x.x

  User Authen IP Type           : ipv4/-/-

  User Basic IP Type            : -/-/-

  User MSIDSN name              : -

  EAP user                      : No

  MD5 end                       : No

  MTU                           : 1492

  MRU                           : 1492

  Vpn-Instance                  : ITMS

  User access type              : PPPoE  

  User authentication type      : PPP authentication

  Server-template of second acct: -

  Agent-Circuit-Id              : -

  Agent-Remote-Id               : -

  Access-line-id Information(pppoe+): -

  Current authen method         : Local authentication

  Authen result                 : Success

  Current author method         : Idle

  Author result                 : Idle

  Action flag                   : Idle

  Authen state                  : Authed

  Author state                  : Idle

  Configured accounting method  : No accounting

  Quota-out                     : Offline

  Current accounting method     : No accounting

  Realtime-accounting-switch            : Close    

  Realtime-accounting-interval(sec)     : -

  Realtime-accounting-send-update       : No                 

  Realtime-accounting-traffic-update    : No                 

  Access start time             : 2014-12-02 15:52:51

  Accounting start time         : 2014-12-02 15:52:51

  Online time (h:min:sec)       : 00:07:17

  Accounting state              : Ready

  Idle-cut direction            : Both   

  Idle-cut-data (time,rate,idle): 0 sec, 60 kbyte/min, 0 min 0 sec

  Ipv4 Realtime speed           : 0 kbyte/min

  Ipv4 Realtime speed inbound   : 0 kbyte/min

  Ipv4 Realtime speed outbound  : 0 kbyte/min

  Link bandwidth auto adapt     : Disable

  UpPriority                    : Trust-8021p-outer

  DownPriority                  : Trust-dscp-outer

  Multicast-profile             : -

  Multicast-profile-ipv6        : -

  Max Multicast List Number     : 4

  IGMP enable                   : Yes

  User-Group                    : -

  Next-hop                      : -

  Policy-route-IPV6-address     : -

  If flow info contain l2-head  : Yes

  Flow-Statistic-Up             : Yes

  Flow-Statistic-Down           : Yes

  Up packets number(high,low)   : (0,6)

  Up bytes number(high,low)     : (0,492)

  Down packets number(high,low) : (0,0)

  Down bytes number(high,low)   : (0,0)

  IPV6 Up packets number(high,low)     : (0,0)

  IPV6 Up bytes number(high,low)       : (0,0)

  IPV6 Down packets number(high,low)   : (0,0)

  IPV6 Down bytes number(high,low)     : (0,0)

  Service-type                  : -

  -------------------------------------------------------------------

 

2查看设备配置:发现由于iptv地址池中没有配置dns server地址,所以申请从此地址池中申请地址的用户都没有dns地址。

 

domain iptv

  authentication-scheme local

  accounting-scheme local

  ip-pool iptv

  ip-pool iptv-pool

  user-priority upstream trust-8021p-outer

  user-priority downstream trust-dscp-outer

  user-group iptv-acl

 

domain itms                             

  authentication-scheme local

  accounting-scheme local

  ip-pool itms-pool

  ip-pool pool3

  ip-pool pool4

  ip-pool pool5

  vpn-instance ITMS

  user-priority upstream trust-8021p-outer

  user-priority downstream trust-dscp-outer 

 

ip pool iptv bas local

gateway 10.217.160.1 255.255.240.0

section 0 10.217.160.2 10.217.175.254

 

ip pool iptv-pool bas local

gateway 10.216.0.1 255.255.240.0

section 0 10.216.0.2 10.216.15.254

dns-server 222.172.200.68 61.166.150.123

 

ip pool pool3 bas local

vpn-instance ITMS

gateway 10.120.2.1 255.255.255.0

section 0 10.120.2.2 10.120.2.254

dns-server 10.111.0.7

#

ip pool pool4 bas local

vpn-instance ITMS

gateway 10.120.3.1 255.255.255.0

section 0 10.120.3.2 10.120.3.254

dns-server 10.111.0.7

#

ip pool pool5 bas local

vpn-instance ITMS

gateway 10.120.0.1 255.255.255.0

section 0 10.120.0.2 10.120.0.254

dns-server 10.111.0.7

 

3 从报文看,用户在PPP LCP协商中iptv账号没有协商到dns,而itms账号协商到了dns

 

iptv账号:

itms账号:

根因

设备上配置的地址池iptv中没有配置dns-server,用户上线时没有获取到dns地址,导致机顶盒发PADT报文下线。

解决方案

在地址池iptv中配置dns-server,用户上线正常:

ip pool iptv bas local

gateway X.X.160.1 255.255.240.0

section 0 X.X.160.2 X.X.175.254

dns-server X.X.200.68 X.X.150.123

建议与总结

如果机顶盒IPTV用户获取不到DNS server地址,就会导致用户上线后再下线。

END