由于Radius服务器没有下发DNS IP导致用户无法上网

发布时间:  2014-12-19 浏览次数:  229 下载次数:  0
问题描述

一用户无法获取到DNS IP无法正常上网。

ME60版本:V600R006C00SPC300

网络拓扑:Radius---ME60---IP backhaul --- switch --- PPPOE router --- end user

处理过程

用户无法获取到DNS IP可能原因:

1、从用户到ME60的路径不通;

2、ME60配置问题;

3、Radius配置问题;

 

详细分析过程:

1、和用户确认,出问题时可以正常获取IP,说明用户到ME60路径是正常的。

 

2、检测ME60配置:

  domain xxx.xx.xx
  authentication-scheme abcdefg
  authorization-scheme abcdefg
  accounting-scheme abcdefg
  ip-pool abcdefg
  vpn-instance xxxxx:xxxxxx
  radius-server group abcdefg

#
dns resolve 
dns server xxx.xxx.x.6
dns server xxx.xxx.x.7
dns server xxx.xx.xxx.170
dns server xxx.xx.xxx..171
dns server xx.xx.xxx.20


radius-server group abcdefg
radius-server shared-key 123456 authentication xxx.xxx.xxx.45 1645 weight 0
radius-server shared-key 123456 accounting xxx.xxx.xxx.45 1646 weight 0

 
#
ip pool abcdefg bas local
vpn-instance xxxxx:xxxxxx
export host-route
gateway xxx.xxx.xxx.33 xxx.xxx.xxx.248
section 0 xxx.xxx.xxx.34 xxx.xxx.xxx.39
dns-server xxx.xxx.x.6 xxx.xxx.x.7
#
从配置上看不出什么异常,并且无法确认DNS IP是由ME60分配还是由Radius分配。

 

3、用户拨号时ME60上收集交互信息:

<POCKETSHILL_BRAS>
POCKETSHILL_BRAS BTRC/7/BTRC_TraceInfo:[objectID=1][slotID=0][RADIUS][user info:
  MAC Address    : xxxx-xxxx-xxxx
  IP Address     : 255.255.255.255
  Interface      : GigabitEthernet1/0/0.100
  PE VLAN ID     : 100
  USERNAME       : xxxxxxxx@xxx.xx.xx]
[trace info:
  Radius Received a Packet
  Server Template: 3
  Server IP   : xxx.xxx.xxx.45
  Vpn-Instance: -
  Server Port : 1645
  NAS Port    : 1812
  Protocol: Standard
  Code    : Authentication accept //Radius 认证回应
  Len     : 141
  ID      : 21
  [Service-Type(6)                    ] [6 ] [2]
  [Framed-Protocol(7)                 ] [6 ] [1]
  [Class(25)                          ] [39] [BB_BUSINESS_FASTER;xxxxxxxx@xxx.xx.xx]
  [Chargeable-User-Identity(89)       ] [20] [xxxxxxxx@xxx.xx.xx]
  [Framed-IP-Address(8)               ] [6 ] [xxx.xxx.xxx.21]  //radius 下发了用户IP

  [Framed-IP-Netmask(9)               ] [6 ] [255.255.255.255]
  [Framed-MTU(12)                     ] [6 ] [1500]
  [Session-Timeout(27)                ] [6 ] [100000]
  [User-Name(1)                       ] [20] [xxxxxxxx@xxx.xx.xx
  [Acct-Interim-Interval(85)          ] [6 ] [300]]


[POCKETSHILL_BRAS]  dis access-user mac-address xxxx-xxxx-xxxx
  -------------------------------------------------------------------
  User access index             : 120193
  State                         : Used
  User name                     : xxxxxxxx@xxx.xx.xx
  Domain name                   : xxx.xx.xx
  User backuped from            : Local
  User access interface         : GigabitEthernet1/0/0.100
  User access PeVlan/CeVlan     : 100/-
  User access slot              : 1
  User MAC                      : xxxx-xxxx-xxxx
  User IP address               : xxx.xxx.xxx.21(Radius)
  User gateway address          : xxx.xxx.xxx.33
  User Authen IP Type           : ipv4/-/-
  User Basic IP Type            : -/-/-
  User MSIDSN name              : -
  EAP user                      : No
  MD5 end                       : No
  MTU                           : 1492
  Vpn-Instance                  : xxxxx:xxxxxx
  User access type              : PPPoE
  User authentication type      : PPP authentication
  RADIUS-server-template        : abcdefg

 

从交互信息可以看到,用户的地址是由Radius下发的,Radius下发了用户的IP,没有下发DNS IP地址。

 

由上面的信息确认,Radius没有下发DNS IP,第三方Radius检查后确认,Radius上没有DNS配置,配置后用户可以获取DNS IP并正常上网。

 

根因
Radius服务器配置问题导致没有给用户下发DNS IP。
解决方案

第三方Radius服务器厂商检查并添加DNS相关配置。

建议与总结

需要收集的信息:

<BAS_LMT06>display access-user mac-address xxxx-xxxx-xxxx  //xxxx-xxxx-xxxx is the PPPOE client’s MAC address, please use the real MAC address.

 

Trace the PPPOE client’s information:

[BAS_LMT06]trace enable      

[BAS_LMT06]trace access-user object 1 mac-address xxxx-xxxx-xxxx   //xxxx-xxxx-xxxx is the PPPOE client’s MAC address, please use the real MAC address.

<BAS_LMT06>t d

Info: Current terminal debugging is on.

<BAS_LMT06>t m

Info: Current terminal monitor is on.

 

PPPOE dial-up on the client side, and trace information will print on the ME60.

 

After collect the trace information, disable the trace:

<BAS_LMT06>u t d         

<BAS_LMT06>u t m    

[BAS_LMT06]undo trace access-user object 1

[BAS_LMT06]undo trace enable

 

Query access user according to the clicent’s MAC address:

<BAS_LMT06>display access-user mac-address xxxx-xxxx-xxxx   // use the real client’s MAC address and query two times.

<BAS_LMT06>display  access-user domain xxx.xx.xx

END