PPPoE Users Cannot Go Online Because the Matching Mode in the Traffic Classifier Is Incorrect

Publication Date:  2012-07-27 Views:  87 Downloads:  0
Issue Description
 PPPoE (data services) and IPTV services are transmitted on the customer network. The customer ensures the validity of access to the IPTV STB by using the MAC address ACL binding and the VLAN ID. After service migration, it is found that IPTV services are normal but PPPoE users cannot go online. The networking diagram is as follows:
MA5200G (PPPoE services) T64G (IPTV services)
\ /
\ /
S9300
|
UA5000
/ \
/ \
PC STB 

 
Alarm Information
 Null 

 
Handling Process
 The relationship between traffic classifier rules is OR and the configuration is as follows:
traffic classifier STB operator and precedence 5
if-match vlan-id 3072 to 4031
if-match acl 4000
traffic classifier ITMS operator and precedence 10
if-match vlan-id 3072 to 4031
if-match acl 4010
PPPoE services are normal. 

 
Root Cause
 1. The user name and password are incorrect.
2. The BRAS configuration on the MA5200G sub-interface is incorrect.
3. The VLAN ID range on the MA5200G QinQ termination sub-interface is different from the VLAN ID range in PPPoE packets.
4. The S9300 configuration is incorrect. As a result, PPPoE packets cannot be forwarded to the MA5200G.
Here, cause 4 results in the problem.Pay attention to the following configuration of the S9300:
acl number 4000
rule 0 permit source-mac 00e0-8e00-0000 ffff-ff00-0000
rule 1 permit source-mac 00c0-8c00-0000 ffff-ff00-0000
rule 2 permit source-mac 0007-ba00-0000 ffff-ff00-0000
rule 3 permit source-mac 001e-4000-0000 ffff-ff00-0000
rule 4 permit source-mac 001d-b000-0000 ffff-ff00-0000
#
acl number 4010
rule 1 permit source-mac 00d0-f800-0000 ffff-ff00-0000
rule 2 permit source-mac 00d0-d000-0000 ffff-ff00-0000
rule 3 permit source-mac 0019-c600-0000 ffff-ff00-0000
rule 4 permit source-mac 0015-eb00-0000 ffff-ff00-0000
rule 5 permit source-mac 0008-5c00-0000 ffff-ff00-0000
rule 6 permit source-mac 0003-0f00-0000 ffff-ff00-0000
rule 7 permit source-mac 0615-eb00-0000 ffff-ff00-0000
rule 8 permit source-mac 001e-7300-0000 ffff-ff00-0000
rule 9 permit source-mac 0022-9300-0000 ffff-ff00-0000
rule 10 permit source-mac 001e-1000-0000 ffff-ff00-0000
rule 11 permit source-mac 000a-c200-0000 ffff-ff00-0000
rule 99 deny //Pay attention to this rule.
# // The relationship between rules of the following two traffic classifiers is OR. That is, packets match the traffic classifier if they match either of the two conditions.
traffic classifier STB operator or precedence 5
if-match vlan-id 3072 to 4031
if-match acl 4000
traffic classifier ITMS operator or precedence 10
if-match vlan-id 3072 to 4031
if-match acl 4010
#
traffic behavior PermitMAC
#
traffic policy PermitMAC
classifier STB behavior PermitMAC
classifier ITMS behavior PermitMAC
interface Eth-Trunk1 //下行接口
traffic-policy PermitMAC inbound
//The valid MAC address range is defined in the ACL on the STB and the MAC address of PPPoE users is not in the permit list; therefore, packets match rule 99 deny. The relationship between traffic classifiers rules is OR; therefore, packets are forwarded if they match either rule. The packets are discarded. As a result, PPPoE services are abnormal. 

 
Suggestions
 After the relationship between traffic classifier rules is set to AND, packets match a traffic classifier only when they match the ACL and VLAN ID. Then the packets are forwarded according to the traffic classifier rule. PPPoE services are transmitted in the VLAN and can match only one ACL rule; therefore, PPPoE service packets cannot match the traffic classifier and be forwarded according to the traffic classifier rule. After the common packet forwarding process is used, and PPPoE packets can be forwarded normally.
Services of invalid STBs are transmitted in a VLAN and match ACLs; therefore, they enter the traffic classifier and are discarded by the traffic classifier rule. In this manner, resources of authorized IPTV users are protected. 

 

END