According to the feedback from the customer, a large number of users connected to an ME60 failed to dial up for login, and the error code 678 was displayed.
ME60—S86 | S86—convergence-layer LSW—access-layer LSW—PC
Version information: ME60 V600R005C00SPC600
1. Log in to the ME60 and check its data configuration. No error is found, and the fault is not caused by incorrect data configuration.
2. Ask the customer to provide the account and password of an affected user. Run the following command to test the communication between the ME60 and RADIUS server:
<ME60>test-aaa test1 111111 radius-group rd1
The test result is successful, indicating the communication between the ME60 and RADIUS server is normal. Therefore, the fault is not caused by a communication failure between the ME60 and the authentication and accounting server.
3. Use the account of an affected user to perform a dialup test and run the following command on the ME60 to check the login failure record of the affected account.
<ME60>display aaa online-fail-record username test1
The command output shows that no login failure record of the user is generated on the ME60. Therefore, it can be determined that the user's login request packets fail to be sent to the ME60. The possibility that the ME60 receives user login request packets but does not respond is excluded. Therefore, the fault is not caused by an error on the ME60. The problem occurs on the Layer 2 network connected to the ME60.
4. Seek help from the customer to check switches on the Layer 2 network. Check MAC entries on the access switch. It is found that the MAC address of the test user is reported to the access switch. Check the MAC entries on the aggregation switch. The result is the same. Therefore, the fault is not caused by an error on the access or aggregation switch.
5. The customer logs in to the S86_1 and checks the MAC address of the test user. It is found that the VLAN ID encapsulated into the Ethernet frame is not the outer VLAN ID of the Internet access service but the management VLAN ID of the switch. The S86 is the management gateway of the switch. If the management VLAN ID is encapsulated into the login request packets, the S86 considers the packets to be management packets and terminates the packets without sending them to the ME60. As a result, login request packets of the user cannot reach the ME60 and user login fails.
6. Restart the S86 after confirming that the S86 configuration is correct. The fault is rectified.
The error code 678 indicates that the remote PC or server does not respond. Therefore, four potential causes are identified:
1. The ME60 receives user login request packets but does not respond.
2. The ME60 fails to communicate with the authentication and accounting server. As a result, user login request packets cannot be sent to the server.
3. Devices on the Layer 2 network fail to communicate with the ME60. As a result, user login request packets cannot be sent to the ME60.
4. The data configuration on the ME60 is incorrect.