IPoE user A named test accesses
the network, and IPoE user B also wants to use this name to access the network.
IPoE user B succeeds in authentication and network access, but IPoE user A
fails to access the network or ping the gateway.
IPoE user A fails to re-initiate authentication. The portal page fails to
be displayed. Authentication can be triggered again only after network cables
are removed and then inserted.
pppoe-server bind Virtual-Template 1
user-vlan 1211 1218 qinq 1061
access-type layer2-subscriber default-domain pre-authentication
mac-jq-bg-test authentication jq-bg-test
authentication-method ppp web dot1x
user offline records. It is suspected that user A is kicked off.
aaa abnormal-offline-record ip-address 172.20.167.244
User name :
Domain name : xxxx
User MAC : xxxx-e424-53bc
User access type : IPoE
User access interface: Eth-Trunk0.2000
User access PeVlan/CeVlan : 1061/1212
User IP address : 172.20.167.244
User authen state : Authened
User acct state : Accting
User author state : AuthorIdle
User login time : 2018-09-14 10:39:21
User offline time : 2018-09-14 10:39:42
User offline reason: AAA with radius server cut command
The records show that user A is kicked off by the RADIUS server. According
to the symptom, it can be confirmed that the RADIUS server limits the number of
access users by user name. Only one user can be accessed. However, an
authentication request fails to be re-triggered after a user goes offline. This
problem is irrelevant to the RADIUS server.
the MAC address of user A. It is found that after the user is kicked off, the
ME60 does not receive any authentication requests or implement any
authentication exchanges. The configuration check shows that the arp-trigger and ip-trigger commands are not run on the BAS sub-interface. In this
case, ARP and IP packets cannot trigger a user online request.
The ip-trigger and arp-trigger commands are not run on the
Run the arp-trigger and ip-trigger commands on the BAS
The arp-trigger command is used
to enable ARP packets to trigger user online on a BAS interface. After this
command is run, ARP packets can be sent to trigger authentication.
The ip-trigger command is used to
enable IP packets to trigger user online on a BAS interface. After this command
is run, IP packets can be sent to trigger authentication.
If the function to trigger authentication is not enabled on BAS
sub-interfaces, ARP and IP packets sent by terminals cannot trigger