No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

If a New IPoE User Connected to an ME60 Uses the Same Name as an Old User to Access the Network, the Old User Fails to Access the Network or Ping the Gateway

Publication Date:  2019-07-28 Views:  298 Downloads:  0

Issue Description

ME60 V600R007

IPoE user A named test accesses the network, and IPoE user B also wants to use this name to access the network. IPoE user B succeeds in authentication and network access, but IPoE user A fails to access the network or ping the gateway.

IPoE user A fails to re-initiate authentication. The portal page fails to be displayed. Authentication can be triggered again only after network cables are removed and then inserted.

Key configuration:

#
interface Eth-Trunk0.2000
 pppoe-server bind Virtual-Template 1
 user-vlan 1211 1218 qinq 1061
 bas
 #
  access-type layer2-subscriber default-domain pre-authentication mac-jq-bg-test authentication jq-bg-test
  nas-port-type 802.11
  authentication-method ppp web dot1x
 #

Handling Process

1.Check user offline records. It is suspected that user A is kicked off.

[ME60]dis aaa  abnormal-offline-record ip-address 172.20.167.244
  -------------------------------------------- 
  User name          : ,0,hxh_vod
  Domain name        : xxxx
  User MAC           : xxxx-e424-53bc
  User access type   : IPoE 
  User access interface: Eth-Trunk0.2000
  User access PeVlan/CeVlan    : 1061/1212
  User IP address    : 172.20.167.244
  User ID            : 435                
  User authen state  : Authened
  User acct state    : Accting
  User author state  : AuthorIdle
  User login time    : 2018-09-14 10:39:21
  User offline time  : 2018-09-14 10:39:42
  User offline reason: AAA with radius server cut command
  -------------------------------------------- 

The records show that user A is kicked off by the RADIUS server. According to the symptom, it can be confirmed that the RADIUS server limits the number of access users by user name. Only one user can be accessed. However, an authentication request fails to be re-triggered after a user goes offline. This problem is irrelevant to the RADIUS server.

2.Trace the MAC address of user A. It is found that after the user is kicked off, the ME60 does not receive any authentication requests or implement any authentication exchanges. The configuration check shows that the arp-trigger and ip-trigger commands are not run on the BAS sub-interface. In this case, ARP and IP packets cannot trigger a user online request.

Root Cause

The ip-trigger and arp-trigger commands are not run on the BAS sub-interface.

Solution

Run the arp-trigger and ip-trigger commands on the BAS sub-interface.

Suggestions

The arp-trigger command is used to enable ARP packets to trigger user online on a BAS interface. After this command is run, ARP packets can be sent to trigger authentication.
The ip-trigger command is used to enable IP packets to trigger user online on a BAS interface. After this command is run, IP packets can be sent to trigger authentication.

If the function to trigger authentication is not enabled on BAS sub-interfaces, ARP and IP packets sent by terminals cannot trigger authentication.

END