No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Some Home Users Fail to Go Online When Free Authentication is Enabled on an OLT

Publication Date:  2019-07-17 Views:  153 Downloads:  0

Issue Description

A customer provides feedback that after services are migrated from an OLT to a BGN, some users fail to go online. After the involved sub-interface is enabled with free authentication, the problem persists.

The related configuration is as follows:

domain xxxx-none

  authentication-scheme auth-gmcc-none

  accounting-scheme acc-gmcc-none

  ip-pool pppoe-nat-pool1

  qos-profile 10m inbound

  qos-profile 10m outbound

  user-group pppoe-nat-group1 bind nat instance pppoe_nat_instance1

  user-group pppoe-nat-group2 bind nat instance pppoe_nat_instance2

  portal-server x.x.145.129 

 

 accounting-scheme acc-gmcc-none          

  accounting-mode none

 authentication-scheme auth-gmcc-none

  authentication-mode none

 

interface Eth-Trunk100.600

 description xxxx

 traffic-policy urpf inbound

 user-vlan 1000 4000 qinq 1820 1821

 user-vlan 1000 4000 qinq 1830 1831

 user-vlan 1000 4000 qinq 1839

 user-vlan 1000 4000 qinq 1950 1951

 user-vlan 1000 4000 qinq 1990 1991

 user-vlan 1000 4000 qinq 1999

 bas

 #

  access-type layer2-subscriber default-domain authentication xxxx-none

Handling Process

Check whether the client configuration is normal. On the BAS, check the causes of the user online failure.

disp aaa online-fail-record interface Eth-Trunk 100.600

  -------------------------------------------------------------------

  User name          : 38300302014@139.gd

  Domain name        : xxxx

  User MAC           : xxxx-xxxx-xxxx

  User access type   : PPPoE

  User interface     : Eth-Trunk100.600

  User access PeVlan/CeVlan    : 1820/1378

  User IP address    : -

  User ID            : 257137

  User authen state  : Authened

  User acct state    : AcctIdle

  User author state  : AuthorIdle

  User login time    : 2017-11-30 20:22:04

  Online fail reason : RADIUS authentication reject

  Reply Message      : 44|-1|Error code 86: The call is suppressed, and the account fails in access.

 

The domain name for user access is still xxxx. It is doubted that a domain name has been entered during user dialup. Check whether the user who fails in network access carries the domain name xxxx. Authentication fails to be performed on xxxx-noe. As a result, user access fails.

Root Cause

The user who fails in network access carries the domain name xxxx. Authentication fails to be performed on xxxx-none, and the force parameter must be added.

Solution

The user who fails in network access carries the domain name xxxx. Authentication fails to be performed on xxxx-noe, and the force parameter must be added.

force

Specifies the forcible authentication domain.

A user uses the authentication scheme configured in this domain, irrespective of whether the user name contains a domain name or what the domain name is. If the user name contains a domain name, the domain name remains unchanged during authentication; if the user name does not contain a domain name, the mandatory authentication domain name is added to the user name.

This parameter does not apply to EAP authentication users.

 

interface Eth-Trunk100.600

 description xxxx

 traffic-policy urpf inbound

 user-vlan 1000 4000 qinq 1820 1821

 user-vlan 1000 4000 qinq 1830 1831

 user-vlan 1000 4000 qinq 1839

 user-vlan 1000 4000 qinq 1950 1951

 user-vlan 1000 4000 qinq 1990 1991

 user-vlan 1000 4000 qinq 1999

 bas

 #

 access-type layer2-subscriber default-domain authentication force xxxx-none

Suggestions

Check and analyze the causes of a user online failure. Get familiar with the product document.

END