No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Some Home Users Fail to Go Online When Free Authentication is Enabled on an OLT

Publication Date:  2019-04-19 Views:  39 Downloads:  0
Issue Description

A customer provides feedback that after services are migrated from an OLT to a BGN, some users fail to go online. After the involved sub-interface is enabled with free authentication, the problem persists.

The related configuration is as follows:

domain 139.gd-none

  authentication-scheme auth-gmcc-none

  accounting-scheme acc-gmcc-none

  ip-pool pppoe-nat-pool1

  qos-profile 10m inbound

  qos-profile 10m outbound

  user-group pppoe-nat-group1 bind nat instance pppoe_nat_instance1

  user-group pppoe-nat-group2 bind nat instance pppoe_nat_instance2

  portal-server 211.139.145.129 

 

 accounting-scheme acc-gmcc-none          

  accounting-mode none

 authentication-scheme auth-gmcc-none

  authentication-mode none

 

interface Eth-Trunk100.600

 description O-PPPOE-DBDYJZ-OLT001-NF024-Backup

 traffic-policy urpf inbound

 user-vlan 1000 4000 qinq 1820 1821

 user-vlan 1000 4000 qinq 1830 1831

 user-vlan 1000 4000 qinq 1839

 user-vlan 1000 4000 qinq 1950 1951

 user-vlan 1000 4000 qinq 1990 1991

 user-vlan 1000 4000 qinq 1999

 bas

 #

  access-type layer2-subscriber default-domain authentication 139.gd-none

Handling Process

Check whether the client configuration is normal. On the BAS, check the causes of the user online failure.

disp aaa online-fail-record interface Eth-Trunk 100.600

  -------------------------------------------------------------------

  User name          : 38300302014@139.gd

  Domain name        : 139.gd

  User MAC           : 00e2-6904-3076

  User access type   : PPPoE

  User interface     : Eth-Trunk100.600

  User access PeVlan/CeVlan    : 1820/1378

  User IP address    : -

  User ID            : 257137

  User authen state  : Authened

  User acct state    : AcctIdle

  User author state  : AuthorIdle

  User login time    : 2017-11-30 20:22:04

  Online fail reason : RADIUS authentication reject

  Reply Message      : 44|-1|Error code 86: The call is suppressed, and the account fails in access.

 

The domain name for user access is still 139.gd. It is doubted that a domain name has been entered during user dialup. Check whether the user who fails in network access carries the domain name 139.gd. Authentication fails to be performed on 139.gd-noe. As a result, user access fails.

Root Cause

The user who fails in network access carries the domain name 139.gd. Authentication fails to be performed on 139.gd-noe, and the force parameter must be added.

Solution

The user who fails in network access carries the domain name 139.gd. Authentication fails to be performed on 139.gd-noe, and the force parameter must be added.

force

Specifies the forcible authentication domain.

A user uses the authentication scheme configured in this domain, irrespective of whether the user name contains a domain name or what the domain name is. If the user name contains a domain name, the domain name remains unchanged during authentication; if the user name does not contain a domain name, the mandatory authentication domain name is added to the user name.

This parameter does not apply to EAP authentication users.

 

interface Eth-Trunk100.600

 description O-PPPOE-DBDYJZ-OLT001-NF024-Backup

 traffic-policy urpf inbound

 user-vlan 1000 4000 qinq 1820 1821

 user-vlan 1000 4000 qinq 1830 1831

 user-vlan 1000 4000 qinq 1839

 user-vlan 1000 4000 qinq 1950 1951

 user-vlan 1000 4000 qinq 1990 1991

 user-vlan 1000 4000 qinq 1999

 bas

 #

 access-type layer2-subscriber default-domain authentication force 139.gd-none

Suggestions

Check and analyze the causes of a user online failure. Get familiar with the product document.

END