No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


Login of Multiple Users Using One Account Was not Allowed on ME60 When user-max-session and Port-Limit Were Configured

Publication Date:  2013-10-30 Views:  100 Downloads:  0
Issue Description

Version: all applicable versions


STB-ME60- RADIUS server

In the domain of a site, the user-max-session 3 command was run to allow three users to use the same account for login. In the testing, customers found that only one user was allowed for login.

Equipment configuration:

domain draco

  authentication-scheme draco

  accounting-scheme draco

  ip-pool draco1

  ip-pool draco2

  ip-pool draco3

  user-max-session 3//A maximum of three users were allowed to use the same account for login.

  radius-server group draco


interface GigabitEthernet2/0/0.100

pppoe-server bind Virtual-Template 1

description Sbb3-Res

user-vlan 100



  access-type layer2-subscriber

  permit-domain draco backbone



interface GigabitEthernet2/0/0.502

pppoe-server bind Virtual-Template 1

description Sbb4-Res

user-vlan 502



  access-type layer2-subscriber default-domain authentication draco

  permit-domain draco backbone

Handling Process

Huawei identified the possible causes of the issue as follows:

1. The user-max-session command configuration did not take effect.

2. The Port-Limit attribute had been applied by the RADIUS server.

Huawei then concluded that cause 2 was the reason.

Checked the trace information of the user using the same account on the ME60. For details, see the attachment.

[trace info:

  Radius Received a Packet

  Server Template: 0

  Server IP   :

  Vpn-Instance: -

  Server Port : 1645

  NAS Port    : 1812

  Protocol: Standard

  Code    : Authentication accept

  Len     : 112

  ID      : 8

  [Class(25)                          ] [34] [01000000010000000500000005000000]

  [Service-Type(6)                    ] [6 ] [2]

  [Framed-MTU(12)                     ] [6 ] [1500]

  [Framed-Protocol(7)                 ] [6 ] [1]

  [Unknown-attr(13)                   ] [6 ] [00000001]

  [Termination-Action(29)             ] [6 ] [0]

  [Port-Limit(62)                     ] [6 ] [1]

  [Unknown-attr(3199-2)               ] [16] [5245534944454e4349414c2d3131]]


Huawei found that the RADIUS authentication reply message carried the Port-Limit attribute that modified the maximum number of allowed users to 1. Therefore, only one user was allowed.


Users could also run the display access-user user-id xx command to view the information about the online users. 

User session (limit,online)   : (1,1) 

"Limit" indicates the number of users configured running the user-max-session command or the value of the Port-Limit attribute applied by the RADIUS server. "Online" indicates the number of online users using the same account.
Root Cause
The RADIUS server applied the Port-Limit attribute.
Huawei modified the Port-Limit attribute.
If the user-max-session command and Port-Limit are both applied, the Port-Limit value always takes effect first.