Есть ASR1006-X в качестве BRAS. Клиенты L2 IPoE.
Интерфейсы в сторону клиентов настроены так:
Код:
!
policy-map type control IPoE-SUBSCRIBER-CONTROL
class type control IPoE-UNAUTH-CLASS event timed-policy-expiry
10 service disconnect
!
class type control always event session-start
10 authorize aaa list IPoE-AAA password isg-radius-key identifier source-ip-address
90 set-timer IPoE-UNAUTH-TIMER 10
110 service-policy type service name IPoE-OPENGARDEN-POLICY
210 service-policy type service name IPoE-REDIRECT-POLICY
!
class type control always event session-restart
10 authorize aaa list IPoE-AAA password isg-radius-key identifier source-ip-address
90 set-timer IPoE-UNAUTH-TIMER 10
110 service-policy type service name IPoE-OPENGARDEN-POLICY
210 service-policy type service name IPoE-REDIRECT-POLICY
!
class type control always event radius-timeout
90 set-timer IPoE-UNAUTH-TIMER 5
100 service-policy type service name IPoE-FORWARD-POLICY
!
class type control always event account-logoff
10 service disconnect delay 10
!
class type control always event access-reject
90 set-timer IPoE-UNAUTH-TIMER 10
110 service-policy type service name IPoE-OPENGARDEN-POLICY
210 service-policy type service name IPoE-REDIRECT-POLICY
220 service-policy type service name IPoE-FORWARD-LITE-POLICY
!
class type control always event service-failed
10 log-session-state aaa list IPoE-AAA
!
!
interface Port-channel1.500
description "== ACCESS SUBSCRIBERS INTERFACE SVLAN:500 =="
encapsulation dot1Q 500 second-dot1q any
ip dhcp relay information option server-id-override
ip dhcp relay information option-insert
ip dhcp relay information policy-action replace
ip unnumbered Loopback0
ip helper-address IP_HELPER
ip nat inside
ip access-group SUBSCRIBER-FILTER-NETWORKS in
no ip route-cache same-interface
arp timeout 43200
service-policy type control IPoE-SUBSCRIBER-CONTROL
ip subscriber l2-connected
initiator unclassified mac-address
initiator dhcp
end
В общем случае, всё работает отлично, когда клиент стартует по DHCP. Но бывает ситуация, когда клиент в силу каких то обстоятельств приходит на BRAS без DHCP, а со статикой. В этом случае как повезёт, но клиент в 90% остаётся неавторизован на BRAS
судя по дебагу, в момент когда клиент не может авторизоваться - BRAS просто не видит трафик от клиента. Первым пакетом от клиента в этот момент идёт ARP Request на адрес BRAS и он ему не отвечает.
В статистике дропов вижу примерно такое и я так понимаю, он дропает ARP?:
Код:
#show platform hardware qfp active statistics drop
-------------------------------------------------------------------------
Global Drop Stats Packets Octets
-------------------------------------------------------------------------
BadIpChecksum 2135 438693
Discard 10184612 1094010568
EsfDrlDrop 651243993 964953367007
EsfL4rTransSessLimit 155278 13073384
EsfTcDrop 29598543 8000806822
EssBadSessUidb 2112328 162173852
EssIpsubDrop 1 387
EssIpsubFsolDrop 132776765 65954988780
EssIpsubKaDrop 35 2266
ForUs 356200871 31076504538
Icmp 102938 13727969
IpFormatErr 7671 1554547
IpTtlExceeded 1319295 95841413
IpsecInput 274 67373
Ipv4Acl 286941 77528979
Ipv4Martian 80929 13622861
Ipv4NoAdj 537833 54044813
Ipv4Unclassified 191566 94593033
MacMcastIpNonmcast 1855 792242
NatIn2out 2256747 225914236
PuntPerCausePolicerDrops 816313 81679664
QosPolicing 2857 581615
ReassBadLen 1081 74595
ReassDrop 2365876 1792574554
ReassNoFragInfo 2355400 1977653057
ReassOverlap 48 30739
ReassTimeout 1170653 13923671
TooManyIPv4ReassSession 53 70920
UnconfiguredIpv4Fia 1316972 355086647
UnconfiguredIpv6Fia 15490473 1952760700
#show platform hardware qfp active infrastructure punt statistics type per-cause
Global Per Cause Statistics
Number of punt causes = 110
Per Punt Cause Statistics
Packets Packets
Counter ID Punt Cause Name Received Transmitted
------------------------------------------------------------------------------------------------
...
007 ARP request or response 235664452 116568662
...
пример, когда сессия не запустилась. у клиента перевел интерфейс с DHCP на статику:
Код:
007110: Mar 15 17:25:03.620 GMT: SSS MGR [uid:4942]: Sending a Session Update ID Mgr request
007111: Mar 15 17:25:03.620 GMT: SSS MGR [uid:4942]: Updating ID Mgr with the following data- smgr hdl0xC9010697 :
remote-id-tag 0 "030c000064400001f10001f40a3b"
007112: Mar 15 17:25:03.620 GMT: SSS MGR [uid:4942]: ID Mgr returned status: 'updated' for Session Update
007113: Mar 15 17:25:03.620 GMT: SSS MGR [uid:4942]: Processing a client disconnect
007114: Mar 15 17:25:03.620 GMT: SSS MGR [uid:4942]: Handling Send Service Disconnect action
007115: Mar 15 17:25:03.620 GMT: SSS MGR [uid:4942]: Framed ip/pbhk attributes gathering complete for ctx 7F7B697AF230
007116: Mar 15 17:25:03.620 GMT: SSS MGR [uid:4942]: Framed ip/pbhk attributes gathering complete for ctx 7F7B7520A648
007117: Mar 15 17:25:03.621 GMT: SSS INFO: Element type is IETF-Disc-Cause = 1 (00000001)
007118: Mar 15 17:25:03.621 GMT: SSS INFO: Element type is Ascend-Disc-Cause = 9 (00000009)
007119: Mar 15 17:25:03.621 GMT: SSS MGR [uid:4942]: Handling Disconnecting, Network Service Feature Clean action
007120: Mar 15 17:25:03.621 GMT: SSS MGR [uid:4942]: Disconnect ack sent
007121: Mar 15 17:25:03.622 GMT: SSS MGR [uid:4942]: Sending a Session End ID Mgr request
007122: Mar 15 17:25:03.622 GMT: SSS MGR [uid:4942]: ID Mgr returned status: 'deleted' for Session End
007123: Mar 15 17:25:03.622 GMT: SSS MGR [uid:4942]: Publish session done aaa 267363, uid 4942
007124: Mar 15 17:25:03.622 GMT: IP Subscriber Module Debug: Condition 1, mac-address 0050.5686.fd5e cleared, count 0
007125: Mar 15 17:25:03.623 GMT: DHCP SIP Module Debug: Condition 1, mac-address 0050.5686.fd5e cleared, count 0
через 2 минуты, сделал тоже самое и чудо произошло
Код:
007198: Mar 15 17:29:34.718 GMT: SSS MGR [uid:1416]: Sending a Session Update ID Mgr request
007199: Mar 15 17:29:34.718 GMT: SSS MGR [uid:1416]: Updating ID Mgr with the following data- smgr hdl0x5A03005F :
remote-id-tag 0 "030c000064400001f10001f40a3b"
007200: Mar 15 17:29:34.718 GMT: SSS MGR [uid:1416]: ID Mgr returned status: 'updated' for Session Update
007201: Mar 15 17:29:34.719 GMT: SSS MGR [uid:1416]: Processing a client disconnect
007202: Mar 15 17:29:34.719 GMT: SSS MGR [uid:1416]: Handling Send Service Disconnect action
007203: Mar 15 17:29:34.719 GMT: SSS MGR [uid:1416]: Framed ip/pbhk attributes gathering complete for ctx 7F7B6909FD58
007204: Mar 15 17:29:34.719 GMT: SSS MGR [uid:1416]: Framed ip/pbhk attributes gathering complete for ctx 7F7B6909E618
007205: Mar 15 17:29:34.719 GMT: SSS INFO: Element type is IETF-Disc-Cause = 1 (00000001)
007206: Mar 15 17:29:34.719 GMT: SSS INFO: Element type is Ascend-Disc-Cause = 9 (00000009)
007207: Mar 15 17:29:34.720 GMT: SSS MGR [uid:1416]: Handling Disconnecting, Network Service Feature Clean action
007208: Mar 15 17:29:34.720 GMT: SSS MGR [uid:1416]: Disconnect ack sent
007209: Mar 15 17:29:34.720 GMT: SSS MGR [uid:1416]: Sending a Session End ID Mgr request
007210: Mar 15 17:29:34.720 GMT: SSS MGR [uid:1416]: ID Mgr returned status: 'deleted' for Session End
007211: Mar 15 17:29:34.720 GMT: SSS MGR [uid:1416]: Publish session done aaa 267433, uid 1416
007212: Mar 15 17:29:34.721 GMT: IP Subscriber Module Debug: Condition 1, mac-address 0050.5686.fd5e cleared, count 0
007213: Mar 15 17:29:34.721 GMT: DHCP SIP Module Debug: Condition 1, mac-address 0050.5686.fd5e cleared, count 0
007214: Mar 15 17:29:38.068 GMT: IP Subscriber Module Debug: Condition 1, mac-address 0050.5686.fd5e triggered, count 1
007215: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: using named author method list "IPoE-AAA"
007216: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: using set aaa password "isg-radius-key"
007217: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Root SIP IP
007218: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Enable IP parsing
007219: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Enable DHCP parsing
007220: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Enable IP-Interface parsing
007221: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Event <make request>, state changed from idle to authorizing
007222: Mar 15 17:29:38.068 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Active key set to source-ip-address
007223: Mar 15 17:29:38.069 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Authorizing key 100.64.1.235
007224: Mar 15 17:29:38.069 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Set authorization profile type default - user
007225: Mar 15 17:29:38.069 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: AAA request sent for key 100.64.1.235
007226: Mar 15 17:29:38.074 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: TAL authorisation keys added
007227: Mar 15 17:29:38.074 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Received an AAA pass
007228: Mar 15 17:29:38.074 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: [7F7B80BA9EC8]:Reply message not exist
007229: Mar 15 17:29:38.074 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Parsed AAA interim interval = 1800
007230: Mar 15 17:29:38.074 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: SIP IP[7F7C9F69FC10] parsed as Success
007231: Mar 15 17:29:38.074 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: SIP IP[7F7C9F6FB420] parsed as Ignore
007232: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: SIP DHCP[7F7C9F6FB420] parsed as Ignore
007233: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Event <service not found>, state changed from authorizing to complete
007234: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: No service authorization info found
007235: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Active Handle present - 91000E57
007236: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Freeing Active Handle; SSS Policy Context Handle = F900032A
007237: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Event <free request>, state changed from complete to terminal
007238: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [uid:12932][AAA ID:267525]: Cancel request
007239: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: Root SIP IP
007240: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: Enable IP parsing
007241: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: Enable DHCP parsing
007242: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: Enable IP-Interface parsing
007243: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: Enable Web-service-logon parsing
007244: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: SIP IP[7F7C9F69FC10] parsed as Ignore
007245: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: SIP IP[7F7C9F6FB420] parsed as Ignore
007246: Mar 15 17:29:38.075 GMT: SSS AAA AUTHOR [0][AAA ID:0]: SIP DHCP[7F7C9F6FB420] parsed as Ignore
007247: Mar 15 17:29:38.077 GMT: SSS MGR [uid:12932]: Handling Local Service Connected action
007248: Mar 15 17:29:38.077 GMT: SSS MGR [uid:12932]: Apply: segment 2040749, owner 1728316690
007249: Mar 15 17:29:38.077 GMT: SSS MGR [uid:12932]: Interface config 7F7B64C24B18
007250: Mar 15 17:29:38.077 GMT: SSS MGR [uid:12932]: Service Profile config 7F7B67298ED8
007251: Mar 15 17:29:38.077 GMT: SSS MGR [uid:12932]: Per-user config B903026E
007252: Mar 15 17:29:38.077 GMT: SSS MGR [uid:12932]: FM Segment Alloc: segment 2040749, owner 1728316690, target cca type 0, target handle 0, cids(0,1)
007253: Mar 15 17:29:38.077 GMT: SSS MGR [uid:12932]: Handling Local Service Connected, Features Applied action
007254: Mar 15 17:29:38.078 GMT: IP Subscriber Module Debug: Condition 1, mac-address 0050.5686.fd5e cleared, count 0
007255: Mar 15 17:29:38.078 GMT: IP Subscriber Module Debug: Condition 1, mac-address 0050.5686.fd5e triggered, count 1
007256: Mar 15 17:29:38.078 GMT: SSS LTERM [uid:12932]: Switching session updated
007257: Mar 15 17:29:38.078 GMT: SSS MGR [uid:12932]: Handling Action Ignore for client-updated
007258: Mar 15 17:29:38.081 GMT: SSS MGR [uid:12932]: Handling Action Ignore for client-updated
как есть какие то лимиты на этот случай? как поправить это?