Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
IPoE Lock Time

IPoE Lock Time

Created: Mar 2, 2021 17:46:20Latest reply: Mar 9, 2021 05:23:29 757 7 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Hello everyone!


I am implementing IPoE authentication.

I have a problem subscriber authentication is locked.


When authentication fails for any reason, the router locks for a new connection attempt for 5 minutes.


Would it be possible to decrease this locking time?


Router: NetEngine 8000 M8

Version: Version 8.200 (NetEngine 8000 V800R012C10SPC300)


My configuration

 domain ipoe
  authentication-scheme ipoe-auth
  accounting-scheme ipoe-acct
  radius-server group ipoe-radius-mcl
  ip-pool-group pool-ipoe-publico
  ip-pool-group pool-ipoe-cgnat
  ip-pool-group pool-ipoe-fixo
  ip-pool usage-status threshold low 50 high 90 all
  ipv6-pool pool-ipoe-pd
  ipv6-pool pool-ipoe-addr
  user-max-session 1
  dns primary-ipv6 2804:xxxx::1111
  dns second-ipv6 2804:xxxx::8888
  ipv6 nd autoconfig managed-address-flag
  ipv6 nd ra unicast
  ipv6 pd-address-release separate user-type ipoe


online-fail-record

  TESTE-aaa]display aaa online-fail-record username FHTT9538c020 count 2
  -------------------------------------------------------------------
  User name          : FHTT9538c020@ipoe
  Domain name        : ipoe
  User MAC           : 000c-2919-9a98
  User access type   : IPoE
  User interface     : Eth-Trunk1.2100
  User access PeVlan/CeVlan    : 2118/-
  User IP address    : -
  User ID            : 16640
  User authen state  : Authened
  User acct state    : AcctIdle
  User author state  : AuthorIdle
  User login time    : 2021-03-02 14:22:28
  Online fail reason : Up to user max session
  -------------------------------------------------------------------
  -------------------------------------------------------------------
  User name          : FHTT9538c020@ipoe
  Domain name        : ipoe
  User MAC           : 000c-2919-9a98
  User access type   : IPoE
  User interface     : Eth-Trunk1.2100
  User access PeVlan/CeVlan    : 2118/-
  User IP address    : -
  User ID            : 16704
  User authen state  : Authened
  User acct state    : AcctIdle
  User author state  : AuthorIdle
  User login time    : 2021-03-02 14:27:32
  Online fail reason : Up to user max session




Like (0) Dislike (0) Favorite(0) Share Report
Previous: LSA over OSPF
Next: Characteristics of IP Address
Featured Answers

Best answer

Recommended answer

(0) (0)
DDSN
Admin Created Mar 8, 2021 01:17:35

Hi
Please try to use the dhcp connection chasten command.

The dhcp connection chasten command limits the number of DHCP user connection requests.

By default, the device limits the number of connection requests from a DHCP user. Within 180 seconds, if the number of request packets for a DHCP user exceeds 10 or the number of authentication failure packets for a DHCP user exceeds 5, the DHCP user enters the suppression state, and the suppression time is 300 seconds.

You can refer to https://support.huawei.com/hedex/hdx.do?lib=EDOC1100168821AEJ1214K&docid=EDOC1100168821&lang=en&v=05&tocLib=EDOC1100168821AEJ1214K&tocV=05&id=EN-US_CLIREF_0314060418&tocURL=resources%252Fcommand%252F8090%252FSysChasten%2528DHCPIPOEOM%2529.html&p=t&fe=1&ui=3&keyword=dhcp%2Bconnection%2Bchasten

I hope it helps!

View more
  • x
  • convention:
All Answers
(0) (0)
2#
ariase88
ariase88 Admin Created Mar 2, 2021 18:02:45

Thanks for contacting the Huawei community!

We are checking your question and will provide an answer to you shortly...
View more
  • x
  • convention:
(0) (0)
3#
jason_hu
jason_hu Admin Created Mar 3, 2021 01:10:15

Hello,
Wait for the locked user to be automatically unlocked or ask the administrator to unlock the locked user.
1. In the AAA view, run the user-block reactive reactive-time command to configure the interval at which a user will be automatically unlocked. If the locking time for a user exceeds the time set in the configuration, the user will be automatically unlocked.
2. In the user view, run the activate aaa local-user user-name command to manually unlock the specified local user.
Hope to help you!

View more
  • x
  • convention:

user_4139313
user_4139313 Created Mar 3, 2021 11:51:09 (0) (0)
Hello,

the command "user-block reactive" seems to have effect only on local-user (SSH, FTP, ETC).

the command "activate aaa local-user" did not work for IPoE connections, returns the error "Error: The user does not exist."

would you have any other tips?  
(0) (0)
4#
DDSN
DDSN Admin Created Mar 3, 2021 13:15:09

Hi user_4139313,
According to your description, the user fails to go online because the maximum number of user sessions is reached. The user-max-session is set to 1. Increase the maximum number of sessions and try again.

View more
  • x
  • convention:
(0) (0)
5#
user_4139313
user_4139313 Created Mar 3, 2021 18:28:15

Hi DDSN,

The above error was just to demonstrate.
Locking for 5 minutes occurs for any other reason.
View more
  • x
  • convention:
(0) (0)
6#
DDSN
DDSN Admin Created Mar 8, 2021 01:17:35

Hi
Please try to use the dhcp connection chasten command.

The dhcp connection chasten command limits the number of DHCP user connection requests.

By default, the device limits the number of connection requests from a DHCP user. Within 180 seconds, if the number of request packets for a DHCP user exceeds 10 or the number of authentication failure packets for a DHCP user exceeds 5, the DHCP user enters the suppression state, and the suppression time is 300 seconds.

You can refer to https://support.huawei.com/hedex/hdx.do?lib=EDOC1100168821AEJ1214K&docid=EDOC1100168821&lang=en&v=05&tocLib=EDOC1100168821AEJ1214K&tocV=05&id=EN-US_CLIREF_0314060418&tocURL=resources%252Fcommand%252F8090%252FSysChasten%2528DHCPIPOEOM%2529.html&p=t&fe=1&ui=3&keyword=dhcp%2Bconnection%2Bchasten

I hope it helps!

View more
  • x
  • convention:
(0) (0)
7#
user_4139313
user_4139313 Created Mar 9, 2021 05:23:29


@DDSN It worked! Thanks!
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.