IPOE mac authentication with static ip adress

Created: Aug 13, 2018 14:26:11Latest reply: Aug 27, 2018 13:49:09 754 5 0 0
  Rewarded Hi-coins: 0 (problem resolved)
This post was last edited by Jaideva at 2018-08-13 15:45. NE40E-X8  IPOE mac authentication is working fine and getting the ip address from the ip pool but while assign the static ip address. am getting authentication request and authentication accepct request and there is no accounting request from huawei router, so Pls help me to reslove the issue.
  • x
  • convention:

Featured Answers
Fernandoizsa
Created Aug 27, 2018 13:49:09 Helpful(0) Helpful(0)

The MAC address authentication configuration takes effect on an interface only after MAC address authentication is enabled globally and on the interface.

I suggest verify the RADIUS Server configuration, are you using an Agile Controller ? I suggest verify the NE supported by the RADIUS.

In the common issues the NE is not supported by the RADIUS .
  • x
  • convention:

All Answers
StarOfWest
StarOfWest Created Aug 13, 2018 14:38:40 Helpful(0) Helpful(0)

hello,

Did you use the following guide from documentation to accomplish the IPoE feature with mac authentication?
http://support.huawei.com/hedex/pages/EDOC110000652031189908/03/EDOC110000652031189908/03/resources/software/nev8r10_vrpv8r16/user/ne/dc_ne_ipox_cfg_0009.html?ft=0&fe=10&hib=7.17.6.7.7&id=dc_ne_ipox_cfg_0009&text=Example%20for%20Configuring%20MAC%20Authentication&docid=EDOC1100006520

It's best to share the NE40 configuration to understand what could be the problem.
Did you capture packets to check if accounting request is not coming?
  • x
  • convention:

“We only get answers to the questions that we ask.” physicist Werner Heisenberg
Martian_superman
Martian_superman Created Aug 13, 2018 14:48:52 Helpful(0) Helpful(0)

from my understanding, accounting also should work for static ip address, I suggest you contact Huawei TAC, so that they can help you investigate further.
  • x
  • convention:

Jaideva
Jaideva Created Aug 13, 2018 15:44:07 Helpful(0) Helpful(0)

Posted by StarOfWest at 2018-08-13 14:38 hello, Did you use the following guide from documentation to accomplish the IPoE feature with mac au ...
Pls refer the configuration


radius-server group xxxx
radius-server shared-key-cipher %^%#xFL;2CH:X-}$F(&^Z~!7PJEe)&+tA-xvT`Rr@AWX%^%#
radius-server authentication xxxx 1812 weight 0
radius-server accounting xxxx 1813 weight 0
radius-server type plus11
radius-server source interface GigabitEthernet5/0/0
radius-server attribute translate
undo radius-server user-name domain-included
radius-server traffic-unit kbyte
radius-attribute include HW-Auth-Type
radius-attribute translate extend HW-Auth-Type vendor-specific 2011 109 access-request account

ip pool mypool bas local
gateway 10.55.0.1 255.255.255.0
section 0 10.55.0.2 10.55.0.254
dns-server 4.2.2.2 8.8.8.8

aaa
default-user-name template test include mac-address :

domain ipoe
authentication-scheme ipoe
accounting-scheme postauth
radius-server group xxxx
ip-pool mypool
mac-authentication enable


interface GigabitEthernet5/0/1.508
user-vlan 508
bas
#
access-type layer2-subscriber default-domain authentication ipoe
authentication-method bind
ip-trigger
arp-trigger
default-user-name-template test

Radius debug
Aug 13 2018 19:22:42.565 xxxx-BNG %BRASRDS/7/BRRDS_DBG_PACKET(d):VS=Admin-VS-CID=0x8398041b;
Radius Sent a Packet
Server Template: 0
Server IP : xxxx
NAS IP : xxxx
Vpn-Instance: -
Server Port : 1812
NAS Port : 1812
Protocol: Portal
Code : Authentication request
Len : 277
ID : 226
[User-Name(1) ] [16] [0495:e64f:1078]
[User-Password(2) ] [18] [******]
[NAS-Port(5) ] [6 ] [83890684]
[NAS-IP-Address(4) ] [6 ] [xxxx]
[Service-Type(6) ] [6 ] [2] [Framed]
[Framed-Protocol(7) ] [6 ] [1] [PPP]
[Calling-Station-Id(31) ] [19] [04:95:e6:4f:10:78]
[NAS-Identifier(32) ] [12] [xxxx]
[NAS-Port-Type(61) ] [6 ] [15] [Ethernet]
[NAS-Port-Id(87) ] [37] [slot=5;subslot=0;port=1;vlanid=508;]



Aug 13 2018 19:22:42.565 xxxx-BNG %BRASRDS/7/BRRDS_DBG_PACKET(d):VS=Admin-VS-CID=0x8398041b;
[Acct-Session-Id(44) ] [35] [xxxx-05001050800000c2e071008700]
[Connect-Info(77) ] [12] [1000000000]
[HW-NAS-Startup-Time-Stamp(Huawei-59)] [6 ] [1531471198]
[HW-IP-Host-Address(Huawei-60) ] [35] [255.255.255.255 04:95:e6:4f:10:78]
[HW-Connect-ID(Huawei-26) ] [6 ] [34560]
[HW-Domain-Name(Huawei-138) ] [6 ] [ipoe]
[HW-User-Mac(Huawei-153) ] [19] [04:95:e6:4f:10:78]



Aug 13 2018 19:22:42.767 xxxx-BNG %BRASRDS/7/BRRDS_DBG_PACKET(d):VS=Admin-VS-CID=0x8398041b;
Radius Received a Packet
Server Template: 0
Server IP : xxxx
NAS IP : xxxx
Vpn-Instance: -
Server Port : 1812
NAS Port : 1812
Protocol: Portal
Code : Authentication accept
Len : 62
ID : 226
[Service-Type(6) ] [6 ] [2] [Framed]
[Session-Timeout(27) ] [6 ] [2678286]
[HW-Input-Committed-Information-Rate(Huawei-2)] [6 ] [52428800]
[HW-Output-Committed-Information-Rate(Huawei-5)] [6 ] [52428800]
[Framed-IP-Address(8) ] [6 ] [10.55.0.2]

  • x
  • convention:

StarOfWest
StarOfWest Created Aug 14, 2018 10:45:47 Helpful(0) Helpful(0)

Configuration seems correct from my perspective.
it's best to ask TAC for help. Check this link for contact:
http://e.huawei.com/en/service-hotline-query
  • x
  • convention:

“We only get answers to the questions that we ask.” physicist Werner Heisenberg
Fernandoizsa
Fernandoizsa Created Aug 27, 2018 13:49:09 Helpful(0) Helpful(0)

The MAC address authentication configuration takes effect on an interface only after MAC address authentication is enabled globally and on the interface.

I suggest verify the RADIUS Server configuration, are you using an Agile Controller ? I suggest verify the NE supported by the RADIUS.

In the common issues the NE is not supported by the RADIUS .
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login