Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Problem to deliver IP to ...

Problem to deliver IP to client with RADIUS Framed-ip parameter on IPoE environment

Created: Jul 10, 2019 20:05:09Latest reply: Jul 11, 2019 15:25:49 1071 4 0 0 0
  Rewarded HiCoins: 0 (problem resolved)
View the author 1#

Dear All,




I have a NE20E-S2F configured to operate PPPoE in some interfaces and IPoE in other ones.




If I send the radius attribute Framed-IP-Address=191.xx.xx.132 to a client connecting with PPPoE, the IP is received and works fine.




But, when I send the same parameter to a client who is connecting with IPoE, I see this message:




[~NAS-BEMBARATOSBC]dis aaa online-fail-record username 1500/2/3/4447535421400E6D


  -------------------------------------------------------------------


  User name          : 1500/2/3/4447535421400E6D@panda


  Domain name        : panda


  User MAC           : 64d1-543e-327c


  User access type   : IPoE


  User interface     : GigabitEthernet0/3/2.1700


  User access PeVlan/CeVlan    : 1700/-


  User IP address    : -


  User ID            : 25605


  User authen state  : Authened


  User acct state    : AcctIdle


  User author state  : AuthorIdle


  User login time    : 2019-07-10 08:57


  Online fail reason : Radius alloc incorrect IP


  -------------------------------------------------------------------




Here are the configurations of interfaces:




interface Eth-Trunk1.1700


 description IPOE-CLIENTE


 ipv6 enable


 ipv6 address auto link-local


 user-vlan 1700


 ipv6 nd autoconfig managed-address-flag


 ipv6 nd autoconfig other-flag


 bas


 #


  access-type layer2-subscriber default-domain authentication panda


  client-option82


  authentication-method bind


  authentication-method-ipv6 bind


 #


#


interface GigabitEthernet0/3/2.1200


 description Teste PPPoE


 ipv6 enable


 ipv6 address auto link-local


 user-vlan 1200


 pppoe-server bind Virtual-Template 1


 ipv6 nd autoconfig managed-address-flag


 ipv6 nd autoconfig other-flag


 bas


 #


  access-type layer2-subscriber


  default-domain authentication ppp-user panda


  ipv6 nd ra unicast


 #


#




And here are domain configurations




 domain panda


  authentication-scheme auth


  accounting-scheme acct1


  radius-server group rd1


  ip-pool pool_cgnat


#




ip pool pool_cgnat bas local


 gateway 100.68.0.1 255.255.224.0


 section 0 100.68.0.2 100.68.31.254


 dns-server 8.8.8.8 8.8.4.4


#


Where is my mistake?

NE20IPoEBRASFramed-IP

Like (0) Dislike (0) Favorite(0) Share Report
Previous: configuration vanished "ppp pap local-user"
Next: how many vlans can be created on S6720-30C-EI-24S-AC
Featured Answers

Best answer

(0) (0)
chenhui
Admin Created Jul 11, 2019 08:34:11

@LuizPuppin Hi,
radius alloc incorrect ip
please check the if the allocated IP address by the radius server exist on the router.
View more

This article contains more resources

You need to log in to download or view. No account? Register

x
  • x
  • convention:
All Answers
(0) (0)
2#
jason_hu
jason_hu Admin Created Jul 11, 2019 02:40:13

Hi,This is a question about the failure of AAA authentication
View more
  • x
  • convention:
(0) (0)
3#
LuizPuppin
LuizPuppin HCIE Author Created Jul 11, 2019 05:23:02

Posted by jason_hu at 2019-07-10 15:40 Hi,This is a question about the failure of AAA authentication
Yes, but this failure occur only when I send IP address via radius parameter FRAMED-IP to IPoE users. If the same IPoE users try to connect without this parameter, auth is Ok and recieve IP from local pool.
If I send the same parameter to a PPPoE user I don't have any problem and IP is configured by radius server, instead local pool
View more
  • x
  • convention:
(0) (0)
4#
chenhui
chenhui Admin Created Jul 11, 2019 08:34:11

@LuizPuppin Hi,
radius alloc incorrect ip
please check the if the allocated IP address by the radius server exist on the router.
View more

This article contains more resources

You need to log in to download or view. No account? Register

x
  • x
  • convention:
(0) (0)
5#
LuizPuppin
LuizPuppin HCIE Author Created Jul 11, 2019 15:25:49

Posted by chenhui at 2019-07-10 21:34 @LuizPuppin Hi,please check the if the allocated IP address by the radius server exist on the router ...
Ok, using your tip, I created a IP_POOL and now is working with IPoE too. Here are the configurations:

ip pool pool_valido01 bas local
gateway 191.x.x.1 255.255.255.0
section 0 191.x.x.2 191.x.x.254
dns-server 8.8.8.8 8.8.4.4
frame-ip lease manage

domain panda
authentication-scheme auth
accounting-scheme acct1
radius-server group rd1
ip-pool pool_cgnat
ip-pool pool_valido01

dhcp frame-ip support reply-option82
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.