IPoE terminate-cause nas-request

[roysbike]

Добрый день. Есть такая проблема. В радиус прилетает каждые 2-4 мин stop сессии с terminate-cause = nas-request
Замечено пока только у двух клиентов и у обоих ноубуки HP (может совпадение)

Code: Select all

[2015-03-13 13:55:09]:  info: bond1.198.1517: recv [DHCPv4 Request xid=9d6ddb44 ciaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:55:09]:  info: bond1.198.1517: send [DHCPv4 Ack xid=9d6ddb44 ciaddr=172.30.83.83 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Ack> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]
root@ipoe4:/var/log/accel-ppp# tail -n500 /var/log/accel-ppp/accel-ppp.log | grep bond1.198.1517
[2015-03-13 13:55:09]:  info: bond1.198.1517: recv [DHCPv4 Request xid=9d6ddb44 ciaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:55:09]:  info: bond1.198.1517: send [DHCPv4 Ack xid=9d6ddb44 ciaddr=172.30.83.83 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Ack> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]
[2015-03-13 13:55:39]:  info: bond1.198.1517: recv [DHCPv4 Request xid=f2dddf7c ciaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:55:39]:  info: bond1.198.1517: send [DHCPv4 Ack xid=f2dddf7c ciaddr=172.30.83.83 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Ack> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]
[2015-03-13 13:56:03]: debug: bond1.198.1517: terminate
[2015-03-13 13:56:03]:  info: bond1.198.1517: recv [DHCPv4 Discover xid=b67c95d7 chaddr=e0:06:e6:11:67:16 <Message-Type Discover> <Client-ID 01e006e6116716> <Host-Name ADMIN-UOPS93N3K> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:03]:  info: bond1.198.1517: send [RADIUS(1) Accounting-Request id=1 <User-Name "bond1.198.1517"> <NAS-Identifier "ipoe"> <NAS-IP-Address 172.31.0.4> <NAS-Port 16930> <NAS-Port-Id "bond1.198.1517"> <NAS-Port-Type Ethernet> <Calling-Station-Id "a0:b3:cc:79:40:d5"> <Called-Station-Id "bond1.198.1517"> <Acct-Status-Type Stop> <Acct-Authentic RADIUS> <Acct-Session-Id "d86e0db34f3d294f"> <Acct-Session-Time 83> <Acct-Input-Octets 23973> <Acct-Output-Octets 14417> <Acct-Input-Packets 244> <Acct-Output-Packets 112> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 172.30.83.83> <Acct-Terminate-Cause NAS-Request>]
[2015-03-13 13:56:03]:  info: bond1.198.1517: pppd_compat: ip-down started (pid 25152)
[2015-03-13 13:56:03]:  info: bond1.198.1517: send [RADIUS(1) Access-Request id=1 <User-Name "bond1.198.1517"> <NAS-Identifier "ipoe"> <NAS-IP-Address 172.31.0.4> <NAS-Port 16930> <NAS-Port-Id "bond1.198.1517"> <NAS-Port-Type Ethernet> <Calling-Station-Id "e0:06:e6:11:67:16"> <Called-Station-Id "bond1.198.1517"> <User-Password >]
[2015-03-13 13:56:03]:  info: bond1.198.1517: recv [DHCPv4 Discover xid=b67c95d7 chaddr=e0:06:e6:11:67:16 <Message-Type Discover> <Client-ID 01e006e6116716> <Host-Name ADMIN-UOPS93N3K> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:03]:  info: bond1.198.1517: pppd_compat: ip-down finished (0)
[2015-03-13 13:56:03]:  info: bond1.198.1517: ipoe: session finished
[2015-03-13 13:56:03]:  info: bond1.198.1517: recv [RADIUS(1) Access-Accept id=1 <Framed-IP-Address 10.10.27.94> <Framed-IP-Netmask 255.255.255.255>]
[2015-03-13 13:56:03]:  info: bond1.198.1517: bond1.198.1517: authentication succeeded
[2015-03-13 13:56:03]:  info: bond1.198.1517: send [DHCPv4 Offer xid=b67c95d7 yiaddr=10.10.27.94 chaddr=e0:06:e6:11:67:16 <Message-Type Offer> <Server-ID 10.10.16.4> <Lease-Time 60> <Router 10.10.16.4> <Subnet 255.255.240.0> <DNS 172.29.0.4,10.10.254.253>]
[2015-03-13 13:56:09]: debug: bond1.198.1517: recv [DHCPv4 Request xid=c6e1b561 ciaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:09]: debug: bond1.198.1517: terminate
[2015-03-13 13:56:09]:  info: bond1.198.1517: ipoe: session finished
[2015-03-13 13:56:09]:  info: bond1.198.1517: recv [DHCPv4 Discover xid=f481a8c4 chaddr=a0:b3:cc:79:40:d5 <Message-Type Discover> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: send [RADIUS(1) Access-Request id=1 <User-Name "bond1.198.1517"> <NAS-Identifier "ipoe"> <NAS-IP-Address 172.31.0.4> <NAS-Port 16930> <NAS-Port-Id "bond1.198.1517"> <NAS-Port-Type Ethernet> <Calling-Station-Id "a0:b3:cc:79:40:d5"> <Called-Station-Id "bond1.198.1517"> <User-Password >]
[2015-03-13 13:56:09]:  info: bond1.198.1517: recv [DHCPv4 Discover xid=f481a8c4 chaddr=a0:b3:cc:79:40:d5 <Message-Type Discover> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: recv [RADIUS(1) Access-Accept id=1 <Framed-IP-Address 172.30.83.83> <Acct-Interim-Interval 0>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: bond1.198.1517: authentication succeeded
[2015-03-13 13:56:09]:  info: bond1.198.1517: send [DHCPv4 Offer xid=f481a8c4 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Offer> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: recv [DHCPv4 Request xid=f481a8c4 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Request-IP 172.30.83.83> <Server-ID 172.30.0.4> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: send [RADIUS(1) Accounting-Request id=1 <User-Name "bond1.198.1517"> <NAS-Identifier "ipoe"> <NAS-IP-Address 172.31.0.4> <NAS-Port 16930> <NAS-Port-Id "bond1.198.1517"> <NAS-Port-Type Ethernet> <Calling-Station-Id "a0:b3:cc:79:40:d5"> <Called-Station-Id "bond1.198.1517"> <Acct-Status-Type Start> <Acct-Authentic RADIUS> <Acct-Session-Id "d86e0db34f3d2954"> <Acct-Session-Time 0> <Acct-Input-Octets 0> <Acct-Output-Octets 0> <Acct-Input-Packets 0> <Acct-Output-Packets 0> <Acct-Input-Gigawords 0> <Acct-Output-Gigawords 0> <Framed-IP-Address 172.30.83.83>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: send [DHCPv4 Ack xid=f481a8c4 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Ack> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: recv [DHCPv4 Request xid=f481a8c4 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Request-IP 172.30.83.83> <Server-ID 172.30.0.4> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: send [DHCPv4 Ack xid=f481a8c4 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Ack> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]
[2015-03-13 13:56:09]:  info: bond1.198.1517: recv [RADIUS(1) Accounting-Response id=1]
[2015-03-13 13:56:09]:  info: bond1.198.1517: ipoe: session started
[2015-03-13 13:56:09]:  info: bond1.198.1517: pppd_compat: ip-up started (pid 25381)
[2015-03-13 13:56:09]:  info: bond1.198.1517: pppd_compat: ip-up finished (0)
[2015-03-13 13:56:39]:  info: bond1.198.1517: recv [DHCPv4 Request xid=db848500 ciaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:56:39]:  info: bond1.198.1517: send [DHCPv4 Ack xid=db848500 ciaddr=172.30.83.83 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Ack> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]
[2015-03-13 13:57:09]:  info: bond1.198.1517: recv [DHCPv4 Request xid=37e89df3 ciaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Request> <Client-ID 01a0b3cc7940d5> <Host-Name ADMIN-UOPS93N3K> <Option-81 00000041444d494e2d554f505339334e334b> <Vendor-Class 4d53465420352e30> <Request-List Subnet,Domain-Name,Router,DNS,44,46,47,31,Route,Classless-Route,249,Vendor-Specific>]
[2015-03-13 13:57:09]:  info: bond1.198.1517: send [DHCPv4 Ack xid=37e89df3 ciaddr=172.30.83.83 yiaddr=172.30.83.83 chaddr=a0:b3:cc:79:40:d5 <Message-Type Ack> <Server-ID 172.30.0.4> <Lease-Time 60> <Router 172.30.0.4> <Subnet 255.255.0.0> <DNS 172.29.0.4,10.10.254.253>]

Code: Select all

[ipoe]
#noauth=1
verbose=5
username=ifname
lease-time=60
max-lease-time=600
shared=0
ifcfg=0
mode=L2
start=dhcpv4
proxy-arp=1
proto=100
attr-dhcp-client-ip=Framed-IP-Address
gw-ip-address=172.30.0.4/16
gw-ip-address=10.10.16.4/20

vlan-timeout=600
vlan-name=%I.%N


vlan-mon=re:bond1.*,1001-4090
interface=re:bond1.*.[1-4][0-9][0-9][0-9]

[roysbike]

Увидел в логах, что сначала ему отдается ip 10.10.27.94. Это гостевой IP , если не совпадает пара mac+vlan. Не понятно пока от куда взялса mac

Code: Select all

[2015-03-13 13:56:03]:  info: bond1.198.1517: recv [RADIUS(1) Access-Accept id=1 <Framed-IP-Address 10.10.27.94> <Framed-IP-Netmask 255.255.255.255>]
[2015-03-13 13:56:03]:  info: bond1.198.1517: bond1.198.1517: authentication succeeded
[2015-03-13 13:56:03]:  info: bond1.198.1517: send [DHCPv4 Offer xid=b67c95d7 yiaddr=10.10.27.94 chaddr=e0:06:e6:11:67:16 <Message-Type Offer> <Server-ID 10.10.16.4> <Lease-Time 60> <Router 10.10.16.4> <Subnet 255.255.240.0> <DNS 172.29.0.4,10.10.254.253>]

[dimka88]

Как я понял shared=0 обозначает что на одном интерфейсе один клиент, то есть vlan-per-user, у вас 2 мака периодически пытаются поднять сессию, выдавая параметры новой сессии сервер завершает старую.

[roysbike]

Самое странное , что за портом 1 мак. До этого было вкл. port_sec , чтобы не пускала больше 1мака.
a0:b3:cc:79:40:d5 mac-клиента
a0:36:9f:23:12:69 mac-сервера (accel)

e0:06:e6:11:67:16- Вообще неизвестно от куда он, на свичах пока не видем. МОжет коллизия.

Code: Select all

listening on bond1.198.1517, link-type EN10MB (Ethernet), capture size 65535 bytes
14:27:40.005604 a0:b3:cc:79:40:d5 > a0:36:9f:23:12:69, ethertype IPv4 (0x0800), length 356: 172.30.83.83.68 > 172.30.0.4.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 314
14:27:40.005760 a0:36:9f:23:12:69 > a0:b3:cc:79:40:d5, ethertype IPv4 (0x0800), length 320: 172.30.0.4.67 > 172.30.83.83.68: BOOTP/DHCP, Reply, length 278
14:28:10.029477 a0:b3:cc:79:40:d5 > a0:36:9f:23:12:69, ethertype IPv4 (0x0800), length 356: 172.30.83.83.68 > 172.30.0.4.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 314
14:28:10.029678 a0:36:9f:23:12:69 > a0:b3:cc:79:40:d5, ethertype IPv4 (0x0800), length 320: 172.30.0.4.67 > 172.30.83.83.68: BOOTP/DHCP, Reply, length 278
14:28:40.059503 a0:b3:cc:79:40:d5 > a0:36:9f:23:12:69, ethertype IPv4 (0x0800), length 356: 172.30.83.83.68 > 172.30.0.4.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 314
14:28:40.059732 a0:36:9f:23:12:69 > a0:b3:cc:79:40:d5, ethertype IPv4 (0x0800), length 320: 172.30.0.4.67 > 172.30.83.83.68: BOOTP/DHCP, Reply, length 278
14:28:58.085996 a0:b3:cc:79:40:d5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 172.30.83.83.68 > 255.255.255.255.67: BOOTP/DHCP, Request from e0:06:e6:11:67:16, length 300
14:28:58.085998 a0:b3:cc:79:40:d5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 172.30.83.83.68 > 255.255.255.255.67: BOOTP/DHCP, Request from e0:06:e6:11:67:16, length 300
14:28:58.120566 a0:36:9f:23:12:69 > e0:06:e6:11:67:16, ethertype IPv4 (0x0800), length 320: 10.10.16.4.67 > 10.10.24.167.68: BOOTP/DHCP, Reply, length 278
14:28:58.120587 a0:36:9f:23:12:69 > e0:06:e6:11:67:16, ethertype IPv4 (0x0800), length 320: 10.10.16.4.67 > 10.10.24.167.68: BOOTP/DHCP, Reply, length 278
14:29:09.085940 a0:b3:cc:79:40:d5 > a0:36:9f:23:12:69, ethertype IPv4 (0x0800), length 356: 172.30.83.83.68 > 172.30.0.4.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 314
14:29:09.086062 a0:36:9f:23:12:69 > a0:b3:cc:79:40:d5, ethertype IPv4 (0x0800), length 286: 0.0.0.0.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 244
14:29:09.099370 a0:b3:cc:79:40:d5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 300
14:29:09.099371 a0:b3:cc:79:40:d5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 300
14:29:09.130973 a0:36:9f:23:12:69 > a0:b3:cc:79:40:d5, ethertype IPv4 (0x0800), length 320: 172.30.0.4.67 > 172.30.83.83.68: BOOTP/DHCP, Reply, length 278
14:29:09.131662 a0:b3:cc:79:40:d5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 368: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 326
14:29:09.131669 a0:b3:cc:79:40:d5 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 368: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a0:b3:cc:79:40:d5, length 326
14:29:09.131885 a0:36:9f:23:12:69 > a0:b3:cc:79:40:d5, ethertype IPv4 (0x0800), length 320: 172.30.0.4.67 > 172.30.83.83.68: BOOTP/DHCP, Reply, length 278
14:29:09.131919 a0:36:9f:23:12:69 > a0:b3:cc:79:40:d5, ethertype IPv4 (0x0800), length 320: 172.30.0.4.67 > 172.30.83.83.68: BOOTP/DHCP, Reply, length 278
^C

[dimka88]

Ну это та самая причина, по которой сервер accel-ppp шлёт terminate-cause = nas-request. На коммутаторе который производит инкапсуляцию qinq ищите.

[roysbike]

Ну это та самая причина, по которой сервер accel-ppp шлёт terminate-cause = nas-request. На коммутаторе который производит инкапсуляцию qinq ищите.

можно запретить поднятие 2-х сессий с одного vlan?

[dimka88]

Ну это та самая причина, по которой сервер accel-ppp шлёт terminate-cause = nas-request. На коммутаторе который производит инкапсуляцию qinq ищите.

можно запретить поднятие 2-х сессий с одного vlan?

Да как бы это и запрещает поднять вторую сессию, гарантирую только одной работоспособность. Функционала игнорирующего второй DHCP дисковер вроде нет, да и не нужен он, лучше найдите откуда второй mac взялся.

[roysbike]

Разобрались. Это был mac wifi адаптера в ноуте HP. ОТключили и все стало ок. ПРичем проблема была у двух клиентах с ноутами HP