Professional Documents
Culture Documents
Failures
Issue 01
Date 2019-06-30
and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.
All other trademarks and trade names mentioned in this document are the property of their respective
holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or
representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute a warranty of any kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
Contents
1.1 Introduction
1.2 Understanding the PPPoE User Login Process
1.3 Troubleshooting Flowchart
1.4 Troubleshooting Procedure
1.5 Troubleshooting Summary
1.6 Related Information
1.1 Introduction
This document describes how to troubleshoot failures in logging in to an NE40E in typical
PPPoE user access scenarios.
2. Upon receiving the PADI packet, all access concentrators (NE40Es, in the context of this
document) on the Ethernet network compare the requested service against the services
they offer. Then, the NE40Es that can provide the requested service reply with a PPPoE
Active Discovery Offer (PADO) packet.
3. The user may receive more than one PADO packet. The user looks through the received
PADO packets and chooses one that meets specified conditions. The user then sends a
PPPoE Active Discovery Request (PADR) packet indicating the requested service to the
selected NE40E.
4. After receiving the PADR packet, the selected NE40E prepares to begin a PPP session. It
generates a unique session ID for the PPPoE session and replies to the user with a PPPoE
Active Discovery Session-confirmation (PADS) packet carrying the session ID. If no
errors occur during the sending and receiving of the PADS packet, the NE40E and the
user enter the PPP Session stage.
l Figure 1-3shows the first option. A PPP session is set up between the CPE and NE40E.
All hosts transmit data through the same PPP session. The CPE, located inside an
enterprise or company, functions as a PPPoE client. The NE40E functions as a PPPoE
server. No PPPoE client dial-up software needs to be installed on the hosts. The hosts,
which are users in an enterprise or company, share one account.
l Figure 1-4 shows the second option. A PPP session is established between each host and
the carrier device (NE40E). Each host is a PPPoE client, and the NE40E is a PPPoE
server. Each host has an account for access control and accounting. Each host must have
the PPPoE client dialup software installed to function as a PPPoE client. This network
structure is suitable for campuses and residential areas.
The Online fail reason field displays the cause of the user login failure. You can roughly
locate the fault based on the cause to facilitate troubleshooting. The following table lists
common causes of PPPoE user login failures.
Local Authentication user type not match The account type of a local user did not
match the account type in the local
authentication database.
Local Authentication user block The local account was not activated.
– If a user's login failure record is returned, check the associated configuration based
on the login failure cause displayed in the Online fail reason field. If the fault
cannot be preliminarily located, go to step 3.
– If a user's login failure record is not returned, the user did not request to go online.
This indicates that the PPPoE link failed to be set up. In this case, go to step 2.
2. Check that the user is not blocked.
– If the user is not blocked, the following information will be displayed. In this case,
go to step 3.
<HUAWEI> system-view
[~HUAWEI] display ppp slot
------------------GLOBAL PPP CHASTEN USERS SLOT 1
---------------------
00-e0-fc-12-34-56 is not
block
------------------PPPOE VLAN CHASTENUSERS SLOT 1
---------------------
00-e0-fc-12-34-56 is not
block
If no service tracing information is displayed, ensure that the following conditions are
met:
– Devices are correctly connected at the physical layer.
– The Layer 2 network is correctly configured.
If the fault persists, go to step 5.
5. Check that LCP negotiation is successful.
Run the debugging ppp lcp packet interface command to enable debugging of LCP
PPP packets. Check the Config-Nak or Config-Reject packets to locate the options that
were rejected or failed to be identified. Common causes are as follows:
a. Some PPPoE clients do not implement PPP in compliance with PPP standards.
Specifically, after such a PPPoE client sends a Config-Request packet and the
NE40E responds with a Config-Nak or Config-Reject packet, the client fails to
modify attribute values or add/delete attributes in the Config-Request packet. In this
case, modify the associated negotiation attributes to be consistent between devices.
b. CHAP authentication is configured on the NE40E, but the client supports only PAP
authentication. As a result, LCP negotiation fails, causing a user login failure. In
this case, modify the authentication protocols to be consistent between devices.
If the user still fails to go online after LCP negotiation succeeds, go to step 6.
6. Check that user authentication is successful.
Run the debugging ppp chap packet interface or debugging ppp pap packet
interface command to enable debugging of CHAP or PAP packets and check whether
the NE40E responds with a success message after receiving a response packet.
– If a success message is returned, the authentication is successful. In this case, go to
step 7.
– If no success message is returned, check whether the username and domain carried
in the user login request are the same as those on the NE40E or the remote
authentication server configured on the NE40E.
n If the configurations are the same, go to step 9.
n If the configurations are different, modify them to be consistent.
7. Check whether NCP negotiation is successful.
In PPPoE stages, NCP generally negotiates only IP addresses. If NCP negotiation fails,
address negotiation fails.
Check IP address assignment:
– If IP addresses are assigned locally:
Run the display this command in the domain view to check whether the involved
address pool is bound to the domain. Run the display ip pool name command to
check whether the address pool has any idle IP addresses.
If the address pool is delivered by the RADIUS server, the Framed-Pool attribute
(RADIUS attribute 88) must be delivered in the correct format. If the delivered
character string contains an at sign (@) or a number sign (#), only the part before
either of the two signs is used as the address pool name. The specified address pool
needs to have been configured on the NE40E.
– If IP addresses are assigned by a RADIUS server:
Check whether the value of the Framed-IP-Address attribute (RADIUS attribute 88)
in RADIUS authentication response packets is correct.
If RADIUS or HWTACAS accounting fails, the NE40E saves newly generated CDRs locally.
After the accounting server recovers, the NE40E sends the locally saved CDRs to the accounting
server. If the local CDR pool is full but the accounting server has not recovered, newly generated
CDRs are lost.
9. If the fault persists, contact Huawei technical support.