某办公楼做Portal后PC、WiFi手机获取地址慢或获不了地址的经验案例
一、 组网:
某办公楼无线网络的拓扑如下,其所有终端皆通过二层方式获取地址(即Dhcp Server与Client为同一网段);AC对业务vlan使能Portal认证。
二、 问题描述:
某办公大楼的无线环境,若应用Portal认证后,常出现某些PC获取地址慢、WiFi手机获取不了地址问题;取消Portal则正常。
三、 过程分析:
根据上述问题的简要分析,可排除无线环境对地址获取影响。通过对问题PC和WiFi手机客户端、AC交换板内联口抓包,发现:
1. PC连续发送标识位为单播,没有响应;后续发送标识位为广播后即可正常获取地址。
最后一个DHCP Discover包标识位为广播。
2. WiFi手机一直发送标识位为单播DHCP请求报文,地址获取不了
3. 相应设备侧Debug调试信息,查看其服务器皆响应Offer报文
以下摘取为测试PC先发送连续的标识位为单播,最后为广播的调试:
*May 31 16:22:07:569 2000 6103-IAG DHCPSD/7/DHCPS_PACKET:
Rx, interface Vlan-interface54
Message type: request
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 3937838873
Seconds: 0, Broadcast flag: 0
Client IP address: 0.0.0.0 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 001b-777a-674d
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Discover
*May 31 16:22:07:569 2000 6103-IAG DHCPSD/7/DHCPS_PACKET:
Tx, interface Vlan-interface54
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 3937838873
Seconds: 0, Broadcast flag: 0 (此时回应Offer报文为单播报文)
Client IP address: 0.0.0.0 Your IP address: 10.2.51.182
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 001b-777a-674d
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Offer
最后为广播后即可正常获取地址:
Rx, interface Vlan-interface54
Message type: request
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 3576537726
Seconds: 0, Broadcast flag: 1
Client IP address: 0.0.0.0 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 001b-777a-674d
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Discover
*May 31 16:23:52:500 2000 6103-IAG DHCPSD/7/DHCPS_PACKET:
Tx, interface Vlan-interface54
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 3576537726
Seconds: 0, Broadcast flag: 1 (此时对应Offer为广播报文)
Client IP address: 0.0.0.0 Your IP address: 10.2.51.182
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 001b-777a-674d
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Offer
*May 31 16:23:53:110 2000 6103-IAG DHCPSD/7/DHCPS_PACKET:
Rx, interface Vlan-interface54
Message type: request
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 3576537726
Seconds: 0, Broadcast flag: 1
Client IP address: 0.0.0.0 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 001b-777a-674d
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Request
*May 31 16:23:53:731 2000 6103-IAG DHCPSD/7/DHCPS_PACKET:
Tx, interface Vlan-interface54
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 3576537726
Seconds: 0, Broadcast flag: 1
Client IP address: 0.0.0.0 Your IP address: 10.2.51.182
Server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0
Client hardware address: 001b-777a-674d
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Ack
4. 但在交换板内联口抓包发现,在响应Oeffer报文里,若为单播,则被AC板丢弃;若为广播则正常。
单播DHCP Offer报文,如类似截图:目标IP为具体IP地址
综合上述信息分析,其问题的主要原因为AC在业务Vlan使能Portal后,对同Vlan内DHCP Server响应报文,若为单播,则会被丢弃,而广播不受影响。
四、 解决方法:
在AC配置对DHCP Server回应报文的源地址或源是内联口,目的any的报文做free-rule即解决。如:
portal free-rule 0 source ip x.x.x.x mask 255.255.255.255 destination any
或
portal free-rule 0 source interface Ten-GigabitEthernet1/0/1 destination any
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作