某客戶反饋無線控制器加瘦AP組網(wǎng)下,DHCP服務(wù)器Windows Server,無線控制器做DHCP中繼����,為終端分配地址���,終端連接到SSID下后出現(xiàn)部分終端獲取不到地址的問題����。
原因分析:
通過一線反饋現(xiàn)場無線控制器配置,以及現(xiàn)場情況����,發(fā)現(xiàn)問題現(xiàn)象主要出現(xiàn)在移動終端(蘋果、安卓手機���、平板)上���,筆記本終端獲取地址均正常。
由于DHCP協(xié)議較為簡單����,且設(shè)備上運行一直正常��,首先檢查相關(guān)配置�。
dhcp relay server-group 1 ip 10.154.73.11
dhcp relay server-group 1 ip 10.154.73.12
#
wlan vlan-pool vp1
vlan-id 405 to 406
#
interface Vlan-interface405
ip address 10.154.97.253 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface406
ip address 10.154.98.253 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface WLAN-ESS1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 200 405 to 406 untagged
port hybrid pvid vlan 200
mac-vlan enable
#
wlan service-template 1 clear
ssid zjzyhx
bind WLAN-ESS 1
service-template enable
#
wlan ap zhwgcs model WA2620i-AGN id 1
serial-id 219801A0CMC156000206
radio 1
service-template 1
radio 2
service-template 1 vlan-pool vp1
radio enable
#
檢查發(fā)現(xiàn)配置無異常,皆為基本配置���,且PC機獲取正常���,說明基本的數(shù)據(jù)鏈路是沒有問題的���,于是搜集相關(guān)的debug信息。
debug dhcp relay all
發(fā)現(xiàn)手機終端(MAC地址38f8-8937-bfd1)
From client to server (Server-group 1):
Message type: request
Hardware type: 1, Hardware address length: 6
Hops: 1, Transaction ID: 1128803385
Seconds: 29, Broadcast flag: 0
Client IP address: 0.0.0.0 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 10.154.98.253
Client hardware address: 38f8-8937-bfd1
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Discover
*Aug 17 14:27:41:162 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Pkt Sent: send request interface Vlan-interface406, dest IP: 10.154.73.11,
chardAddr: 38f8.8937.bfd1, server-group: 1.
*Aug 17 14:27:41:162 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Pkt Sent: send request interface Vlan-interface406, dest IP: 10.154.73.12,
chardAddr: 38f8.8937.bfd1, server-group: 1.
*Aug 17 14:27:41:164 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Begin to deal with DHCP Offer packet.
*Aug 17 14:27:41:164 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_PACKET:
Rx, DHCP reply packet, interface Vlan-interface406.
*Aug 17 14:27:41:165 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_PACKET:
From server to client (Server-group 1):
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 1128803385
Seconds: 0, Broadcast flag: 0
Client IP address: 0.0.0.0 Your IP address: 10.154.99.132
Server IP address: 0.0.0.0 Relay agent IP address: 10.154.98.253
Client hardware address: 38f8-8937-bfd1
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Offer
*Aug 17 14:27:41:165 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
First VLAN ID of reply packets to client is 406.
*Aug 17 14:27:41:165 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Pkt Sent: send reply interface Vlan-interface406, dest IP: 10.154.99.132,
chardAddr: 38f8.8937.bfd1, server-group: 1.
Debug信息中可以看出����,無線控制器上中繼功能完整的完成了中繼流程,并且在較后一步debug信息中顯示
Pkt Sent: send reply interface Vlan-interface406, dest IP: 10.154.99.132,
chardAddr: 38f8.8937.bfd1, server-group: 1.
即無線控制器已經(jīng)向該地址發(fā)送DHCP reply報文��,并且走的vlan端口也是vlan406�,為該終端所在vlan中。
查看PC的地址獲取過程中的debug信息:
*Aug 17 14:28:59:719 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Begin to deal with DHCP Request packet.
*Aug 17 14:28:59:719 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_PACKET:
Rx, DHCP request packet, interface Vlan-interface405.
*Aug 17 14:28:59:720 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_PACKET:
From client to server (Server-group 1):
Message type: request
Hardware type: 1, Hardware address length: 6
Hops: 1, Transaction ID: 1738251759
Seconds: 1024, Broadcast flag: 1
Client IP address: 10.154.99.9 Your IP address: 0.0.0.0
Server IP address: 0.0.0.0 Relay agent IP address: 10.154.97.253
Client hardware address: e006-e6ce-36b8
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Request
*Aug 17 14:28:59:720 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Pkt Sent: send request interface Vlan-interface405, dest IP: 10.154.73.11,
chardAddr: e006.e6ce.36b8, server-group: 1.
*Aug 17 14:28:59:720 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Pkt Sent: send request interface Vlan-interface405, dest IP: 10.154.73.12,
chardAddr: e006.e6ce.36b8, server-group: 1.
*Aug 17 14:28:59:728 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Begin to deal with DHCP Ack packet.
*Aug 17 14:28:59:728 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_PACKET:
Rx, DHCP reply packet, interface Vlan-interface405.
*Aug 17 14:28:59:728 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_PACKET:
From server to client (Server-group 1):
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 1738251759
Seconds: 0, Broadcast flag: 1
Client IP address: 10.154.99.9 Your IP address: 10.154.99.9
Server IP address: 0.0.0.0 Relay agent IP address: 10.154.97.253
Client hardware address: e006-e6ce-36b8
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Ack
*Aug 17 14:28:59:729 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
First VLAN ID of reply packets to client is 405.
*Aug 17 14:28:59:729 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_EVENT:
Pkt Sent: send reply interface Vlan-interface405, dest IP: 255.255.255.255,
chardAddr: e006.e6ce.36b8, server-group: 1.
發(fā)現(xiàn)交互流程的信息只有Broadcast flag: 1該位有區(qū)別�。
又在debug信息中發(fā)現(xiàn)了
*Aug 17 14:29:09:833 2015 WX3024E_AC DHCPR/7/DHCPR_DEBUG_PACKET:
From server to client (Server-group 1):
Message type: reply
Hardware type: 1, Hardware address length: 6
Hops: 0, Transaction ID: 1077829468
Seconds: 0, Broadcast flag: 0
Client IP address: 10.154.99.9 Your IP address: 10.154.99.9
Server IP address: 0.0.0.0 Relay agent IP address: 10.154.97.253
Client hardware address: e006-e6ce-36b8
Server host name: Not Configured, Boot file name: Not Configured
DHCP message type: DHCP Ack
即PC終端也發(fā)送過Broadcast flag為0的報文,且該種情況下也是獲取異常���。
現(xiàn)象明了�����,即Broadcast flag位置零的終端獲取異常(單播)��,Broadcast flag位置一的DHCP 中繼流程正常(廣播)���。
查看RFC2131可知DHCP ACK報文“broadcast or unicast, based on bootp flags.”而debug信息中��,無線控制器回應(yīng)的ACK報文該位與終端要求的均一一對應(yīng)�����,不存在問題����。
由于debug信息中顯示已經(jīng)向問題終端發(fā)送ACK報文���,于是協(xié)調(diào)AP AC間抓包����。發(fā)現(xiàn)報文確實沒有發(fā)送到AP����。
繼續(xù)排查,在無線控制器內(nèi)聯(lián)口抓包發(fā)現(xiàn)單播ACK報文出現(xiàn)在了����,內(nèi)聯(lián)口且未做LWAPP封裝����,即該報文走向了有線口��,進一步查看配置��。
發(fā)現(xiàn)業(yè)務(wù)vlan 405 406三層接口配置:
#
interface Vlan-interface405
ip address 10.154.97.253 255.255.255.0
dhcp select relay
dhcp relay server-select 1
#
interface Vlan-interface406
ip address 10.154.98.253 255.255.255.0
dhcp select relay
dhcp relay server-select 1
分別為10.154.98.0/24 10.154.98.0/24網(wǎng)段����,而debug中終端拿到的地址是Client IP address: 10.154.99.9 Your IP address: 10.154.99.9
10.154.99.0/24網(wǎng)段����,隨即向客戶詢問配置緣由,經(jīng)了解��,客戶在有線網(wǎng)關(guān)上有相應(yīng)的portal認證���,設(shè)備在沒有過認證之前���,獲取的是10.154.99.0/24網(wǎng)段地址,現(xiàn)場確實有該需求��。
至此�����,原因查明,手機終端DHCP報文廣播位置為0���,即請求服務(wù)器單播回應(yīng)����。
PC機會分別嘗試單播廣播兩種方式����。當請求單播時,由于設(shè)備上沒有相應(yīng)的(10.154.99.0/24網(wǎng)段)三層接口���,于是ACK的單播報文走默認路由�����,走無線內(nèi)聯(lián)口發(fā)出��,所以終端沒有收到報文����。
根據(jù)問題發(fā)生的原因����,在業(yè)務(wù)vlan 405 406下配置(10.154.99.0/24網(wǎng)段)子地址,問題解決��。
解決辦法:
在業(yè)務(wù)vlan 405 406下配置(10.154.99.0/24網(wǎng)段)子地址�,問題解決。
建議與總結(jié):
在做DHCP中繼的情況下�,業(yè)務(wù)vlan較好有跟終端相同的網(wǎng)段地址。
在業(yè)務(wù)vlan 405 406下配置(10.154.99.0/24網(wǎng)段)子地址��,問題解決����。
