当前位置:首页 >> 信息与通信 >>

SecBlade IAG培训


课程编码 S e c B l a d eI A G 培训
ISSUE 1.X

日期:2009/3/5

杭州华三通信技术有限公司 版权所有,未经授权不得使用与传播

引入
n H3C SecBlade IAG(Intelligent Application Gateway)智能业务网关 (以下简称

IAG )是华三公司面向企业、教育、运营商开发的智能业 务网关产品。 IAG应用网关产品基于强大的多核处理器硬件平台,集 BAS(Broad Access Server)和EAD网关的功能于一体,具备完善 的接入、认证、授权和计费功能、丰富的QoS机制以及丰富的业务处 理能力,是运营商宽带接入服务和企业EAD部署的理想设备。

课程目标
学习完本课程,您应该能够:
n 对设备物理参数及性能指标有个基本了解 n 掌握PPPOE及PORTAL认证的基本原理 n 完成设备在各种典型组网应用环境中的配 置 n 掌握常用调试信息的查看、常见问题的 Trouble Shooting

目录
n SecBlade IAG简述 n PPPOE简介及典型组网应用配置 n Portal认证简介及典型组网应用 配置 n 常用调试命令

设备简介
产品主要支持业务:

PPPOE-SERVER PORTAL User-profile 双机热备

Pppoe-server Portal的三种认证方式 基于用户的qos限速 支持会话业务、portal、AAA的双机热备

注:当前BAS插卡portal、QOS业务不支持快转,默认情况下关快转

www.h3c.com

4

设备简介
SecBlade IAG视图:

?产品规表 H3C SecBlade IAG 智能接入网关模块 WX6103 1个配置口(CON) 2个千兆RJ45电口 2个千兆Combo口 40.1×399.2×376.5mm 0~40℃

项目 应用于 管理接口 尺寸(高×宽× 深) 环境温度

www.h3c.com

5

设备简介
l性能规格概述 PPPOE PORTAL 吞吐量 NAT吞吐量 AAA 整机10K,单端口4K,PPPOE吞吐量为整机 吞吐量75% 整机10K,单端口4K 64Byte小包2.5G 64Byte小包800Mbps,并发连接100万(2G 内存) 最大本地用户数1000;最大在线用户数 32K,同时AAA请求数1000

Dhcp Server 并发10K

www.h3c.com

6

目录
n SecBlade IAG简述 n PPPOE简介及典型组网应用配置 n Portal认证简介及典型组网应用 配置 n 常用调试命令

PPPOE-SERVER

l典型组网:
l1、基本组网&配置:
Secblade IAG

Ten0/0.101

Ten0/0.200
Internet

IMC-Server

# PPPOE接口基本配置 interface Virtual-Template1 ppp authentication-mode chap //配置PPP认证方式为CHAP ppp account-statistics enable //按流量计费时一定要使能统计功能 ppp ipcp dns 192.168.100.240 10.72.66.36 //配置给拨号用户分配 的DNS服务器地址 remote address pool //调用地址池给拨号用户分配IP ip address 100.0.0.1 255.255.0.0 # interface Ten-GigabitEthernet0/0 port link-mode route # interface Ten-GigabitEthernet0/0.101 vlan-type dot1q vid 101 pppoe-server bind Virtual-Template 1 //子接口下绑定VT口 # interface Ten-GigabitEthernet0/0.102 description to-IMC vlan-type dot1q vid 102 ip address 192.168.100.10 255.255.252.0 # AAA服务器配置 radius scheme ppp_test service-type extended //如果使能了计费功能, 建议一定要将Radius报文类型配置为扩展形式 primary authentication 192.168.100.12 primary accounting 192.168.100.12 key authentication test key accounting test user-name-format without-domain

www.h3c.com

8

Portal
domain pppoe authentication ppp radius-scheme ppp_test authorization ppp radius-scheme ppp_test accounting ppp radius-scheme ppp_test access-limit disable state active idle-cut disable self-service-url disable ip pool 0 100.0.0.3 100.0.3.254 //给PPPOE拨号用户分配IP地址的地址池 # domain default enable pppoe //配置了AAA后手工切换ISP域为配置域(PPPOE),设备默认ISP域为system #

WEB页面配置: Pc机器管理接口连接设备,通过管理接口打开web管理页面,将所用到接口加入到安全域:

www.h3c.com

9

PPPOE-SERVER
lCAMS-Server配置:
AAA相关配置:

www.h3c.com

10

PPPOE-SERVER
User相关配置:

配置计费策略

服务管理->服务配置

www.h3c.com

11

PPPOE-SERVER
用户管理->帐号用户;

注:不绑定任何服务的用户帐号不能访问网络

www.h3c.com

12

PPPOE-SERVER
lIMC-Server配置:

注:配置完成后记得点击“接入业务”,然后点击“系统手工配置生效”,
以使配置立即生效
www.h3c.com

13

PPPOE-SERVER
2、基于用户qos策略配置: 相关配置:
#配置ACL在QOS中引用 acl number 3002 description pppoe_user_access_internet_control_rate_in rule 0 permit ip source 100.0.0.0 0.0.255.255 # acl number 3004 description ppoe_user_access_internet_control_rate_out rule 0 permit ip destination 100.0.0.0 0.0.255.255 # traffic classifier shangxing operator and if-match acl 3002 # traffic classifier xiaxing operator and if-match acl 3004 #用户上行带宽限速512K traffic behavior shangxing car cir 512 cbs 32000 ebs 0 green pass red discard #用户下行带宽限速1M traffic behavior xiaxing car cir 1024 cbs 64000 ebs 0 green pass red discard #配置QOS策略限制拨号用户上下行带宽 qos policy shangxing classifier shangxing behavior shangxing qos policy xiaxing classifier xiaxing behavior xiaxing #配置基于用户的QOS user-profile test qos apply policy shangxing inbound qos apply policy xiaxing outbound #使能基于用户的QOS user-profile pppoe enable 交换机上QINQ配置 #端口启用QinQ功能 interface Ethernet2/1/1 port access vlan 1000 qinq enable

www.h3c.com

14

PPPOE-SERVER
3、WEB配置:
(1)CAMS-Server配置:

(2)IMC-Server配置:

www.h3c.com

15

本章总结
n 命令行下完成AAA服务器后要将domain域切换到手工创建的域(如本例 中:domain default enable pppoe)否则默认域始终为system,系统 不会对拨号 用户去AAA服务器端进行认证; n 对在使能了基于用户的QOS后,QOS策略配置不可改变,要改变QOS策 略,首先要去使能该功能(系统视图下:undo user-profile test enable); n 拨号用户进行基于流量的计费统计时,除了命令行下必要的AAA服务器 相关配置外,还要在VT口下使能PPP记账统计功能(VT口下:ppp account-statistics enable)否则基于用户的流量计费不生效; n domain域下可配置100(序号:0~99)个给拨号用户分配IP的地址池, 每个地址池中有1020个可用地址

www.h3c.com

16

目录
n SecBlade IAG简述 n PPPOE简介及典型组网应用配置 n Portal认证简介及典型组网应用 配置 n 常用调试命令

Portal
Portal协议框架:

Portal Server(PS):使用本地的 50100 端口监听 BAS 设备发送的报文,使用目的端口2000 向 BAS 设备发送所有报文。 BAS (Broad Access Server ) :使用本地的 2000 端口监听 Portal Server 发送的所有报文。使用 目的端口 50100 向Portal Server 发送报文。

www.h3c.com

18

Portal
Portal协议报文格式:

Portal协议承载在UDP上,协议包采用固定长度头和可变长度的属性字段组 成。报文的最大长度为1024,最小长度为32。

www.h3c.com

19

Portal
Poral 正常认证流程示意图:

www.h3c.com

20

Portal
Portal 认证过程简述: ?首先用户对打开IE浏览器,输入任意网址;BAS非常强横,无论用户输入什 么网址它都会通过TCP仿冒,把用户强制重定向到portal服务器的认证页面上 去认证。 ?portal客户端(此小程序是随着网页的打开从服务器传过来自动运行的)把用 户在认证页面输入的用户名和密码以http报文的方式,通过BAS中转到Portal服 务器上;然后portal服务器再把这个包含认证信息的http报文重新封装成portal 协议报文;最后直接发送到BAS上。 ? 在这个过程中,BAS起转发报文的作用,所以逻辑上好像portal客户端是直接和 portal服务器相连接的。 ?BAS把从portal服务上接收到的portal认证报文,封装成RADIUS报文发送到 认证服务器,也就是AAA server(这里假定采用Radius认证,采用其他认证, 则封装成其他格式)中去认证。RADIUS报文的承载协议也是UDP协议。 ?认证通过之后,用户才可以访问Internet,之后不再对该用户的HTTP报文进 行重定向。认证成功之后,BAS就会马上向RADIUS计费服务器发送计费报 文,开始对用户进行计费。
www.h3c.com

21

Portal
用户下线流程: (1)主动下线流程

?PORTAL用户通过HTTP下线,也有可能是因为PORTAL Server检测到了用户某方面异常, 还有可能是管理员通过PORTAL Server理界面强制用户下线等等。 ?一般来说,下线不存在成功和失败的说法,用户要选择下线,肯定是要允许的,所以PORTAL Server 收到用户的下线请求后,可以在“某个时候”通知下线成功,而不需要等待BAS设备对下线的确认。 ?当设备收到Portal Server的下线请求后,根据用户状态回应服务器ACK_LOGOUT报文,用户下线。

www.h3c.com

22

Portal
(2)强制下线流程

?BAS设备一般提供命令行切断用户连接,或者由于外部事件所引起的BAS设备发现用户已经异常也要及 时通知PORTAL Server。 ?BAS设备通过发送NTF_LOGOUT报文给PORTAL Server来通知用户已经下线。 ?PORTAL Server收到NTF_LOGOUT报文后,需要向BAS发送AFF_NTF_LOGOUT报文确认收到的 NTF_LOGOUT报文,这个报文由于外部事件BAS也可能收不到。同时,PORTAL Server应该通知用户 网络中断,这个通知过程可能会失败,此时无法通知用户网络连接已经中断。

www.h3c.com

23

Portal
Portal的两种重要握手方式: 1. portal客户端和portal服务器之间的心跳握手 : portal客户端与portal服务器之间,通过心跳握手来保持联系。这个握手报文 是TCP报文,由PORTAL客户端主动发起。如果portal服务器发现在心跳超 时之后,还没有收到客户端的心跳握手报文,就会通知BAS切断用户。

www.h3c.com

24

Portal
2.BAS和RADIUS计费服务器之间的计费报文握手 : 用户认证上线之后,BAS会定期向RADIUS计费服务器发送计费报文,RADIUS 计费服务器收到该计费报文之后就会给予应答。当BAS发送计费报文没有得到响 应时,BAS会切断用户的连接 radius scheme test server-type extended primary authentication 192.168.100.12 primary accounting 192.168.100.12 key authentication test key accounting test timer realtime-accounting 3 -------默认12分钟 user-name-format without-domain nas-ip 200.0.0.253 retry stop-accounting 10 retry realtime-accounting 3 ---------默认5次

www.h3c.com

25

Portal
l直接认证方式:
这种方案是针对ACL流数量比较多,而且粒度能够达到IP地址级的硬件设计的。对每一个用户,采用单独的流 来限制认证前的访问范围以达到目的,所以流的需求比较多。 优点:用户认证前后不需要更换IP地址,只需要申请一次地址就可以了,流程比较简单; 缺点:地址浪费:用户开机后无论是否通过WEB认证上网,都需要为用户分配一个IP地址,如果用户不上网的 话,就会造成IP资源的浪费。

lDHCP二次地址分配方式:
用户上网后,首先申请到一个IP地址,但是这个IP地址是一个内部私有的地址,通过ACL限制它访问外部网络。 用户通过PORTAL认证后,客户端自动地再次刷新用户的IP地址,这时候用户申请到一个公网的IP地址,就可以 上网了。 优点:大型的运营商对IP地址规划和分配问题比较敏感,要求未认证通过的用户不能分配公网IP地址,那么这种 方法就解决了这个问题。

lLayer3方式:
这种方式主要是针对用户和认证设备不在同一网段中的组网方式使用,它需要在认证设备上指定需要认证的网段 ,那么处于该网段的用户需要进行认证,否则无法访问认证设备的上连网络,而不在认证网段的用户是不需要认 证也不允许认证的,他可以自由的访问任何可达网络。 优点:这种认证方式的组网更加灵活。 缺点:同直接认证一样造成很大的地址浪费,并且安全性能不是很好,无法完全掌控和监督用户的上网情况。

www.h3c.com

26

Portal
1、直接认证组网方式
Secblade IAG

Ten0/0.101

Ten0/0.200
Internet

IMC-Server

www.h3c.com

#配置Portal服务器:名称为8042test,IP地址为200.0.0.1,密钥为test, 端口为默认50100,URL为http://192.168.100.12:8080/portal portal server test ip 192.168.100.12 key test url http://192.168.100.12:8080/portal #在与用户Host相连的接口上使能Portal认证 interface Ten-GigabitEthernet0/0 port link-mode route # interface Ten-GigabitEthernet0/0.102 description portal vlan-type dot1q vid 101 ip address 102.0.0.1 255.255.0.0 portal server 8042test method direct //配置采用Portal直接认证方式 # interface M-GigabitEthernet0/0.200 description to-IMC vlan-type dot1q vid 200 ip address 192.168.100.10 255.255.252.0 # AAA相关配置 radius scheme portal _test primary authentication 192.168.100.12 //IMC服务器IP地址 primary accounting 192.168.100.12 key authentication test //服务器接入密钥 key accounting test user-name-format without-domain # domain portal authentication portal radius-scheme portal _test authorization portal radius-scheme portal _test accounting portal radius-scheme portal _test access-limit disable state active idle-cut disable self-service-url disable 27 #

Portal
CAMS-Server配置:
Portal组件->服务器信息

设备配置信息

www.h3c.com

28

Portal
设备端口组配置:

计费上网页面: 弹出的重定向WEB页面:

www.h3c.com

29

Portal
IMC-Server配置:

端口组配置:

www.h3c.com

30

PPPOE-SERVER

IP地址组配置:

www.h3c.com

31

Portal
2、三层接入方式:

interface Ten-GigabitEthernet0/0.101 description portal vlan-type dot1q vid 101 ip add 101.0.0.1 255.255.255.0 portal auth-network 101.0.0.0 255.255.252.0 //认证用户所在网段 portal server 8042test method layer3

注:
1、在安全策略中配置的安全ACL与隔离ACL首先要保证其在命令行下事先已配置完成,否则绑定了该安全策略的用户无法 通过认证 2、CAMS服务器支持下发基本ACL(2000~2999)和高级ACL(3000~3999) 3、配置了认证网段后,只有在该网段内的用户才能触发portal认证;直接认证方式的认证网段为任意源IP,二次地址分配方 式的认证网段为由接口私网IP决定的私网网段。 www.h3c.com

32

Portal
3、二次地址接入方式: 组网图:

Portal协议中所说的公网,私网只是针对Portal协议 而言,与RFC中定义的不同 1、公网 指在用户认证通过后,通过DHCP分配到的IP地址。 2、私网 指在用户发起认证的时候通过DHCP申请到的IP地址。

www.h3c.com

33

Portal
命令行下配置: # dhcp relay server-group 1 ip 102.0.0.254 //配置dhcp-relay地址 # interface Ten-GigabitEthernet0/0.101 vlan-type dot1q vid 100 to 101 vlan-termination broadcast enable description portal ip address 101.0.0.1 255.255.252.0 //公网IP网段 ip address 102.0.0.1 255.255.252.0 sub //私网IP网段 dhcp select relay dhcp relay address-check enable //使能配置DHCP中继的地址匹配检查功能 dhcp relay server-select 1 portal auth-network 100.0.0.0 255.255.252.0 portal server 8042test method redhcp # dhcp enable

www.h3c.com

34

Portal
设备管理->PORTAL组件->设备信息

www.h3c.com

35

Portal
3、portal支持双机热备组网(以Secblade IAG组网为例):
Portal-Server Radius-Server

Ip:190.168.100.12/24

Ip:190.168.100.13/24

Route Ip:200.0.0.1/24 IAG-01 心跳线 Ip:200.0.0.2/24 IAG-02

Trunk(1) WX6103-01
k Trun 3

WX6103-02

Vir-ip:101.0.0.254/24 Switch-01

Vir-ip:102.0.0.254/24 Switch-02

PC-Client

PC-Client

www.h3c.com

36

Portal
如上图所示:PC-Client连接在接入交换机上,接入交换机通过二层方式与 WX6103相连,IAG-01与WX6103-1,IAG-02与WX6103-2之间的连接为内部XGE 接口,WX6103上的接口为trunk类型,透传带tag报文,Bas上为三层子接口,采 用模糊Vlan终结技术终结不同的vlan报文。 以WX6103-01/ WX6103-02/SWI-01为例,1、2、3链路透传二层报文,三条 链路形成环路,所以在所有交换板上启用MSTP,配置多实例,正常情况下,链 路1 处于stp阴塞状态,当链路2或链路3断开时,链路1自动进入转发状态,以保 证链路不中断,对于其它的环,同本例分析类似 。 IAG-01和Bas-2上配置三层子接口,启用Vrrp,使用其中一个vrrp虚接口IP作 为portal nas-ip和radius 认证用的nas-ip,这样保证当两台设备发生主备切换时, BASIP和NASIP不变化。Vrrp的通告报文通过链路1发送,当链路2或者链路3任一 条断开后,IAG-01和IAG-02上vrrp状态不切换,BAS的主备状态不切换。 正常情况下,IAG-01为主用设备,IAG-02为备用设备,当Bas-1 Down机, IAG-02自动成为主用设备,当IAG-02正常后,IAG-01自动成为主用设备(抢占模 式下)。 IAG-01和IAG-02之间的心跳线通过Secblade IAG板卡面板上的物理口连接, 仅用来传递数据会话信息以及上线用户信息,不传输vrrp通告报文
www.h3c.com

37

Portal
设备配置:
M i c r o s o f tW o r d 文档

www.h3c.com

38

本章总结
n n 使能portal接口下一定使能DHCP中继的地址匹配检查功能,否则接入用 户无法通过认证 CAMS服务器端配置与直连和三层方式有所不同,认证IP地址为公网IP, 认证地址组为私网IP段

www.h3c.com

39

目录
n SecBlade IAG简述 n PPPOE简介及典型组网应用配置 n Portal认证简介及典型组网应用 配置 n 常用调试命令

www.h3c.com

40

常用调试命令
查看portal server相关命令信息:
[wbas-01] dis portal server ----------------------------查看设备portal server配置信息 Portal server: 1)test: IP = 192.168.100.12 Key = test Port = 50100 URL = http://192.168.100.12:8080/portal [wbas-01]dis portal server statistics interface ten0/0.100 ---------查看端口下portal收发报文统计信息 ---------------Interface: Ten-GigabitEthernet0/0.100---------------------Server name: test Invalid packets: 0 Pkt-Name Total Discard Checkerr REQ_CHALLENGE 3 0 0 ACK_CHALLENGE 3 0 0 REQ_AUTH 3 0 0 ACK_AUTH 3 0 0 REQ_LOGOUT 2 0 0 ACK_LOGOUT 2 0 2 AFF_ACK_AUTH 3 0 0 NTF_LOGOUT 3 0 0 REQ_INFO 5 0 0 ACK_INFO 5 0 0 NTF_USERDISCOVER 0 0 0 NTF_USERIPCHANGE 0 0 0 AFF_NTF_USERIPCHANGE 0 0 0 ACK_NTF_LOGOUT 3 0 0 [wbas-01]

www.h3c.com

41

常用调试命令
查看在线用户相关命令信息:
<wbas-01>dis portal user all Index:9 State:ONLINE SubState:NONE ACL:NONE Work-mode:primary /secondary MAC IP Vlan Interface --------------------------------------------------------------------000a-eb2b-d0d1 100.0.0.3 0 Ten-GigabitEthernet0/0.100 Total 1 user(s) matched, 1 listed. <wbas-01>dis conn Index=9 ,Username=test@test MAC=000a-eb2b-d0d1 ,IP=100.0.0.3 Total 1 connection(s) matched. # <wbas-01>dis conn ucibindex 9 Index=9 , Username=test@test---------------------接入用户账号 MAC=000a-eb2b-d0d1----------------------------------接入主机MAC IP=100.0.0.3-----------------------------------------------接入主机IP地址 Access=PORTAL ,AuthMethod=CHAP------------接入方式(portal还可能时ppp、admin);接入认证方式 (CHAP/PAP) Port Type=Ethernet,Port Name=Ten-GigabitEthernet0/0.100------用户接入端口 Initial VLAN=N/A, Authorization VLAN=N/A ACL Group=Disable User Profile=test------------------------------------------对接入用户下发的qos策略(test) CAR=Disable Priority=Disable Start=2009-03-04 17:38:12 ,Current=2009-03-04 17:38:44 ,Online=00h00m32s-----用户上线时间及在线时常 Total 1 connection matched. www.h3c.com

42

常用调试命令
//portal 端口下ACL查看 Rule 12 Inbound interface = Ten-GigabitEthernet0/0.100 Type = static Action = permit Source: IP = 0.0.0.0 Mask = 0.0.0.0 MAC = 0000-0000-0000 Interface = any VLAN =0 Protocol = 0 Destination: IP = 10.72.66.37 Mask = 255.255.255.255 Rule 13 Inbound interface = Ten-GigabitEthernet0/0.100 Type = static Action = permit Source: IP = 0.0.0.0 Mask = 0.0.0.0 MAC = 0000-0000-0000 Interface = any VLAN =0 Protocol = 0 Destination: IP = 192.168.100.13 Mask = 255.255.255.255 Rule 14 Inbound interface = Ten-GigabitEthernet0/0.100 Type = static Action = redirect Source: IP = 0.0.0.0 Mask = 0.0.0.0 MAC = 0000-0000-0000 Interface = any VLAN =0 Protocol = 6 Destination: IP = 0.0.0.0 Mask = 0.0.0.0 Rule 15 Inbound interface = Ten-GigabitEthernet0/0.100 Type = static Action = deny Source: IP = 0.0.0.0 Mask = 0.0.0.0 MAC = 0000-0000-0000 Interface = any VLAN =0 Protocol = 0 Destination: IP = 0.0.0.0 Mask = 0.0.0.0

www.h3c.com

43

常用调试命令
查看AAA相关命令信息:
wbas-01]dis radius scheme test --------查看radius 策略相关配置 SchemeName : test Index : 0 Type : extended Primary Auth Server: IP: 192.168.100.12 Port: 1812 State: active Primary Acct Server: IP: 192.168.100.12 Port: 1813 State: active Second Auth Server: IP: N/A Port: 1812 State: block Second Acct Server: IP: N/A Port: 1813 State: block Auth Server Encryption Key : test Acct Server Encryption Key : test Accounting-On packet disable, send times : 5 , interval : 3s Interval for timeout(second) :3 Retransmission times for timeout :3 Interval for realtime accounting(minute) :3 Retransmission times of realtime-accounting packet :3 Retransmission times of stop-accounting packet : 10 Quiet-interval(min) :5 Username format : without-domain Data flow unit : Byte Packet unit : one nas-ip address : 200.0.0.253

www.h3c.com

44

常用调试命令
[wbas-01]dis domain test -------------------查看domain域相关配置 Domain = test State = Active Access-limit = Disabled Accounting method = Required Default authentication scheme : local Default authorization scheme : local Default accounting scheme : local Portal authentication scheme : radius=test Portal authorization scheme : radius=test Portal accounting scheme : radius=test Domain User Template: Idle-cut = Enabled Time = 3(min) Flow = 1024(byte) Self-service = Disabled

www.h3c.com

45

常用调试命令
wbas-01]dis radius statistics state statistic(total=10240): DEAD = 10240 AuthProc = 0 AcctStart = 0 RLTSend = 0 AcctStop = 0 OnLine = 0 ----------------------查看radius统计信息 AuthSucc = 0 RLTWait = 0 Stop = 0

Received and Sent packets statistic: Sent PKT total = 13 Received PKT total = 13 Resend Times Resend total Total 0 RADIUS received packets statistic: Code = 2 Num = 3 Err = 0 Code = 3 Num = 0 Err = 0 Code = 5 Num = 10 Err = 0 Code = 11 Num = 0 Err = 0 Running statistic: RADIUS received messages statistic: Normal auth request Num = 3 Err = 0 Succ = 3 EAP auth request Num = 0 Err = 0 Succ = 0 Account request Num = 3 Err = 0 Succ = 3 Account off request Num = 3 Err = 0 Succ = 3 PKT auth timeout Num = 0 Err = 0 Succ = 0 PKT acct_timeout Num = 0 Err = 0 Succ = 0 Realtime Account timer Num = 4 Err = 0 Succ = 4 PKT response Num = 13 Err = 0 Succ = 13 Session ctrl pkt Num = 0 Err = 0 Succ = 0 Normal author request Num = 0 Err = 0 Succ = 0 Set policy result Num = 0 Err = 0 Succ = 0 RADIUS sent messages statistic: Auth accept Num = 3 Auth reject Num = 0 EAP auth replying Num = 0 Account success Num = 10 Account failure Num = 0 Server ctrl req Num = 0 RecError_MSG_sum = 0 SndMSG_Fail_sum = 0 Timer_Err =0 Alloc_Mem_Err = 0 State Mismatch = 0 Other_Error =0 No-response-acct-stop packet = 0 www.h3c.com

Discarded No-response-acct-stop packet for buffer overflow = 0

46

常用调试命令
Portal常用调试命令:
// 查看portal上线交互过程报文 <wbas-01>debugging portal packet interface Ten-GigabitEthernet 0/0.100 *Mar 5 09:50:51:261 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket receive packet length:34 Portal check packet OK Portal packet head: SN:1934 Type:9 AttrNum:1 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: [ 8 Port ] [ 2] [] Portal raw packet: 02 09 00 00 07 8e 00 00 64 00 00 03 00 00 00 01 64 4c 8a a2 c8 2b 56 49 23 87 7a 8b 5e de 12 25 08 02 *Mar 5 09:50:51:261 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket send packet length:71 Portal packet head: SN:1934 Type:10 AttrNum:3 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: [ 8 Port ] [ 27] [wbas-01-vlan-00-0000@vlan] [ 10 BAS-IP ] [ 6] [110.0.0.254] [ 38 DeviceStartTime ] [ 6] [956750402] Portal raw packet: 02 0a 00 00 07 8e 00 00 64 00 00 03 00 00 00 03 79 30 25 33 8b 30 79 92 6c 5d f6 05 84 36 b2 1c 08 1b 77 62 61 73 2d 30 31 2d 76 6c 61 6e 2d 30 30 2d 30 30 30 30 40 76 6c 61 6e 0a 06 *Mar 5 09:50:51:261 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: 6e 00 00 fe 26 06 39 06 da 42 *Mar 5 09:50:51:277 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket receive packet length:32 Portal check packet OK www.h3c.com

47

常用调试命令
Portal packet head: SN:1934 Type:1 AttrNum:0 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: NULL Portal raw packet: 02 01 00 00 07 8e 00 00 64 00 00 03 00 00 00 00 5a 18 0a 3e 79 d6 07 c1 55 8a 63 08 4e d4 57 6a *Mar 5 09:50:51:278 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket send packet length:62 Portal packet head: SN:1934 Type:2 AttrNum:3 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: [ 3 Challenge ] [ 18] [00001bc10000348f00002ee5000047d2] [ 10 BAS-IP ] [ 6] [110.0.0.254] [ 38 DeviceStartTime ] [ 6] [956750402] Portal raw packet: 02 02 00 00 07 8e 00 03 64 00 00 03 00 00 00 03 a6 c5 42 47 d7 dc fe 90 f7 6b f7 f0 1d ac 22 47 03 12 00 00 1b c1 00 00 34 8f 00 00 2e e5 00 00 47 d2 0a 06 6e 00 00 fe 26 06 3 *Mar 5 09:50:51:278 2009 wbas-01 PORTAL/7/PORTAL_DEBUG:9 06 da 42 *Mar 5 09:50:51:291 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket receive packet length:83 Portal check packet OK Portal packet head:

www.h3c.com

48

常用调试命令
SN:1934 Type:3 AttrNum:5 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: [ 1 UserName ] [ 6] [test] [ 4 ChapPassWord ] [ 18] [c9dfac05a753553aa730d88b43a27234] [ 3 Challenge ] [ 18] [00001bc10000348f00002ee5000047d2] [ 10 BAS-IP ] [ 6] [110.0.0.254] [ 33 RelayMessage ] [ 3] [] Portal raw packet: 02 03 00 00 07 8e 00 03 64 00 00 03 00 00 00 05 de *Mar 5 09:50:51:291 2009 wbas-01 PORTAL/7/PORTAL_DEBUG:a2 e6 df cb 08 a8 d6 d1 cf 77 dd 39 35 e3 cb 01 06 74 65 73 74 04 12 c9 df ac 05 a7 53 55 3a a7 30 d8 8b 43 a2 72 34 03 12 00 00 1b c1 00 00 34 8f 00 00 2e e5 00 00 47 d2 0a 06 6e 00 00 fe 21 03 00 *Mar 5 09:50:51:358 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: *Mar 5 09:50:51:334 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket receive packet length:32 Portal socket send packet length:113 Portal check packet OK Portal packet head: Portal packet head: SN:1934 Type:4 AttrNum:4 ErrCode:0 UserIP:100.0.0.3 SN:1934 Type:7 AttrNum:0 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: Portal packet attribute list: [ 10 BAS-IP ] [ 6] [110.0.0.254] NULL [ 11 Session-ID ] [ 8] [000aeb2bd0d1] Portal raw packet: [ 33 RelayMessage ] [ 61] [6] 02 07 00 00 07 8e 00 03 64 00 00 03 00 00 00 00 [ 38 DeviceStartTime ] [ 6] [956750402] dc d7 7b 60 db 9f 43 54 9b b7 84 89 5e d7 5c ce Portal raw packet: 02 04 00 00 07 8e 00 03 64 00 00 03 00 00 00 04 79 fa 1e 55 2d b9 b8 cc f2 22 a9 f5 7c 75 70 72 0a 06 6e 00 00 fe 0b 08 00 0a eb 2b d0 d1 21 3d 36 06 00 00 *Mar 5 09:50:51:335 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: 00 00 37 06 00 00 00 00 38 06 00 00 00 00 39 02 3a 06 00 00 00 00 42 06 00 00 00 00 43 11 20 33 30 30 52 30 30 36 42 30 31 44 30 30 32 3d 0a 31 4b 78 43 49 72 42 4b 26 06 39 06 da 42

www.h3c.com

49

常用调试命令
//Portal 用户正常下线debug信息: *Mar 5 10:03:54:938 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket receive packet length:44 Portal check packet OK Portal packet head: SN:0 Type:5 AttrNum:2 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: [ 10 BAS-IP ] [ 6] [110.0.0.254] [ 12 Delay-Time ] [ 6] [] Portal raw packet: 02 05 00 00 00 00 00 00 64 00 00 03 00 00 00 02 d7 7a f5 b2 9a 32 cd ed 1d b1 e8 27 bc be 81 b0 0a 06 6e 00 00 fe 0c 06 00 00 00 00 *Mar 5 10:03:54:938 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket send packet length:44 Portal packet head: SN:0 Type:6 AttrNum:2 ErrCode:3 UserIP:100.0.0.3 Portal packet attribute list: [ 10 BAS-IP ] [ 6] [110.0.0.254] [ 38 DeviceStartTime ] [ 6] [956750402] Portal raw packet: 02 06 00 00 00 00 00 00 64 00 00 03 00 00 03 02 6d f9 a2 e1 b4 42 7c de fd c8 5f 83 07 03 c1 74 0a 06 6e 00 00 fe 26 06 39 06 da 42

www.h3c.com

50

常用调试命令
//portal强制用户下线debug信息: *Mar 5 10:17:21:751 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket send packet length:82 Portal packet head: SN:6 Type:8 AttrNum:4 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: [ 10 BAS-IP ] [ 6] [110.0.0.254] [ 11 Session-ID ] [ 8] [000aeb2bd0d1] [ 5 TextInfo ] [ 30] [Send NTF_LOGOUT when online!] [ 38 DeviceStartTime ] [ 6] [956750402] Portal raw packet: 02 08 00 00 00 06 00 00 64 00 00 03 00 00 00 04 22 0f 7c 60 47 b0 96 52 a7 03 8c 81 58 16 58 e8 0a 06 6e 00 00 fe 0b 08 00 0a eb 2b *Mar 5 10:17:21:751 2009 wbas-01 PORTAL/7/PORTAL_DEBUG:d0 d1 05 1e 53 65 6e 64 20 4e 54 46 5f 4c 4f 47 4f 55 54 20 77 68 65 6e 20 6f 6e 6c 69 6e 65 21 26 06 39 06 da 42 *Mar 5 10:17:21:777 2009 wbas-01 PORTAL/7/PORTAL_DEBUG: Portal socket receive packet length:38 Portal check packet OK Portal packet head: SN:6 Type:14 AttrNum:1 ErrCode:0 UserIP:100.0.0.3 Portal packet attribute list: [ 10 BAS-IP ] [ 6] [110.0.0.254] Portal raw packet: 02 0e 00 00 00 06 00 00 64 00 00 03 00 00 00 01 dd c3 aa b5 ed 42 84 bb de c6 19 3a fc b4 78 f6 0a 06 6e 00 00 fe www.h3c.com

51

常用调试命令
IMC服务器强制用户下线:

www.h3c.com

52

常用调试命令
//Portal acl 的debug信息:
<wbas-01>debugging portal acl int ten0/0.100 *Mar 5 10:49:55:595 2009 wbas-01 DPPORTAL/7/DP_PORTAL_DEBUG: Matched Permit ACL. DPIfIndex=12, SrcIP=100.0.0.3, DstIP=192.168.100.12, Flow=16778020! *Mar 5 10:49:55:835 2009 wbas-01 DPPORTAL/7/DP_PORTAL_DEBUG: DRV_FUNC2: DPIfIndex = 12 SrcIP = 100.0.0.3 SrcMac = 000a-eb2b-d0d1 AuthorACL = 0xFFFFFFFF Operation = ADD *Mar 5 10:49:55:836 2009 wbas-01 DPPORTAL/7/DP_PORTAL_DEBUG: Added Permit ACL: Successfully! RuleID = 0x00000087 Sequence = 0x00000087 *Mar 5 10:49:55:836 2009 wbas-01 PORTAL/7/PORTAL_DEBUG:Add ACL driver return:0 Inbound interface = Ten-GigabitEthernet0/0.100 Type = dynamic Action = permit Source: IP = 100.0.0.3 Mask = 255.255.255.255 Protocol = 0 MAC = 000a-eb2b-d0d1 Interface = Ten-GigabitEthernet0/0.100 VLAN =0 Destination: IP = 0.0.0.0 Mask = 0.0.0.0 TCP Port = 0 Context = 0x00000000,0x00000000 *Mar 5 10:49:55:907 2009 wbas-01 DPPORTAL/7/DP_PORTAL_DEBUG: Matched Permit ACL. DPIfIndex=12, SrcIP=100.0.0.3, DstIP=192.168.100.12, Flow=33554591! *Mar 5 10:50:45:313 2009 wbas-01 DPPORTAL/7/DP_PORTAL_DEBUG: Matched Permit ACL. DPIfIndex=12, SrcIP=100.0.0.3, DstIP=192.168.96.3, Flow=16777430!

www.h3c.com

53

常用调试命令
//查看tcp重定向报文调试信息:
<wbas-01>debugging portal tcp-cheat <wbas-01> *Mar 5 09:41:15:936 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG: Source MAC = 000a-e b2b-d0d1 VLAN = 300, PortIndex = 0 45 00 00 30 02 e2 40 00 80 06 3c b2 64 00 00 03 41 37 15 fa 04 89 00 50 c5 79 d9 0f 00 00 00 00 70 02 ff ff 24 89 00 00 02 04 05 b4 01 01 04 02 *Mar 5 09:41:15:936 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG:A connection of 6400 0003 added! *Mar 5 09:41:15:936 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG: Source MAC = 000a-eb2b-d0d1 VLAN = 300, PortIndex = 0 45 00 00 30 02 e2 40 00 80 06 3c b2 64 00 00 03 41 37 15 fa 04 89 00 50 c5 79 d9 0f 00 00 00 00 70 02 ff ff 24 89 00 00 02 04 05 b4 01 01 04 02 *Mar 5 09:41:15:936 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG:State of connection with source IP 100.0.0.3 is LISTEN! *Mar 5 09:41:15:936 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG: Source MAC = 0000-0 000-0000 VLAN = 0, PortIndex = 0 00 00 00 00 00 00 00 00 00 06 00 18 41 37 15 fa *Mar 5 09:41:15:936 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG:State of connection with source IP 100.0.0.3 changed from LISTEN to SYN_RECVD! *Mar 5 09:41:15:937 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG: Source MAC = 000a-eb2b-d0d1 VLAN = 300, PortIndex = 0 45 00 00 28 02 e4 40 00 80 06 3c b8 64 00 00 03 41 37 15 fa 04 89 00 50 c5 79 d9 10 fa e3 27 45 50 10 ff ff 2f 14 00 00 *Mar 5 09:41:15:937 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG:State of connection with source IP 100.0.0.3 is SYN_RECVD! *Mar 5 09:41:15:937 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG:State of connection with source IP 100.0.0.3 changed from SYN_RECVD to ESTABLISHED! *Mar 5 09:41:15:937 2009 wbas-01 TCPCHEAT/7/TCPCHEAT_DEBUG:State of connection with source IP 100.0.0.3 is ESTABLISHED!

www.h3c.com

54

常用调试命令
//radius debug 信息:
*Mar 5 11:02:28:68 2009 IAG2000-A RDS/7/DEBUG:Recv MSG,[MsgType=Normal auth req uest Index = 3, ulParam3=295802544] //认证请求 *Mar 5 11:02:28:68 2009 IAG2000-A RDS/7/DEBUG:AuthReques include 0 NOTIFY *Mar 5 11:02:28:68 2009 IAG2000-A RDS/7/DEBUG:Send attribute list: *Mar 5 11:02:28:68 2009 IAG2000-A RDS/7/DEBUG: [1 User-name ] [6 ] [test] [3 Challenge-Password ] [19] [03972676E68CAC0DBEA43B45D1BDC07AE2] [60 CHAP_Challenge ] [18] [00004D1D00003D6200001200000068D3] [4 NAS-IP-Address ] [6 ] [192.168.103.130] [32 NAS-Identifier ] [11] [IAG2000-A] [5 NAS-Port ] [6 ] [8192] *Mar 5 11:02:28:68 2009 IAG2000-A RDS/7/DEBUG: [61 NAS-Port-Type ] [6 ] [15] [6 Service-Type ] [6 ] [2] [7 Framed-Protocol ] [6 ] [255] [31 Caller-ID ] [16] [303030302D303030302D30303030] [8 Framed-Address ] [6 ] [210.0.0.4] *Mar 5 11:02:28:68 2009 IAG2000-A RDS/7/DEBUG:Send: IP=[192.168.100.199], UserI ndex=[3], ID=[3], RetryTimes=[0], Code=[1], Length=[126] *Mar 5 11:02:28:69 2009 IAG2000-A RDS/7/DEBUG:Send Raw Packet is: *Mar 5 11:02:28:69 2009 IAG2000-A RDS/7/DEBUG: 01 03 00 7e 00 00 4d 1d 00 00 3d 62 00 00 12 00 00 00 68 d3 01 06 74 65 73 74 03 13 03 97 26 76 e6 8c ac 0d be a4 3b 45 d1 bd c0 7a e2 3c 12 00 00 4d 1d 00 00 3d 62 00 00 12 00 00 00 68 d3 04 06 c0 a8 67 82 20 0b 49 41 47 32 30 30 30 2d 41 05 06 00 00 20 00 3d 06 00 00 00 0f 06 06 00 00 00 02 07 06 00 00 00 ff 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 08 06 d2 00 00 04 *Mar 5 11:02:28:129 2009 IAG2000-A RDS/7/DEBUG:Recv MSG,[MsgType=PKT response I ndex = 171, ulParam3=291961408] *Mar 5 11:02:28:129 2009 IAG2000-A RDS/7/DEBUG:Receive Raw Packet is: *Mar 5 11:02:28:129 2009 IAG2000-A RDS/7/DEBUG: 02 03 00 ab 50 12 bb 2e cc 69 73 01 1a 85 ec 95 1b 06 f3 75 06 06 00 00 00 02 18 0a 42 64 36 45 6a 50 37 48 1d 06 00 00 00 00 1a 0c 00 00 07 db 0f 06 00 a0 00 00 55 06 00 00 02 58 1a 6f 00 00 07 db 3d 69 36 06 00 00 00 00 37 06 00 00 00 00 38 06 00 00 00 00 3a 06 00 00 00 00 3b 2e 68 74 74 70 3a 2f 2f 2f 73 65 6c 66 73 65 72 76 69 63 65 2f 6d 6f 64 50 61 73 73 77 64 31 78 2e 6a 73 70 7c 75 73 65 72 4e 61 6d 65 42 06 00 00 00 00 43 11 56 32 30 30 52 30 30 31 42 30 32 44 30 33 35 3d 0a 42 64 36 45 6a 50 37 48

//认证响应

www.h3c.com

55

常用调试命令
// *Mar 5 11:02:28:129 2009 IAG2000-A RDS/7/DEBUG:Receive:IP=[192.168.100.199],Cod e=[2],Length=[171] *Mar 5 11:02:28:129 2009 IAG2000-A RDS/7/DEBUG: [6 Service-Type ] [6 ] [2] [24 State ] [10] [426436456A503748] [29 Termination-Action ] [6 ] [0] [85 Acct_Interim_Interval ] [6 ] [600] *Mar 5 11:02:28:131 2009 IAG2000-A RDS/7/DEBUG:Recv MSG,[MsgType=Account reques t Index = 3, ulParam3=0] *Mar 5 11:02:28:131 2009 IAG2000-A RDS/7/DEBUG:Send attribute list: *Mar 5 11:02:28:131 2009 IAG2000-A RDS/7/DEBUG: [1 User-name ] [6 ] [test] [32 NAS-Identifier ] [11] [IAG2000-A] [5 NAS-Port ] [6 ] [8192] [61 NAS-Port-Type ] [6 ] [15] [31 Caller-ID ] [16] [303030302D303030302D30303030] [40 Acct-Status-Type ] [6 ] [1] *Mar 5 11:02:28:131 2009 IAG2000-A RDS/7/DEBUG: [45 Acct-Authentic ] [6 ] [1] [44 Acct-Session-Id ] [14] [109020511024] [8 Framed-Address ] [6 ] [210.0.0.4] [4 NAS-IP-Address ] [6 ] [192.168.103.130] [55 Event-Timestamp ] [6 ] [1236250948] *Mar 5 11:02:28:131 2009 IAG2000-A RDS/7/DEBUG:Send: IP=[192.168.100.199], User Index=[3], ID=[28], RetryTimes=[0], Code=[4], Length=[109] *Mar 5 11:02:28:131 2009 IAG2000-A RDS/7/DEBUG:Send Raw Packet is: *Mar 5 11:02:28:131 2009 IAG2000-A RDS/7/DEBUG: 04 1c 00 6d e5 26 34 03 e3 96 40 91 7a b6 d8 6a 0f 3a 3d 74 01 06 74 65 73 74 20 0b 49 41 47 32 30 30 30 2d 41 05 06 00 00 20 00 3d 06 00 00 00 0f 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 28 06 00 00 00 01 2d 06 00 00 00 01 2c 0e 31 30 39 30 32 30 35 31 31 30 32 34 08 06 d2 00 00 04 04 06 c0 a8 67 82 37 06 49 af b1 44 *Mar 5 11:02:28:153 2009 IAG2000-A RDS/7/DEBUG:Recv MSG,[MsgType=PKT response I //计费响应 ndex = 50, ulParam3=291962624] *Mar 5 11:02:28:153 2009 IAG2000-A RDS/7/DEBUG:Receive Raw Packet is: *Mar 5 11:02:28:153 2009 IAG2000-A RDS/7/DEBUG: 05 1c 00 32 3b 6c 3a 57 42 04 9f de 96 ac eb ad 11 c4 03 23 1a 1e 00 00 07 db 3d 18 3d 0a 42 64 36 45 6a 50 37 48 3e 06 01 00 00 7f 3f 06 3b 23 00 00

//计费请求

www.h3c.com

56

常用调试命令
<IAG2000-A> *Mar 5 11:11:45:795 2009 IAG2000-A RDS/7/DEBUG:Send attribute list: *Mar 5 11:11:45:796 2009 IAG2000-A RDS/7/DEBUG: [1 User-name ] [6 ] [test] [32 NAS-Identifier ] [11] [IAG2000-A] [5 NAS-Port ] [6 ] [8192] [61 NAS-Port-Type ] [6 ] [15] [31 Caller-ID ] [16] [303030302D303030302D30303030] [40 Acct-Status-Type ] [6 ] [3] //计费更新报文 *Mar 5 11:11:45:796 2009 IAG2000-A RDS/7/DEBUG: [45 Acct-Authentic ] [6 ] [1] [44 Acct-Session-Id ] [14] [109020511024] [8 Framed-Address ] [6 ] [210.0.0.4] [4 NAS-IP-Address ] [6 ] [192.168.103.130] [55 Event-Timestamp ] [6 ] [1236251505] [46 Acct-Session-Time ] [6 ] [557] *Mar 5 11:11:45:796 2009 IAG2000-A RDS/7/DEBUG: [41 Acct-Delay-Time ] [6 ] [0] [42 Acct-Input-Octets ] [6 ] [12085] [47 Acct-Input-Packets ] [6 ] [42] [43 Acct-Output-Octets ] [6 ] [34512] [48 Acct-Output-Packets ] [6 ] [38] [52 Acct_Input_Gigawords ] [6 ] [0] *Mar 5 11:11:45:796 2009 IAG2000-A RDS/7/DEBUG: [53 Acct_Output_Gigawords ] [6 ] [0] *Mar 5 11:11:45:796 2009 IAG2000-A RDS/7/DEBUG:Send: IP=[192.168.100.199], User Index=[3], ID=[32], RetryTimes=[0], Code=[4], Length=[157] *Mar 5 11:11:45:796 2009 IAG2000-A RDS/7/DEBUG:Send Raw Packet is: *Mar 5 11:11:45:796 2009 IAG2000-A RDS/7/DEBUG: 04 20 00 9d ab 46 ee 0c 1d 19 77 ed a3 b7 5f 2f 89 aa 33 75 01 06 74 65 73 74 20 0b 49 41 47 32 30 30 30 2d 41 05 06 00 00 20 00 3d 06 00 00 00 0f 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 28 06 00 00 00 03 2d 06 00 00 00 01 2c 0e 31 30 39 30 32 30 35 31 31 30 32 34 08 06 d2 00 00 04 04 06 c0 a8 67 82 37 06 49 af b3 71 2e 06 00 00 02 2d 29 06 00 00 00 00 2a 06 00 00 2f 35 2f 06 00 00 00 2a 2b 06 00 00 86 d0 30 06 00 00 00 26 34 06 00 00 00 00 35 06 00 00 00 00 *Mar 5 11:11:45:845 2009 IAG2000-A RDS/7/DEBUG:Recv MSG,[MsgType=PKT response I ndex = 32, ulParam3=291963328] *Mar 5 11:11:45:845 2009 IAG2000-A RDS/7/DEBUG:Receive Raw Packet is: *Mar 5 11:11:45:845 2009 IAG2000-A RDS/7/DEBUG: 05 20 00 20 b6 2e 0b ba 9a 6a dd 36 c0 de b2 21 30 c2 99 9f 1a 0c 00 00 07 db 0f 06 00 9f 49 fb

www.h3c.com

57

常用调试命令
*Mar 5 11:17:31:326 2009 IAG2000-A RDS/7/DEBUG:Recv MSG,[MsgType=Account off request Index = 3, ulParam3=0] *Mar 5 11:17:31:326 2009 IAG2000-A RDS/7/DEBUG: Event: No timer info available. *Mar 5 11:17:31:326 2009 IAG2000-A RDS/7/DEBUG:Send attribute list: *Mar 5 11:17:31:326 2009 IAG2000-A RDS/7/DEBUG: [1 User-name ] [6 ] [test] [32 NAS-Identifier ] [11] [IAG2000-A] [5 NAS-Port ] [6 ] [8192] [61 NAS-Port-Type ] [6 ] [15] [31 Caller-ID ] [16] [303030302D303030302D30303030] [40 Acct-Status-Type ] [6 ] [2] *Mar 5 11:17:31:326 2009 IAG2000-A RDS/7/DEBUG: [45 Acct-Authentic ] [6 ] [1] [44 Acct-Session-Id ] [14] [109020511024] [8 Framed-Address ] [6 ] [210.0.0.4] [4 NAS-IP-Address ] [6 ] [192.168.103.130] [55 Event-Timestamp ] [6 ] [1236251851] [46 Acct-Session-Time ] [6 ] [902] *Mar 5 11:17:31:326 2009 IAG2000-A RDS/7/DEBUG: [41 Acct-Delay-Time ] [6 ] [1] [42 Acct-Input-Octets ] [6 ] [12859] [47 Acct-Input-Packets ] [6 ] [49] [43 Acct-Output-Octets ] [6 ] [34512] [48 Acct-Output-Packets ] [6 ] [38] [52 Acct_Input_Gigawords ] [6 ] [0] *Mar 5 11:17:31:327 2009 IAG2000-A RDS/7/DEBUG: [53 Acct_Output_Gigawords ] [6 ] [0] [49 Terminate-Cause ] [6 ] [1] *Mar 5 11:17:31:327 2009 IAG2000-A RDS/7/DEBUG:Send: IP=[192.168.100.199], User Index=[3], ID=[34], RetryTimes=[0], Code=[4], Length=[163] *Mar 5 11:17:31:327 2009 IAG2000-A RDS/7/DEBUG:Send Raw Packet is: *Mar 5 11:17:31:327 2009 IAG2000-A RDS/7/DEBUG: 04 22 00 a3 26 38 7e 5f 7e 19 ca a0 d3 dd 5f 23 c0 2a b7 a6 01 06 74 65 73 74 20 0b 49 41 47 32 30 30 30 2d 41 05 06 00 00 20 00 3d 06 00 00 00 0f 1f 10 30 30 30 30 2d 30 30 30 30 2d 30 30 30 30 28 06 00 00 00 02 2d 06 00 00 00 01 2c 0e 31 30 39 30 32 30 35 31 31 30 32 34 08 06 d2 00 00 04 04 06 c0 a8 67 82 37 06 49 af b4 cb 2e 06 00 00 03 86 29 06 00 00 00 01 2a 06 00 00 32 3b 2f 06 00 00 00 31 2b 06 00 00 86 d0 30 06 00 00 00 26 34 06 00 00 00 00 35 06 00 00 00 00 31 06 00 00 00 01 *Mar 5 11:17:31:411 2009 IAG2000-A RDS/7/DEBUG:Recv MSG,[MsgType=PKT response I ndex = 20, ulParam3=291963136] *Mar 5 11:17:31:411 2009 IAG2000-A RDS/7/DEBUG:Receive Raw Packet is: //计费停止报文

www.h3c.com

58

杭州华三通信技术有限公司 www.h3c.com


相关文章:
75插卡开局配置
AG开局配置指导 4页 免费 H3C SecBlade IAG插卡 Web... 15页 免费喜欢...ACG以OAA方式和S75E主控板进行互通,实现原理可参考 《OAA项目培训》胶片,这里...
H3C SecCenter A1000 开局指导书(V1.00)
H3C SecBlade IAG 智能接... 63页 免费 喜欢此文档的还喜欢 H3C_云计算及下一代数据... 73页 免费 DPtech IPS培训胶片 77页 免费 UAG培训胶片 68页 免费 ...
H3C运营商服务汇报(用户版)宣讲指导书
H3C SecBlade IAG 智能接... 63页 免费H​3​C​运​营​商​服...(用户版)宣讲指导书》 P24、开放式平台,自助提升运维技能 除了正规的培训之外,...
MA5100V100R003B05开局指导书V2.0-20030110-B (2)
132页 免费 TD-SCDMA 基于PTN承载网... 57页 4下载券 H3C SecBlade IAG 智能接... 63页 免费 H3C iVS8000视频监控系统... 85页 4下载券M...
H3C SecPath IAG5000-A5 开局指导书V1.1
H3C SecBlade IAG 智能接入... 63页 免费 H3C SecPath T系列IPS开局... 65...www.h3c.com 1 介绍 1.1 产品介绍 IAG5000产品为高端机架式设备,是华三公司...
iVS9000解决方案开局指导书(MS分册)
45页 免费 H3C+iVS监控解决方案建议书... 67页 免费 H3C SecBlade IAG 智能接入... 63页 免费 H3C MS8000媒体交换服务器... 37页 免费如...
ZXSM-S320(V2)开局指导书
H3C SecBlade IAG 智能接... 63页 免费 MA5100V100R003B05开局指... 暂无评价 117页 1下载券 TD-SCDMA基于PTN承载网1... 38页 1下载券 TD-SCDMA 基于PT...
校园网安全系统规划设计
? 无限的接口 相对一般盒式安全设备只能提供数量很少的接口而言,SecBlade 插卡可...? 易部署、易实施 通过使用 IAG 智能业务网关模块, 可利于运营商网络的快速...
更多相关标签:
作文培训ygwo | 倾品小吃培训 | 奶茶培训溢康池 | 华飞小吃培训 | 华飞餐饮培训 | 华飞餐饮培训官网 | 语文培训ygwo | 欧洲多国反恐培训 |