ac的dhcp池里option43配錯導致ap無法上線問題排查過程

dhcp池里ac地址配錯，導致ap無法上線問題排查過程

問題：ap手動設置ac的ip正常注冊在線，但dhcp獲得ip和ac地址發現無法在ac上注冊成功。

組網：

ac旁路結構，路由器lan口地址172.16.1.1，開dhcp服務，option43提供ac的地址172.16.1.206，地址池172.16.100-200，網關ip172.16.1.1。

解決過程：

如上圖，路由器上開dhcp服務，給ap提供dhcp服務，dhcp池設置ip范圍是172.16.1.100-172.16.1.200，掩碼24，gw是172.16.1.1，ac的地址是172.16.1.206

ap1上電后，查看dhcp分配情況，發現分配地址是172.16.1.200，但在ac172.16.1.206上看不到ap1上線

路由器上

ac上

ap1 ping正常

登錄ap，設置ac地址為手動配置172.16.1.206，并在路由器4口抓包

發現ac上，看到ap上線了

抓包tcpdump? -i eth4?? -nnev? udp port? 5246? -c 20 抓ap的capwap消息，udp port是5246，并抓20包自動退出-c 20，-nnev是關閉dns查詢，數字化顯示，顯示mac地址，并顯示詳情

tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 262144 bytes

17:29:35.427300 6c:ef:c6:65:ab:c0 > 64:c3:41:b2:18:21, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 43379, offset 0, flags [DF], proto UDP (17), length 553)

??? 172.16.1.200.5246 > 172.16.1.206.5246: UDP, length 525

17:29:35.427579 64:c3:41:b2:18:21 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 277: (tos 0x7,CE, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 263)

??? 172.16.1.206.5246 > 172.16.1.200.5246: UDP, length 235

17:29:40.429262 6c:ef:c6:65:ab:c0 > 64:c3:41:b2:18:21, ethertype IPv4 (0x0800), length 825: (tos 0x7,CE, ttl 64, id 43559, offset 0, flags [DF], proto UDP (17), length 811)

??? 172.16.1.200.5246 > 172.16.1.206.5246: UDP, length 783

17:29:40.429650 64:c3:41:b2:18:21 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 277: (tos 0x7,CE, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 263)

??? 172.16.1.206.5246 > 172.16.1.200.5246: UDP, length 235

17:29:40.431498 6c:ef:c6:65:ab:c0 > 64:c3:41:b2:18:21, ethertype IPv4 (0x0800), length 603: (tos 0x7,CE, ttl 64, id 43560, offset 0, flags [DF], proto UDP (17), length 589)

??? 172.16.1.200.5246 > 172.16.1.206.5246: UDP, length 561

17:29:40.432161 64:c3:41:b2:18:21 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 1050: (tos 0x7,CE, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 1036)

??? 172.16.1.206.5246 > 172.16.1.200.5246: UDP, length 1008

17:29:40.616124 6c:ef:c6:65:ab:c0 > 64:c3:41:b2:18:21, ethertype IPv4 (0x0800), length 80: (tos 0x7,CE, ttl 64, id 43564, offset 0, flags [DF], proto UDP (17), length 66)

??? 172.16.1.200.5246 > 172.16.1.206.5246: UDP, length 38

17:29:40.616458 64:c3:41:b2:18:21 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 60: (tos 0x7,CE, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 44)

???

發現ap的mac是6c:ef:c6:65:ab:c0，ip是172.16.1.200，ac的ip是172.168.1.206，mac地址是64:c3:41:b2:18:21，2毫秒后，開始有響應。

root@IIIoT:~# arp? -n?? ap上執行命令arp -n
IP address?????? HW type???? Flags?????? HW address??????????? Mask???? Device
172.16.1.1?????? 0x1???????? 0x2???????? 20:1f:54:f5:36:61???? *??????? br-wan
172.16.1.206???? 0x1???????? 0x2???????? 64:c3:41:b2:18:21???? *??????? br-wan

ap的banner顯示mac地址

NAME:?????????? WAP6240-IE
?MAC:??????????? 6c:ef:c6:65:ab:c0

奇怪，刪除ap上手動配置ac地址，改成從dhcp的option43里獲取ac地址，重啟ap，在路由器上再次抓包

~ # tcpdump? -i eth4? -nnev? udp port? 5246? -c 20

tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 262144 bytes

17:58:51.777366 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 52870, offset 0, flags [DF], proto UDP (17), length 553)發給了這個mac地址

??? 172.16.1.200.5246 > 17.16.1.206.5246: UDP, length 525? 發出的目的ip 是17.16.1.206，好像ip錯了，正確的ip是172.16.1.206，ip第一段錯了

17:58:58.793246 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 53510, offset 0, flags [DF], proto UDP (17), length 553)

??? 172.16.1.200.5246 > 17.16.1.206.5246: UDP, length 525? 沒有響應，在重發

17:59:22.803515 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 54484, offset 0, flags [DF], proto UDP (17), length 553)

??? 172.16.1.200.5246 > 17.16.1.206.5246: UDP, length 525 沒有響應，在重發

17:59:52.823960 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 56270, offset 0, flags [DF], proto UDP (17), length 553)

??? 172.16.1.200.5246 > 17.16.1.206.5246: UDP, length 525? 沒有響應，在重發

18:00:18.835629 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 57090, offset 0, flags [DF], proto UDP (17), length 553)

??? 172.16.1.200.5246 > 17.16.1.206.5246: UDP, length 525? 沒有響應，在重發

18:00:20.843741 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 57274, offset 0, flags [DF], proto UDP (17), length 553)

??? 172.16.1.200.5246 > 17.16.1.206.5246: UDP, length 525? 沒有響應，在重發

18:00:39.874509 6c:ef:c6:65:ab:c0 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800), length 567: (tos 0x7,CE, ttl 64, id 18424, offset 0, flags [DF], proto UDP (17), length 553)

??? 172.16.1.200.5246 > 255.255.255.255.5246: UDP, length 525? 發出二層廣播和三層廣播發現消息

18:00:39.875037 64:c3:41:b2:18:21 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 277: (tos 0x7,CE, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 263)

??? 172.16.1.206.5246 > 172.16.1.200.5246: UDP, length 235? 有ac的響應

18:00:39.875166 20:1f:54:f5:36:61 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 277: (tos 0x7,CE, ttl 64, id 53519, offset 0, flags [DF], proto UDP (17), length 263)

??? 172.16.1.1.5246 > 172.16.1.200.5246: UDP, length 235? 有另一個ac的響應

18:00:44.876971 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 825: (tos 0x7,CE, ttl 64, id 46801, offset 0, flags [DF], proto UDP (17), length 811)

172.16.1.200.5246 > 172.16.1.1.5246: UDP, length 783? 選擇向這個ac的響應

18:00:44.877689 20:1f:54:f5:36:61 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 277: (tos 0x7,CE, ttl 64, id 54647, offset 0, flags [DF], proto UDP (17), length 263)

??? 172.16.1.1.5246 > 172.16.1.200.5246: UDP, length 235

18:00:44.879582 6c:ef:c6:65:ab:c0 > 20:1f:54:f5:36:61, ethertype IPv4 (0x0800), length 603: (tos 0x7,CE, ttl 64, id 46802, offset 0, flags [DF], proto UDP (17), length 589)

? 發現最初ap發出的ip錯誤，mac地址發給20:1f:54:f5:36:61查詢發現是路由器lan口地址，重發幾次后，發出廣播消息，所有的ac都會響應。

XOS#show? ip arp
?? IP Address?????? MAC Address???? Interface? Type
?? 172.16.1.187? c0:a6:6d:45:06:80? vlan1.3???? ether
? 172.16.81.205? 00:0f:c9:24:10:b1? vlan1.1???? ether
???? 172.16.1.1? 20:1f:54:f5:36:61? vlan1.3???? ether?? 發現這是路由器lan口地址對應mac是20:1f:54:f5:36:61，最初ap的capwap消息發給了路由器lan口mac地址
?? 172.16.1.200? 6c:ef:c6:65:ab:c0? vlan1.3???? ether
Total arp count : 4?

tcpdump不好判斷，生成抓包文件，下載下拉查看

/mnt/userspace # tcpdump? -i eth4? -w? abc0.pcap 生成抓包文件

tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 262144 bytes

^C311 packets captured? 中斷后生成文件

313 packets received by filter

0 packets dropped by kernel

crt打開tftp服務器，準備傳出文件

cmd下查看udp69端口是否打開？

C:\>netstat? -aon | findstr :69??? 查看69端口是那個進程號打開，行尾紅色為進程號，本例為22560
? UDP??? 0.0.0.0:69???????????? *:*??????????????????????????????????? 22560
? UDP??? [::]:69??????????????? *:*?????????????????????????????????? ? ?? 22560

C:\>tasklist? | findstr? 22560?? 根據進程號查詢文件名
SecureCRT.exe??????????????? 22560 Console??????????????????? 1???? 59,104 K 證明是crt打開了文件

確定文件保存目錄

路由器里傳出文件

/mnt/userspace # tftp? -pl? abc0.pcap?? 172.16.81.205? tftp傳出文件

abc0.pcap??????????? 100% |*************************************************************| 34733? 0:00:00 ETA傳遞完成

在已經獲得tftp目錄下打開抓包文件，并過濾bootp，arp和capwap消息

現在問題是dhcp獲得的ac地址錯誤，導致ap注冊關聯消息發給網關

檢查一下dhcp的offer消息

Value: 800c0131372e31362e312e323036?? 17.16.1.206

在ap上查詢

root@IIIoT:~#

root@IIIoT:~# cd? /tmp

root@IIIoT:/tmp# cat? wtp.cfg? dhcp獲得ac的地址，

<WTP_DHCP_AC_IPV4_ADDR> 17.16.1.206?? 發現這個地址錯誤

root@IIIoT:/tmp# cat wtp.ip?? 這是目前ap連接的ac的ip地址

172.16.1.1? 發現是網關的地址

在路由器上查看配置

修正

路由器上重新抓包查看：

tcpdump? -i eth4 -nnev? ether host 6c:ef:c6:65:ab:c0

19:56:08.315353 20:1f:54:f5:36:61 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 342: (tos 0x10, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 328)

??? 172.16.1.1.67 > 172.16.1.200.68: BOOTP/DHCP, Reply, length 300, xid 0xaf764a47, Flags [none]

????????? Your-IP 172.16.1.200

????????? Client-Ethernet-Address 6c:ef:c6:65:ab:c0

????????? Vendor-rfc1048 Extensions

??????????? Magic Cookie 0x63825363

??????????? DHCP-Message Option 53, length 1: Offer

??????????? Server-ID Option 54, length 4: 172.16.1.1

??????????? Lease-Time Option 51, length 4: 86400

??????????? Subnet-Mask Option 1, length 4: 255.255.255.0

??????????? Default-Gateway Option 3, length 4: 172.16.1.1

??????????? Domain-Name-Server Option 6, length 4: 114.114.114.114

Vendor-Option Option 43, length 15: 128.13.1.49.55.50.46.49.54.46.49.46.50.48.54

??? ascii碼顯示的ac地址 ? ? ? ? ? ? ? ? ? ? ???????????????????? 1 7 ?2? .? 1 ?6? . 1? .? 2? 0 6?

19:56:09.304704 6c:ef:c6:65:ab:c0 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Request who-has 172.16.1.206 tell 172.16.1.200, length 46? arp查詢

19:56:09.305024 64:c3:41:b2:18:21 > 6c:ef:c6:65:ab:c0, ethertype ARP (0x0806), length 60: Ethernet (len 6), IPv4 (len 4), Reply 172.16.1.206 is-at 64:c3:41:b2:18:21, length 46 arp響應

capwap消息

19:56:14.311909 6c:ef:c6:65:ab:c0 > 64:c3:41:b2:18:21, ethertype IPv4 (0x0800), length 825: (tos 0x7,CE, ttl 64, id 18791, offset 0, flags [DF], proto UDP (17), length 811)

??? 172.16.1.200.5246 > 172.16.1.206.5246: UDP, length 783? 注冊消息

19:56:14.312308 64:c3:41:b2:18:21 > 6c:ef:c6:65:ab:c0, ethertype IPv4 (0x0800), length 277: (tos 0x7,CE, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 263)

??? 172.16.1.206.5246 > 172.16.1.200.5246: UDP, length 235? 響應

問題總結：

原以為dhcp獲得的ac地址和手動設置ac地址兩個發discover包會有所區別，起始沒有區別。

獲得地址錯誤，查詢路由器發現不是直連路由，會發向網關mac地址。