• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

Adcampus开局mac portal认证终端无法上线

2023-12-23提问
  • 0关注
  • 0收藏,701浏览
粉丝:0人 关注:0人

问题描述:

Adcampus开局,拓扑采用spine--leaf--access结构,按照官网Adcampus6.3指导手册进行mac portal配置,完成相关配置后终端无法正常通过mac portal上线,在leaf设备上进行debug,有以下信息,请帮忙分析下是哪一步操作由问题。认证终端是有线PC,接入access设备G1/0/23口,有线终端上无法获取到IP地址。

 

<dlb_leaf>*Dec 23 13:40:24:621 2023 dlb_leaf MACA/7/EVENT: Processing new mac event: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:622 2023 dlb_leaf MACA/7/EVENT: State changed from Initialize to Authenticating: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:622 2023 dlb_leaf MACA/7/EVENT: User is being authenticated with name 0cda411d2ea3 and password ***: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:623 2023 dlb_leaf MACA/7/EVENT: Started server timeout timer: Length=100(s), UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:623 2023 dlb_leaf MACA/7/EVENT: MACA authentication begin set IP Address to PAM.

*Dec 23 13:40:24:626 2023 dlb_leaf MACA/7/EVENT: AAA processed authentication request: Result=Processing, UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:627 2023 dlb_leaf MACA/7/EVENT: Notified PortSec of new MAC processing result 1: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:629 2023 dlb_leaf MACA/7/EVENT: Received authentication response with code 26: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:630 2023 dlb_leaf MACA/7/EVENT: State changed from Authenticating to Disconnect: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:630 2023 dlb_leaf MACA/7/EVENT: Deleted server timeout timer: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:631 2023 dlb_leaf MACA/7/EVENT: Failed to get user traffic statistics: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:632 2023 dlb_leaf MACA/7/EVENT: User failed to come online (UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1). Reason: The RADIUS server rejected the authentication request.

*Dec 23 13:40:24:633 2023 dlb_leaf MACA/7/EVENT: A user was deleted: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:634 2023 dlb_leaf MACA/7/EVENT: Processing AuthenFail event: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:634 2023 dlb_leaf MACA/7/EVENT: Notified PortSec of AuthenFail result: Result=1, UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

*Dec 23 13:40:24:639 2023 dlb_leaf MACA/7/EVENT: Added a silent MAC address: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.

最佳答案

粉丝:6人 关注:7人

到了输入密码这一步吗?

回复WangTao_1983:

那可能需要检查下接口组的配置,已经mac portal 的相关配置了,策略模板,以及应用

Arbeiter 发表时间:2023-12-23 更多>>

没有,终端还没获取到地址

WangTao_1983 发表时间:2023-12-23

交换机上看下是否存在mac认证表项,如果没有检查一下相关配置?

Arbeiter 发表时间:2023-12-23

交换机上没有认证表项,配置都是按照手册来配置的,看debug信息是radius服务器拒绝了认证请求

WangTao_1983 发表时间:2023-12-23
回复WangTao_1983:

控制器-分析-认证失败记录看下是否存在对应条目

Arbeiter 发表时间:2023-12-23

没有条目

WangTao_1983 发表时间:2023-12-23

radius 服务器通吗?dis radius scheme

Arbeiter 发表时间:2023-12-23

<dlb_leaf>display radius scheme Total 2 RADIUS schemes ------------------------------------------------------------------ RADIUS scheme name: system Index: 0 Primary authentication server: Host name: Not Configured IP : Not Configured Port: 1812 VPN : Not configured State: Blocked Test profile: Not configured Weight: 0 Primary accounting server: Host name: Not Configured IP : Not Configured Port: 1813 VPN : Not configured State: Blocked Weight: 0 Accounting-On function : Disabled extended function : Disabled retransmission times : 50 retransmission interval(seconds) : 3 Timeout Interval(seconds) : 3 Retransmission Times : 3 Retransmission Times for Accounting Update : 5 Server Quiet Period(minutes) : 5 Realtime Accounting Interval(seconds) : 720 Stop-accounting packets buffering : Enabled Retransmission times : 500 NAS IP Address : Not configured Local NAS IP Address : Not configured NAS IP Address : Not configured VPN : Not configured User Name Format : without-domain Data flow unit : Byte Packet unit : One Attribute 15 check-mode : Strict Attribute 25 : Standard Attribute Remanent-Volume unit : Kilo server-load-sharing : Disabled Attribute 30 format : HH-HH-HH-HH-HH-HH:SSID Attribute 30 MAC format : HH-HH-HH-HH-HH-HH Attribute 31 MAC format : HH-HH-HH-HH-HH-HH Stop-accounting packets send-force : Disabled Reauthentication server selection : Inherit Attribute 218 of vendor ID 25506 : DHCP-Option 61 Format 1 (1-byte Type field) ------------------------------------------------------------------ RADIUS scheme name: byod Index: 1 Primary authentication server: Host name: Not Configured IP : 10.0.55.1 Port: 1812 VPN : vpn-default State: Active (duration: 0 weeks, 0 days, 4 hours, 12 minutes, 36 seconds) Most recent blocked period: 2023/12/23 12:22:46 - 2023/12/23 12:27:47 Test profile: Not configured Weight: 0 Primary accounting server: Host name: Not Configured IP : 10.0.55.1 Port: 1813 VPN : vpn-default State: Active (duration: 0 weeks, 0 days, 4 hours, 18 minutes, 34 seconds) Weight: 0 Accounting-On function : Enabled extended function : Disabled retransmission times : 255 retransmission interval(seconds) : 15 Timeout Interval(seconds) : 3 Retransmission Times : 3 Retransmission Times for Accounting Update : 5 Server Quiet Period(minutes) : 5 Realtime Accounting Interval(seconds) : 900 Stop-accounting packets buffering : Enabled Retransmission times : 500 NAS IP Address : Not configured Local NAS IP Address : Not configured NAS IP Address : Not configured VPN : vpn-default User Name Format : without-domain Data flow unit : Byte Packet unit : One Attribute 15 check-mode : Strict Attribute 25 : Standard Attribute Remanent-Volume unit : Kilo server-load-sharing : Disabled Attribute 30 format : HH-HH-HH-HH-HH-HH:SSID Attribute 30 MAC format : HH-HH-HH-HH-HH-HH Attribute 31 MAC format : HH-HH-HH-HH-HH-HH Stop-accounting packets send-force : Enabled Reauthentication server selection : Inherit Attribute 218 of vendor ID 25506 : DHCP-Option 61 Format 1 (1-byte Type field) ------------------------------------------------------------------ <dlb_leaf>ping 10.0.55.1 Ping 10.0.55.1 (10.0.55.1): 56 data bytes, press CTRL+C to break 56 bytes from 10.0.55.1: icmp_seq=0 ttl=63 time=1.922 ms 56 bytes from 10.0.55.1: icmp_seq=1 ttl=63 time=1.337 ms 56 bytes from 10.0.55.1: icmp_seq=2 ttl=63 time=1.358 ms 56 bytes from 10.0.55.1: icmp_seq=3 ttl=63 time=1.396 ms 56 bytes from 10.0.55.1: icmp_seq=4 ttl=63 time=1.370 ms --- Ping statistics for 10.0.55.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.337/1.477/1.922/0.224 ms <dlb_leaf>%Dec 23 16:41:00:108 2023 dlb_leaf PING/6/PING_STATISTICS: Ping statistics for 10.0.55.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.337/1.477/1.922/0.224 ms. radius服务器是通的

WangTao_1983 发表时间:2023-12-23
回复WangTao_1983:

那可能需要检查下接口组的配置,已经mac portal 的相关配置了,策略模板,以及应用

Arbeiter 发表时间:2023-12-23
0 个回答

该问题暂时没有网友解答

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明