问题描述:
mac准入配置部分:
radius scheme sangfor_rad
primary authentication 172.16.48.200
primary accounting 172.16.48.200
key authentication simple XXXkey accounting simple XXX
nas-ip 172.17.44.121
user-name-format without-domain
domain ***.***
authentication lan-access radius-scheme sangfor_rad
authorization lan-access radius-scheme sangfor_rad
accounting lan-access radius-scheme sangfor_rad
dot1x
dot1x authentication-method eap
dot1x retry 5
mac-authentication
mac-authentication user-name-format mac-address with-hyphen lowercase
mac-authentication access-user log enable failed-login logoff successful-login
domain default enable ***.***
接口准入部分:
[H3C_12F2-GigabitEthernet1/0/1]dis th
#
interface GigabitEthernet1/0/1
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 32 untagged
port hybrid pvid vlan 32
poe enable
dot1x
dot1x mandatory-domain ***.***
dot1x re-authenticate
dot1x guest-vlan 1
dot1x auth-fail vlan 32
dot1x critical vlan 32
mac-authentication
mac-authentication domain ***.***
mac-authentication guest-vlan 1
mac-authentication critical vlan 32
逃生失败日志:
[H3C_12F2-GigabitEthernet1/0/1]%Feb 21 02:11:49:732 2013 H3C_12F2 IFNET/3/PHY_UPDOWN: Physical state on the interface GigabitEthernet1/0/1 changed to up.
%Feb 21 02:11:49:754 2013 H3C_12F2 IFNET/5/LINK_UPDOWN: Line protocol state on the interface GigabitEthernet1/0/1 changed to up.
%Feb 21 02:11:50:083 2013 H3C_12F2 LLDP/6/LLDP_CREATE_NEIGHBOR: Nearest bridge agent neighbor created on port GigabitEthernet1/0/1 (IfIndex 1), neighbor's chassis ID is 张三, port ID is 00e0-4c68-0328.
%Feb 21 02:12:10:883 2013 H3C_12F2 MACA/6/MACA_LOGIN_FAILURE: -IfName=GigabitEthernet1/0/1-MACAddr=00e0-4c68-0328-VLANID=32-Username=00-e0-4c-68-03-28-UsernameFormat=MAC address; User failed MAC authentication. Reason:Authentication process failed.
[H3C_12F2-GigabitEthernet1/0/1]dis mac-au
Global MAC authentication parameters:
MAC authentication : Enabled
Authentication method : PAP
Username format : MAC address in lowercase(xx-xx-xx-xx-xx-xx)
Username : mac
Password : Not configured
MAC range accounts : 0
MAC address Mask Username
Offline detect period : 300 s
Quiet period : 60 s
Server timeout : 100 s
Reauth period : 3600 s
User aging period for critical VLAN : 1000 s
User aging period for guest VLAN : 1000 s
Temporary user aging period : 60 s
Authentication domain : Not configured, use default domain
Online MAC-auth wired users : 0
Silent MAC users:
MAC address VLAN ID From port Port index
00e0-4c68-0328 32 GE1/0/1 1
GigabitEthernet1/0/1 is link-up
MAC authentication : Enabled
Carry User-IP : Disabled
Authentication domain : ***.***
Auth-delay timer : Disabled
Periodic reauth : Disabled
Re-auth server-unreachable : Logoff
Guest VLAN : 1
Guest VLAN reauthentication : Enabled
Guest VLAN auth-period : 30 s
Critical VLAN : 32
Critical voice VLAN : Disabled
Host mode : Single VLAN
Offline detection : Enabled
Authentication order : Default
User aging : Enabled
Server-recovery online-user-sync : Disabled
Auto-tag feature : Disabled
VLAN tag configuration ignoring : Disabled
Max online users : 4294967295
Authentication attempts : successful 1, failed 37
Current online users : 0
MAC address Auth state
- 2024-06-13提问
- 举报
-
(0)
最佳答案
联系服务器侧看下认证失败原因吧
Authentication attempts : successful 1, failed 37
目前从设备状态信息看有终端认证成功,大概率不是5130设备本身问题。
建议优先根据服务器侧日志进一步定位或自行检查下配置和组网细节吧
- 2024-06-13回答
- 评论(2)
- 举报
-
(0)
因为是测试逃生vlan,在radius服务器down的情况下进入逃生vlan的,是我手动关闭了radius服务器
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
仔细检查下吧,或联系400热线或对接渠道H3C认证代理商由专业工程师定位下吧