无
某局点采用WA4320-ACN-E做为胖AP使用,提供无线接入,为了提高安全性,开启了802.1X认证,现场已部署多个局点都使用正常,但是有一个局点出现了重复认证的情况,检查现场配置并无明显异常。
查看配置并无明显异常,跟其他局点的配置是一致的,握手机制也关闭了,radius 配置也无问题,最后建议现场收集debug信息反馈。查看debug信息发现计费服务器无响应,怀疑是计费服务器有问题,建议现场关闭测试。
interface WLAN-BSS50
port access vlan 20
port-security port-mode userlogin-secure-ext
port-security tx-key-type 11key
undo dot1x handshake
dot1x mandatory-domain 802.1x
undo dot1x multicast-trigger
radius scheme 802.1x
primary authentication 192.168.0.x
primary accounting 192.168.0.x
key authentication cipher $c$3$JBBOpOK0rv9HU+VX62ROxx9lKsOgH7Kv5V/+
key accounting cipher $c$3$gBfZd10d9zUgMiiWK2ohuO+86AHDv08ti5pa
user-name-format without-domain
nas-ip 192.168.20.x
#
domain 802.1x
authentication lan-access radius-scheme 802.1x
authorization lan-access radius-scheme 802.1x
accounting lan-access radius-scheme 802.1x
关键debug信息:
Jan 10 15:25:33:397 2009 AP-06 RDS/7/DEBUG: Recv MSG,[MsgType=PKT acct_timeout Index = 36, ulParam3=0]
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 1 packet.
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG:
Event: No active RADIUS server is available for switching when sending packet (pkt-flag = 1).
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG: Free seed:122 in 192.168.0.241 for User ID:36
*Jan 10 15:25:33:398 2009 AP-06 RDS/7/DEBUG:
Error: Accounting server no response.(AAAID = 36, Req-ID = 0)
最后把计费配置为none 之后,重新测试,问题解决。
domain 802.1x
authentication lan-access radius-scheme 802.1x
authorization lan-access radius-scheme 802.1x
accounting lan-access none
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作