交换机结合IMC做远程portal认证,IMC侧为portal服务器端
客户端可以正常弹出认证但是输入用户名密码之后提示认证超时。
1、查看portal认证的过程,既然已经弹出认证界面,那证明设备侧已经重定向了http界面且已经进入了req—info报文交互阶段。
2、查看debug portal 和radius信息,查看可以看到已经进入了req_quth阶段和access_request阶段:
Portal received 64 bytes of packet: Type=req_auth(3), ErrCode=0,
*Mar 8 06:50:03:447 2021 XZ-huiju PORTAL/7/FSM: Auth-SM [10.103.1.5]: Entered state Authenticating.
*Mar 8 06:50:03:447 2021 XZ-huiju RADIUS/7/EVENT: PAM_RADIUS: Processing RADIUS authentication.
*Mar 8 06:50:03:447 2021 XZ-huiju RADIUS/7/EVENT: Processing AAA request data. *Mar 8 06:50:03:447 2021 XZ-huiju RADIUS/7/EVENT: Got request data successfully, primitive: authentication.
*Mar 8 06:50:03:447 2021 XZ-huiju RADIUS/7/EVENT: Getting RADIUS server info.
*Mar 8 06:50:03:448 2021 XZ-huiju RADIUS/7/EVENT: Got RADIUS server info successfully.
*Mar 8 06:50:03:448 2021 XZ-huiju RADIUS/7/EVENT: Created request context successfully.
*Mar 8 06:50:04:805 2021 XZ-huiju RADIUS/7/EVENT: Response timed out.
*Mar 8 06:50:04:805 2021 XZ-huiju RADIUS/7/EVENT: Found request context, dstIP: XXXX; dstPort: 1812; VPN instance: --(public); socketfd: 63; pktID:116.
*Mar 8 06:50:04:805 2021 XZ-huiju RADIUS/7/EVENT: Reached the maximum retries.
*Mar 8 06:50:04:805 2021 XZ-huiju RADIUS/7/EVENT: Got next server failed.
*Mar 8 06:50:04:805 2021 XZ-huiju RADIUS/7/EVENT: Sent reply error message to PAM.
3、可以看到设备侧发送access_request报文之后,IMC侧一直未回应报文导致超时。
检查imc侧与设备侧发现是nas-ip配置错误导致两端不一致,imc侧接入未予通过导致的问题。后改为一致后问题解决
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作