用户认证起在核心75上面现场结合第三方服务器做portal认证,服务器上强制下线后,无法再次上线。
debug主要过程发现:
%Jul 26 11:15:10:105 2023 BGS-5#3F-S7503X-CORE-9.1 WEBAUTH/6/WEBAUTH_USER_LOGOFF: -MDC=1; -IfName=Bridge-Aggregation3-MACAddr=3c7c-3f7d-6f1d-VLANId=11-UserName=sn0828-Reason=8; Session of the WEBAUTH user was terminated.
*Jul 26 11:15:10:105 2023 BGS-5#3F-S7503X-CORE-9.1 RADIUS/7/EVENT: -MDC=1; PAM_RADIUS: RADIUS accounting stopped.
*Jul 26 11:15:10:105 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/EVENT: -MDC=1; Received a force logout message from Web-auth.
*Jul 26 11:15:10:105 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/FSM: -MDC=1; Auth-SM: Started to run.
*Jul 26 11:15:10:105 2023 BGS-5#3F-S7503X-CORE-9.1 RADIUS/7/EVENT: -MDC=1; PAM_RADIUS: Sent accounting-stop request successfully.
*Jul 26 11:15:10:105 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/FSM: -MDC=1; Auth-SM [10.118.11.39]: Entered state Waiting
*Jul 26 11:15:10:106 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/PACKET: -MDC=1;
Portal sent 29 bytes of packet: Type=ntf_logout(8), ErrCode=0, IP=10.118.11.39
*Jul 26 11:15:10:106 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/PACKET: -MDC=1;
[ 5 TEXTINFO ] [ 13] [Command cut]
*Jul 26 11:15:17:852 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/PACKET: -MDC=1;
Portal received 16 bytes of packet: Type=req_info(9), ErrCode=0, IP=10.118.11.39
*Jul 26 11:15:17:852 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/PACKET: -MDC=1;
01 09 01 00 ac 65 00 00 0a 76 0b 27 00 00 00 00
*Jul 26 11:15:17:853 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/PACKET: -MDC=1;
Portal sent 79 bytes of packet: Type=ack_info(10), ErrCode=0, IP=10.118.11.39
*Jul 26 11:15:17:853 2023 BGS-5#3F-S7503X-CORE-9.1 PORTAL/7/PACKET: -MDC=1;
[ 8 PORT ] [ 55] [BGS-5#3F-S7503X-CORE-9.1-vlan-00-0011@vlan-SSID-@SSID]
[ 11 SESSIONID ] [ 8] [3c7c-3f7d-6f1d]
Received a force logout message from Web-auth设备收到了Web-auth的强制下线的报文,设备向服务器发了ntf_logout(8)的下线报文,debug上只有REQ_INFO 和ACK_INFO,未收到服务器REQ_AUTH,即没有再次收到认证请求报文。
在服务器上抓包发现:
故障局点:无线,NAS 10.118.9.1,SMP服务器10.1.10.82。这个有问题,下线的时候不会像服务器发portal的下线报文。
另一个正常的局点:NAS 10.118.60.2,SMP服务器10.1.10.82。这个正常,下线的时候会像服务器发portal的下线报文。
debug和抓包结果不一致,也就是设备向外发了下线报文,但是服务器并没有收到。
由于设备上没有配置bas-ip导致,前期客户由于服务器侧的要求,去掉了设备上的bas-ip。配置bas-ip后问题解决。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作