某局点WX3540H Portal无感知不生效问题处理经验案例

某局点结合IMC开局部署Portal无感知，目前Portal认证正常，但是无感知不生效，已经认证过的终端需要重新认证。

*Mar  5 11:06:02:954 2018 AC PORTAL/7/MAC-trigger:

    MAC-trigger rule:

    InterfaceL3      = WLAN-BSS1/0/19483

    InterfaceL2      = WLAN-BSS1/0/19483

    VLAN             = 1201

    SrcMAC           = dca4-ca2f-8230

    SrcIP            = 10.101.0.142

*Mar  5 11:06:02:954 2018 AC PORTAL/7/MAC-trigger Event: Notify portal daemon new MAC-trigger entry successfully, SrcIP=10.101.0.142, SrcMAC=dca4-ca2f-8230.

*Mar  5 11:06:02:954 2018 AC PORTAL/7/MAC-trigger Event: Received new MAC event, interface=WLAN-BSS1/0/19483, MAC=dca4-ca2f-8230, IP=10.101.0.142, ifIndexL2=307, vlan=1201.  

//触发Portal无感知

*Mar  5 11:06:02:955 2018 AC PORTAL/7/MAC-trigger Event: Set MAC-trigger rule status 4.

*Mar  5 11:06:02:955 2018 AC PORTAL/7/MAC-trigger:

    MAC-trigger rule:

    InterfaceL3      = WLAN-BSS1/0/19499

    InterfaceL2      = WLAN-BSS1/0/19499

    VLAN             = 1201

    SrcMAC           = dca4-ca2f-8230

    SrcIP            = 10.101.0.142

    Mac status       = 4

Portal sent 61 bytes of packet: Type=req_macbind_info(48), ErrCode=0, IP=10.101.0.142 

//Portal无感知认证查询报文

*Mar  5 11:06:02:956 2018 AC PORTAL/7/PACKET:

[ 11 SESSIONID           ] [  8] [dca4-ca2f-8230]

[ 10 BASIP               ] [  6] [10.0.254.102]

[ 48 NASID               ] [  4] [AC]

[ 30 SSID                ] [ 11] [SZIT-WLAN]

*Mar  5 11:06:02:958 2018 AC PORTAL/7/MAC-trigger Error: Packet validity check failed, user IP=10.101.0.142

*Mar  5 11:06:04:239 2018 AC PORTAL/7/MAC-trigger Event: BindSearchTimer timed out. Resent the REQ-MAC-BIND packet. User IP=10.101.0.142, MAC entry(dca4-ca2f-8230) retry times reached 1.(Max retries=3, retry interval=1 s)  //查询超时，重新发送无感知查询报文

*Mar  5 11:06:06:239 2018 AC PORTAL/7/MAC-trigger Event: BindSearchTimer timed out. user IP=埭???? MAC entry(3130-2e31-3031) reached the max retry times. Deleted timer //查询达到最大次数，状态变成NOBIND

*Mar  5 11:06:06:239 2018 AC PORTAL/7/MAC-trigger Event: MAC entry(dca4-ca2f-8230) state changed from WAIT to NOBIND. user IP=10.101.0.142

按正常流程：设备发起无感知查询报文之后，服务器应该回应type为49的响应报文，接下去是Portal服务器向设备发送认证请求报文。 协调IMC侧协助排查服务器侧收到了type48的查询报文，但是没有继续向设备发送Portal认证请求报文。 

Portal服务器没有继续发起认证的原因一般为认为前面收到的无感知查询报文有非法的字段，通过解析设备发过来的type48报文发现version是Portal 2.0，而IMC侧规定与无感知认证流程相关的查询报文的版本号都是为1，可以基本确定故障原因就是因为设备发送过来的版本号不对导致的无感知出现问题。

跟现场工程师再次沟通，现场看到IMC侧协议版本是Portal 2.0，于是设备侧为了保持一致也做了相应的修改。

portal mac-trigger-server imc

ip 10.16.10.252

version 2    //修改成1

free-traffic threshold 1024

到此，问题解决，无感知生效，需要注意的是，Portal无感知查询阶段的报文版本就是1，其他Portal认证阶段都是2，所以不需要单独去修改，并且这两者没有冲突。