组网图如下所示:
用户配置portal认证后不生效,接入无线网络不需要进行认证即可访问网络。
搜集debug以及查看配置。
wlan service-template yqedu
ssid xxx
portal enable method direct
portal domain dm
portal bas-ip 10.192.192.254
portal apply web-server web
portal apply mac-trigger-server mac
service-template enable
radius scheme rs
primary authentication 117.106.7.15
primary accounting 117.106.7.15
key authentication cipher $c$3$Oe+mxsMkFdWIWIk+wfIyzu1wK5KydQfO
key accounting cipher $c$3$hHtNxhw8+ccGWEU2BKfyxXy+FqmSsJT7
user-name-format without-domain
nas-ip 10.192.192.254
#
domain system
#
domain dm
authorization-attribute idle-cut 20 1024000
authentication portal radius-scheme rs
authorization portal radius-scheme rs
accounting portal radius-scheme rs
portal host-check enable
portal free-rule 0 source interface GigabitEthernet1/0/7
portal free-rule 5 source ip any destination ip 1.1.1.1 255.255.255.255
portal free-rule 10 source ip any destination ip 2.2.2.2 255.255.255.255
portal free-rule 15 source ip any destination ip 114.114.114.114 255.255.255.255
#
portal web-server yqedu-web
url http://1.1.1.1:8080/portal
server-type cmcc
url-parameter ssid ssid
url-parameter wlanacname value AC
url-parameter wlanuserip source-address
portal server yqedu
ip 1.1.1.1 key cipher $c$3$z6O9logiCyo95DUxcRBaQ5ssFHpCQSG7
server-type cmcc
wlan ap-group default-group
vlan 1
ap-model WTU430-EI
radio 1
max-power 19
radio enable
ldpc enable
option keep-active enable
option client fast-forwarding enable level 3
radio 2
发现ap组下有一条配置option client fast-forwarding enable level 3,开启本功能后,AP向无线客户端发送无线数据报文时,不会进行额外的业务处理(比如校验、统计),直接进行转发,以提高处理性能。因此,设备不会对用户流量进行拦截,直接放过,在终端侧体验就是无需认证即可上网。
删除此条命令option client fast-forwarding enable level 3解决。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作