无
客户现场要针对无线用户进行准入认证,在无线AC上配置802.1X结合服务器进行认证,采用PEAP-GTC的认证方式。配置完毕后,终端在准入认证的时候认证不成功。
1.检查设备配置没有问题:
wlan service-template 1
ssid dx-test
vlan 100
akm mode dot1x
cipher-suite ccmp
security-ie rsn
client-security authentication-mode dot1x
nas-port-type 5
dot1x domain gtc
dot1x eap-termination eap-profile eap-src
service-template enable
#
radius scheme gtc
primary authentication 1.1.1.1 key cipher $c$3$x6
primary accounting 1.1.1.2 key cipher $c$3$
key authentication cipher $c$3$x0PDkSzRSiGLQ==
key accounting cipher $c$3$OtAXy
user-name-format without-domain
nas-ip 192.168.100.1
#
eap-profile eap-src
method peap-gtc
ssl-server-policy ssl-eap
#
domain gtc
authentication lan-access radius-scheme gtc
authorization lan-access radius-scheme gtc
accounting lan-access radius-scheme gtc
#
pki domain eap-gtc
public-key rsa general name eap-gtc
#
ssl server-policy ssl-eap
pki-domain eap-gtc
2.查看AC的配置是没有问题的,并且GTC的配置也都正确。在AC上开始debug收集调试信息发现如下报错:
*Mar 15 15:17:50:643 2019 H3C RADIUS/7/EVENT: EAP Server received an eap packet:
*Mar 15 15:17:50:644 2019 H3C RADIUS/7/PACKET:
02 01 00 12 01 31 30 32 37 32 32 30 30 34 37 39
30 38
*Mar 15 15:17:50:644 2019 H3C RADIUS/7/EVENT: EAP_Type: 1
*Mar 15 15:17:50:645 2019 H3C RADIUS/7/EVENT: EAP Server replied an eap packet:
*Mar 15 15:17:50:645 2019 H3C RADIUS/7/PACKET:
01 02 00 06 19 20
*Mar 15 15:17:50:698 2019 H3C RADIUS/7/EVENT: EAP_Type: 25
*Mar 15 15:17:50:698 2019 H3C RADIUS/7/EVENT: The TLS Info Description :EAP TLS: Recv Unknown TLS version [length 0005]
*Mar 15 15:17:50:698 2019 H3C RADIUS/7/EVENT: The TLS Info Description :EAP TLS: Recv TLS 1.0 Handshake [length 0092], ClientHello
*Mar 15 15:17:50:699 2019 H3C RADIUS/7/EVENT: The TLS Info Description :EAP TLS: Send Unknown TLS version [length 0005]
*Mar 15 15:17:50:699 2019 H3C RADIUS/7/EVENT: The TLS Info Description :EAP TLS: Send TLS 1.0 Alert [length 0002], fatal handshake_failure
*Mar 15 15:17:50:699 2019 H3C RADIUS/7/ERROR: EAP_TLS processing handshake message failed.
*Mar 15 15:17:50:699 2019 H3C RADIUS/7/EVENT: EAP Server replied an eap packet:
*Mar 15 15:17:50:699 2019 H3C RADIUS/7/PACKET:
05 02 00 04
3.从调试信息来看,是无线控制器上未导入证书导致的。
在AC上导入证书后解决。
该案例对您是否有帮助:
您的评价:1
若您有关于案例的建议,请反馈:
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作