WX3540H 802.1x采用GTC方式认证失败解决办法

无

客户现场要针对无线用户进行准入认证，在无线AC上配置802.1X结合服务器进行认证，采用PEAP-GTC的认证方式。配置完毕后，终端在准入认证的时候认证不成功。   

1．检查设备配置没有问题：

wlan service-template 1

 ssid dx-test

 vlan 100

 akm mode dot1x

 cipher-suite ccmp

 security-ie rsn

 client-security authentication-mode dot1x

 nas-port-type 5

 dot1x domain gtc

 dot1x eap-termination eap-profile eap-src

 service-template enable

#

radius scheme gtc

 primary authentication 1.1.1.1 key cipher $c$3$x6

 primary accounting 1.1.1.2 key cipher $c$3$

 key authentication cipher $c$3$x0PDkSzRSiGLQ==

 key accounting cipher $c$3$OtAXy

 user-name-format without-domain

 nas-ip 192.168.100.1

#

eap-profile eap-src

 method peap-gtc

 ssl-server-policy ssl-eap

#

domain gtc

 authentication lan-access radius-scheme gtc

 authorization lan-access radius-scheme gtc

 accounting lan-access radius-scheme gtc

#

pki domain eap-gtc

 public-key rsa general name eap-gtc

#

ssl server-policy ssl-eap

 pki-domain eap-gtc

2.查看AC的配置是没有问题的，并且GTC的配置也都正确。在AC上开始debug收集调试信息发现如下报错：

*Mar 15 15:17:50:643 2019 H3C RADIUS/7/EVENT: EAP Server received an eap packet:

*Mar 15 15:17:50:644 2019 H3C RADIUS/7/PACKET:

 02 01 00 12 01 31 30 32 37 32 32 30 30 34 37 39

 30 38

*Mar 15 15:17:50:644 2019 H3C RADIUS/7/EVENT: EAP_Type: 1

*Mar 15 15:17:50:645 2019 H3C RADIUS/7/EVENT: EAP Server replied an eap packet:

*Mar 15 15:17:50:645 2019 H3C RADIUS/7/PACKET:

 01 02 00 06 19 20

*Mar 15 15:17:50:698 2019 H3C RADIUS/7/EVENT: EAP_Type: 25

*Mar 15 15:17:50:698 2019 H3C RADIUS/7/EVENT: The TLS Info Description ：EAP TLS: Recv Unknown TLS version [length 0005]

*Mar 15 15:17:50:698 2019 H3C RADIUS/7/EVENT: The TLS Info Description ：EAP TLS: Recv TLS 1.0 Handshake [length 0092], ClientHello

*Mar 15 15:17:50:699 2019 H3C RADIUS/7/EVENT: The TLS Info Description ：EAP TLS: Send Unknown TLS version [length 0005]

*Mar 15 15:17:50:699 2019 H3C RADIUS/7/EVENT: The TLS Info Description ：EAP TLS: Send TLS 1.0 Alert [length 0002], fatal handshake_failure

*Mar 15 15:17:50:699 2019 H3C RADIUS/7/ERROR: EAP_TLS processing handshake message failed.

*Mar 15 15:17:50:699 2019 H3C RADIUS/7/EVENT: EAP Server replied an eap packet:

*Mar 15 15:17:50:699 2019 H3C RADIUS/7/PACKET:

 05 02 00 04

3.从调试信息来看，是无线控制器上未导入证书导致的。   

在AC上导入证书后解决。