portal认证起在交换机上
现场portal认证失败
查看debug portal信息,看到前期报文交互均正常,但是ack_auth报文errcode=1,说明是radius认证过程出了问题
*May 27 16:27:57:674 2019 HBXH-XXSDL-HX PORTAL/7/PACKET: -MDC=1; Portal received 34 bytes of packet: Type=req_info(9), ErrCode=0, IP=10.16.40.x
*May 27 16:27:57:675 2019 HBXH-XXSDL-HX PORTAL/7/PACKET: -MDC=1; Portal sent 90 bytes of packet: Type=ack_info(10), ErrCode=0, IP=10.16.40.x
*May 27 16:27:53:247 2019 HBXH-XXSDL-HX PORTAL/7/PACKET: -MDC=1; Portal received 32 bytes of packet: Type=req_challenge(1), ErrCode=0, IP=10.16.40.x
*May 27 16:27:53:248 2019 HBXH-XXSDL-HX PORTAL/7/PACKET: -MDC=1; Portal sent 56 bytes of packet: Type=ack_challenge(2), ErrCode=0, IP=10.16.40.x
*May 27 16:27:53:251 2019 HBXH-XXSDL-HX PORTAL/7/PACKET: -MDC=1; Portal received 93 bytes of packet: Type=req_auth(3), ErrCode=0, IP=10.16.40.x
*May 27 16:27:53:253 2019 HBXH-XXSDL-HX PORTAL/7/PACKET: -MDC=1; Portal sent 46 bytes of packet: Type=ack_auth(4), ErrCode=1, IP=10.16.40.x
仔细查看radius相关配置,发现设备没有指定portal认证域,而是使用了默认域system,因此会导致认证不通过
domain portal
authorization-attribute idle-cut 60 1024
authentication portal radius-scheme hbxhhg
authorization portal radius-scheme hbxhhg
accounting portal radius-scheme hbxhhg
#
domain system
#
domain default enable
system
修改配置,有两个方法:
1.修改默认域为portal域
domain default enable portal
2.在enable portal的接口或服务模板下指定portal domain
interface Vlan-interface40
ip address 10.16.40.x 255.255.255.0
portal enable method direct
portal domain portal
portal bas-ip 10.16.100.x
portal apply web-server hbxhhg
portal apply mac-trigger-server hbxhhg
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作