网络存在环路导致IMC MAC认证用户重复上下线经验案例

当下面网络出现二层环路的时候会导致MAC地址从设备的多个接口上来，导致IMC侧出现用户接入时长只有几秒钟，重复上下线，如下图：

从设备上的dbeug radius+mac-auth可以看到如下信息：

*Apr 28 17:26:47:158 2016 kaifaquzhihang MACAUTH/7/EVENT:Port:Ethernet0/31,Auth:834,MAC_Auth_AuthorTrans Receive message: SC_MSG_AUTHOR_FINISH

*Apr 28 17:26:47:158 2016 kaifaquzhihang MACAUTH/7/EVENT:Auth:834,Processing node SUCCESS...

*Apr 28 17:26:47:159 2016 kaifaquzhihang PORTSEC/7/Event:Port:Ethernet0/31,Auth:834,PortSec handling access user(MAC:0040-485b-8413, userIndex:0x00000342) event(128) of srcMod(11):

*Apr 28 17:26:47:160 2016 kaifaquzhihang PORTSEC/7/Event:Port:Ethernet0/31,Auth:834,PortSec handling access user(MAC:0040-485b-8413, userIndex:0x00000342) event(2) of srcMod(11):

*Apr 28 17:26:47:160 2016 kaifaquzhihang MACAUTH/7/EVENT:Port:Ethernet0/18,Auth:809,Find this user and kickoff it ( VlanID :1 , MacAddr :0040-485b-8413)

*Apr 28 17:26:47:161 2016 kaifaquzhihang MACAUTH/7/EVENT:Auth:809,In SuccessTrans...

*Apr 28 17:26:47:161 2016 kaifaquzhihang MACAUTH/7/EVENT:Auth:809,Processing node UNAUTHOR...

*Apr 28 17:26:47:171 2016 kaifaquzhihang MACAUTH/7/EVENT:Port:Ethernet0/18,Auth:809,UnAuthoring authored VLAN...

*Apr 28 17:26:47:172 2016 kaifaquzhihang PORTSEC/7/Event:Port:Ethernet0/18,

UnAssigning Port-based Vlan...

0040-485b-8413 这个MAC在0/31 0/18两个接口都有认证状态，然后这两个接口交替上下线

通过这些信息可以确定网络中存在环路，导致这个mac地址从多个接口上传上来导致重复认证。

排除二层环路之后再认证问题解决。