某局点使用WX2540H v7版本 LDAP+本地portal 认证 连接ssid无法跳转认证页面
- 1关注
- 1收藏,1445浏览
问题描述:
使用WX2540H 组网内网LDAP+本地portal认证,客户端连接ssid无法自动跳转至portal认证页面。
但手动输入内网地址 或 portal认证地址 可重定向至portal页面,且LDAP认证功能正常。
debug信息包含重定向内容,但并没有自动跳转,是否跟浏览器相关?
组网及组网描述:
拓扑如下:
基础配置如下
wlan service-template st1
ssid service
vlan 140
portal enable method direct
portal domain ***.***
portal apply web-server newpt
portal ipv4-max-user 2
service-template enable
#
interface Vlan-interface140
ip address 10.102.140.250 255.255.255.0
#
ldap server ***.***
login-dn cn=administrator,cn=users,dc=ncbank,dc=cn
search-base-dn dc=ncbank,dc=cn
ip 192.168.20.6
login-password cipher $c$3$8rWGa/TObcLa9G8mb1wxjJ9gp8DMbLGJw/U3BbY=
#
ldap scheme ***.***
authentication-server ***.***
#
domain ***.***
authorization-attribute idle-cut 15 1024
authentication portal ldap-scheme ***.***
authorization portal none
accounting portal none
#
domain default enable ***.***
#
portal free-rule 1 destination ip 10.102.131.200 255.255.255.255
#
portal web-server newpt
url http://10.102.140.250/portal/
#
portal local-web-server http
default-logon-page defaultfile.zip
#
wlan ap NCDC_5F_YUNYING_AP01 model WA4320i-ACN
serial-id 210235A1GQC166000434
vlan 1
radio 1
radio enable
service-template st1
radio 2
radio enable
gigabitethernet 1
gigabitethernet 2
#
客户端debug如下:
*Dec 1 12:03:19:479 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 192.168.20.6
L4Protocol = 17, SrcPort = 50993, DstPort = 53, VrfIndex = 0
*Dec 1 12:03:19:486 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule3-Redirect] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 13.107.4.52
L4Protocol = 6, SrcPort = 53033, DstPort = 80, VrfIndex = 0
*Dec 1 12:03:19:486 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Receive the packet(flag:0x2,datalen:0,srcIP:10.102.140.189,dstIP:13.107.4.52,seq:0xd7ce2456,ack:0x0,dataLen:0, sport:53033, dport:80)
*Dec 1 12:03:19:486 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: create the redirect node successfully.
*Dec 1 12:03:19:486 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Append tcp reply mbuf, mss=1200 len=24 seq=9ea ack=d7ce2457.
*Dec 1 12:03:19:486 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Compose tcp cheat pkt(flag:0x2) successfully.
*Dec 1 12:03:19:486 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Reply tcp cheat pkt(flag:0x2) successfully.
*Dec 1 12:03:19:488 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule3-Redirect] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 13.107.4.52
L4Protocol = 6, SrcPort = 53033, DstPort = 80, VrfIndex = 0
*Dec 1 12:03:19:488 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Receive the packet(flag:0x10,datalen:0,srcIP:10.102.140.189,dstIP:13.107.4.52,seq:0xd7ce2457,ack:0x9eb,dataLen:0, sport:53033, dport:80)
*Dec 1 12:03:19:488 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Compose tcp cheat pkt(flag:0x10) null.
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule3-Redirect] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 13.107.4.52
L4Protocol = 6, SrcPort = 53033, DstPort = 80, VrfIndex = 0
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Receive the packet(flag:0x18,datalen:111,srcIP:10.102.140.189,dstIP:13.107.4.52,seq:0xd7ce2457,ack:0x9eb,dataLen:111, sport:53033, dport:80)
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: alloc http data len:112.
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Destroy RedirNode.
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Reassembled segments successfully, the stream is complete.
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/REDIRECT-EVENT: Get the original URL(***.***/connecttest.txt).
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/REDIRECT-EVENT: The user ip is 10.102.140.189,user-agent is MicrosoftNCSI
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/REDIRECT-EVENT: The user ip is 10.102.140.189; the redirect url is http://10.102.140.250/portal/
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Process the redirect packet(flag:0x18) successfully and reply.
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Need send data len=364.
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Append tcp reply mbuf, mss=1024 len=384 seq=9eb ack=d7ce24c6.
*Dec 1 12:03:19:489 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Data send this time: 364, left: 0.
*Dec 1 12:03:19:490 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule3-Redirect] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 13.107.4.52
L4Protocol = 6, SrcPort = 53033, DstPort = 80, VrfIndex = 0
*Dec 1 12:03:19:491 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Receive the packet(flag:0x10,datalen:0,srcIP:10.102.140.189,dstIP:13.107.4.52,seq:0xd7ce24c6,ack:0xb58,dataLen:0, sport:53033, dport:80)
*Dec 1 12:03:19:491 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Compose tcp cheat pkt(flag:0x10) null.
*Dec 1 12:03:19:491 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule3-Redirect] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 13.107.4.52
L4Protocol = 6, SrcPort = 53033, DstPort = 80, VrfIndex = 0
*Dec 1 12:03:19:491 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Receive the packet(flag:0x11,datalen:0,srcIP:10.102.140.189,dstIP:13.107.4.52,seq:0xd7ce24c6,ack:0xb58,dataLen:0, sport:53033, dport:80)
*Dec 1 12:03:19:491 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Append tcp reply mbuf, mss=1024 len=20 seq=b58 ack=d7ce24c7.
*Dec 1 12:03:19:491 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Compose tcp cheat pkt(flag:0x11) successfully.
*Dec 1 12:03:19:491 2020 NCDC_4F_WX2540H PORTAL/7/HTTP_REDIRECT-EVENT: Reply tcp cheat pkt(flag:0x11) successfully.
*Dec 1 12:03:19:790 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 192.168.20.6
L4Protocol = 17, SrcPort = 58186, DstPort = 53, VrfIndex = 0
*Dec 1 12:03:19:790 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 192.168.20.7
L4Protocol = 17, SrcPort = 58186, DstPort = 53, VrfIndex = 0
*Dec 1 12:03:20:493 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 192.168.20.7
L4Protocol = 17, SrcPort = 50993, DstPort = 53, VrfIndex = 0
*Dec 1 12:03:20:697 2020 NCDC_4F_WX2540H PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
IfName = WLAN-BSS1/0/40, PortName = WLAN-BSS1/0/40, Vlan = 140, SrcMAC = 100b-a95f-ab78,
SrcIP = 10.102.140.189, DstIP = 192.168.20.6
L4Protocol = 17, SrcPort = 58588, DstPort = 53, VrfIndex = 0
- 2020-12-01提问
- 举报
-
(0)
最佳答案
没看到你写free-rule啊,必须放行相关的流量才行,比如你的portal地址
、dns
、等等
- 2020-12-01回答
- 评论(7)
- 举报
-
(0)
AC充当 本地portal web服务器也需要放行portal地址么?
采取过放通目的为portal web地址以及LDAP服务器地址的free-rule一样无法自动触发跳转。另外内网触发跳转本身是正常的,也就是能够访问到portal web地址的。
DNS的流量也free rule一下
自动跳转的问题,系统、系统版本、浏览器、浏览器版本,都有关系,你换个浏览器试试
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
是的 不能自动触发。
从debug看 自然连接ssid后重定向是由触发的,但并没有实现跳转。 或者跟浏览器有关系?
试试free-rule放通dns地址
portal free-rule 3 destination ip 192.168.20.6 255.255.255.255 确认DNS为LDAP服务器地址,添加后依旧不行。
你把这个重定向地址粘贴下来输入终端浏览器打开就是正常的吗?如果是正常的那就是浏览器问题了。换几个浏览器试试,或者清除缓存试试
浏览器输入任何ip都能正常重定向,就只是连接ssid时无法自动跳转。 换浏览器是什么意思?AC应该没有指定浏览器的配置