WX5510E 进行portal认证不成功
- 0关注
- 1收藏,948浏览
问题描述:
对齐方式
- 靠左
- 居中
- 靠右
问题描述:用户连接无线不需要认证就可以上网。
portal相关配置如下:
请帮忙分析下原因。
- 2021-07-09提问
- 举报
-
(0)
最佳答案
请把配置发完整,认证不成功的报错信息也发一下
- 2021-07-09回答
- 评论(1)
- 举报
-
(0)
[NIC-AC]dis cu # version 5.20, Release 2609P39 # sysname NIC-AC # domain default enable netw # telnet server enable # user-isolation vlan 111 enable user-isolation vlan 111 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d user-isolation vlan 112 enable user-isolation vlan 112 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d undo user-isolation permit broadcast # lldp enable # port-security enable # portal server rs1 ip 172.30.179.16 key cipher $c$3$LysN89wBaQy8HeCFK//aYSHAztwaSjkL8w== url http://172.30.179.16:55555/iAuth server-type cmcc portal free-rule 1 source ip any destination ip 172.30.179.0 mask 255.255.255.0 portal free-rule 2 source ip any destination ip 172.16.1.253 mask 255.255.255.255 portal device-id NIC portal wlan ssid Mall_of_Splendor server rs1 domain dm1 portal wlan ssid JM-test3 server rs1 domain dm1 portal nas-id 741F-4A05-D3B8 portal mac-trigger server ip 172.30.179.16 port 50300 portal url-param include nas-id portal url-param include user-mac portal url-param include nas-ip portal url-param include user-url portal url-param include user-ip portal url-param include ac-name portal url-param include ssid portal silent ios user-agent CaptiveNetworSupport # password-recovery enable # acl number 3000 rule 1 permit ip source 10.117.0.0 0.0.255.255 # vlan 1 # vlan 16 description ***管理**** # vlan 17 description ***无线管理*** # vlan 111 description ***无线业务1*** # vlan 112 description ***无线业务2*** # vlan 117 description New_YW # radius scheme rs1 server-type extended primary authentication 172.30.179.16 primary accounting 172.30.179.16 key authentication cipher $c$3$meHwtJ7PViR07CWrCAzITPShDEWv875bnQ== key accounting cipher $c$3$OH8Wr2KREHXZwG2+Txlsux2am3BEGyBCbA== user-name-format without-domain nas-ip 172.16.1.253 attribute 41 0 # domain dm1 authentication portal radius-scheme rs1 authorization portal none accounting portal radius-scheme rs1 access-limit disable state active idle-cut disable self-service-url disable domain netw access-limit disable state active idle-cut disable self-service-url disable domain system access-limit disable state active idle-cut disable self-service-url disable # traffic classifier 3000 operator and if-match acl 3000 # traffic behavior 3000 car cir 4000 cbs 250000 ebs 0 green pass red discard yellow pass # qos policy 3000 classifier 3000 behavior 3000 # dhcp server ip-pool 17 network 172.17.1.0 mask 255.255.255.0 gateway-list 172.17.1.254 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$7yQ9WXnFFHbMdhCccCJb9krDwIe3RQpHEemsdVaH authorization-attribute level 3 authorization-attribute user-role security-audit service-type ssh telnet service-type web local-user h3c password cipher $c$3$rFtZiJe4ZcoTsRuwwtooFdoVtGjnsJQzNKdgJkTt authorization-attribute level 3 service-type telnet service-type web local-user nic password cipher $c$3$in/1IqXwbuZfi6UTLa60rUwH5f1ntIhlAVui authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 clear ssid JM-test3 bind WLAN-ESS 7 service-template enable # wlan service-template 111 crypto # wlan service-template 112 crypto # wlan service-template 117 clear ssid Mall_of_Splendor bind WLAN-ESS 4 service-template enable # wlan service-template 118 clear bind WLAN-ESS 2 # wlan service-template 121 crypto ssid cloud-screen bind WLAN-ESS 6 cipher-suite ccmp security-ie rsn service-template enable # wlan service-template 3 clear beacon ssid-hide # interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 # interface NULL0 # interface Vlan-interface1 ip address 192.168.0.100 255.255.255.0 # interface Vlan-interface16 ip address 172.16.1.253 255.255.0.0 portal server rs1 method direct portal domain dm1 portal nas-port-type wireless portal nas-ip 172.16.1.253 portal mac-trigger enable threshold 10240 portal mac-trigger server ip 172.30.179.16 port 50300 # interface Vlan-interface17 ip address 172.17.1.254 255.255.255.0 # interface Vlan-interface111 ip address 10.111.255.253 255.255.0.0 # interface Vlan-interface112 ip address 10.112.255.253 255.255.0.0 # interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 # interface GigabitEthernet1/0/5 # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 # interface M-GigabitEthernet1/0/0 # interface Ten-GigabitEthernet1/0/9 # interface Ten-GigabitEthernet1/0/10 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 117 untagged port hybrid pvid vlan 117 # interface WLAN-ESS1 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 111 untagged port hybrid pvid vlan 111 mac-vlan enable # interface WLAN-ESS2 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS3 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS4 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 mac-vlan enable qos apply policy 3000 outbound # interface WLAN-ESS6 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$fCpCKHM/9seWNcAcNsdJJgsc9qYsMdiKcdz+ # interface WLAN-ESS7 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 # nqa entry imclinktopologypleaseignore ping type icmp-echo destination ip 172.16.255.254 frequency 270000 # wlan ap-group default_group ap xzap-1
[NIC-AC]dis cu # version 5.20, Release 2609P39 # sysname NIC-AC # domain default enable netw # telnet server enable # user-isolation vlan 111 enable user-isolation vlan 111 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d user-isolation vlan 112 enable user-isolation vlan 112 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d undo user-isolation permit broadcast # lldp enable # port-security enable # portal server rs1 ip 172.30.179.16 key cipher $c$3$LysN89wBaQy8HeCFK//aYSHAztwaSjkL8w== url http://172.30.179.16:55555/iAuth server-type cmcc portal free-rule 1 source ip any destination ip 172.30.179.0 mask 255.255.255.0 portal free-rule 2 source ip any destination ip 172.16.1.253 mask 255.255.255.255 portal device-id NIC portal wlan ssid Mall_of_Splendor server rs1 domain dm1 portal wlan ssid JM-test3 server rs1 domain dm1 portal nas-id 741F-4A05-D3B8 portal mac-trigger server ip 172.30.179.16 port 50300 portal url-param include nas-id portal url-param include user-mac portal url-param include nas-ip portal url-param include user-url portal url-param include user-ip portal url-param include ac-name portal url-param include ssid portal silent ios user-agent CaptiveNetworSupport # password-recovery enable # acl number 3000 rule 1 permit ip source 10.117.0.0 0.0.255.255 # vlan 1 # vlan 16 description ***管理**** # vlan 17 description ***无线管理*** # vlan 111 description ***无线业务1*** # vlan 112 description ***无线业务2*** # vlan 117 description New_YW # radius scheme rs1 server-type extended primary authentication 172.30.179.16 primary accounting 172.30.179.16 key authentication cipher $c$3$meHwtJ7PViR07CWrCAzITPShDEWv875bnQ== key accounting cipher $c$3$OH8Wr2KREHXZwG2+Txlsux2am3BEGyBCbA== user-name-format without-domain nas-ip 172.16.1.253 attribute 41 0 # domain dm1 authentication portal radius-scheme rs1 authorization portal none accounting portal radius-scheme rs1 access-limit disable state active idle-cut disable self-service-url disable domain netw access-limit disable state active idle-cut disable self-service-url disable domain system access-limit disable state active idle-cut disable self-service-url disable # traffic classifier 3000 operator and if-match acl 3000 # traffic behavior 3000 car cir 4000 cbs 250000 ebs 0 green pass red discard yellow pass # qos policy 3000 classifier 3000 behavior 3000 # dhcp server ip-pool 17 network 172.17.1.0 mask 255.255.255.0 gateway-list 172.17.1.254 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$7yQ9WXnFFHbMdhCccCJb9krDwIe3RQpHEemsdVaH authorization-attribute level 3 authorization-attribute user-role security-audit service-type ssh telnet service-type web local-user h3c password cipher $c$3$rFtZiJe4ZcoTsRuwwtooFdoVtGjnsJQzNKdgJkTt authorization-attribute level 3 service-type telnet service-type web local-user nic password cipher $c$3$in/1IqXwbuZfi6UTLa60rUwH5f1ntIhlAVui authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 clear ssid JM-test3 bind WLAN-ESS 7 service-template enable # wlan service-template 111 crypto # wlan service-template 112 crypto # wlan service-template 117 clear ssid Mall_of_Splendor bind WLAN-ESS 4 service-template enable # wlan service-template 118 clear bind WLAN-ESS 2 # wlan service-template 121 crypto ssid cloud-screen bind WLAN-ESS 6 cipher-suite ccmp security-ie rsn service-template enable # wlan service-template 3 clear beacon ssid-hide # interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 # interface NULL0 # interface Vlan-interface1 ip address 192.168.0.100 255.255.255.0 # interface Vlan-interface16 ip address 172.16.1.253 255.255.0.0 portal server rs1 method direct portal domain dm1 portal nas-port-type wireless portal nas-ip 172.16.1.253 portal mac-trigger enable threshold 10240 portal mac-trigger server ip 172.30.179.16 port 50300 # interface Vlan-interface17 ip address 172.17.1.254 255.255.255.0 # interface Vlan-interface111 ip address 10.111.255.253 255.255.0.0 # interface Vlan-interface112 ip address 10.112.255.253 255.255.0.0 # interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 # interface GigabitEthernet1/0/5 # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 # interface M-GigabitEthernet1/0/0 # interface Ten-GigabitEthernet1/0/9 # interface Ten-GigabitEthernet1/0/10 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 117 untagged port hybrid pvid vlan 117 # interface WLAN-ESS1 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 111 untagged port hybrid pvid vlan 111 mac-vlan enable # interface WLAN-ESS2 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS3 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS4 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 mac-vlan enable qos apply policy 3000 outbound # interface WLAN-ESS6 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$fCpCKHM/9seWNcAcNsdJJgsc9qYsMdiKcdz+ # interface WLAN-ESS7 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 # nqa entry imclinktopologypleaseignore ping type icmp-echo destination ip 172.16.255.254 frequency 270000 # wlan ap-group default_group ap xzap-1
您好,请知:
portal认证失败,以下是排查要点,请参考:
1、检查设备到服务器的路由是否可达。
2、检查指向的Portal的秘钥、URL是否准确。
3、具体还需要看下完整的配置。
- 2021-07-09回答
- 评论(0)
- 举报
-
(0)
看到图片里配置了mac-trigger,这是无感知,终端第一次通过portal认证后,后面再次连接这个网络就不用在进行portal认证了直接上网,在AC看一下dis portal user看下有没有这个终端的表项
- 2021-07-09回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明