• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

WX5510E 进行portal认证不成功

2021-07-09提问
  • 0关注
  • 1收藏,982浏览
粉丝:0人 关注:1人

问题描述:

对齐方式

  • 靠左
  • 居中
  • 靠右

问题描述:用户连接无线不需要认证就可以上网。

portal相关配置如下:

请帮忙分析下原因。


最佳答案

粉丝:19人 关注:9人

检查是否在接口下使能了portal认证,如果未使能则可以上网

检查mac-trigger免认证流量是否设置的过大导致不用认证也能上网

4 个回答
粉丝:48人 关注:1人

请把配置发完整,认证不成功的报错信息也发一下

[NIC-AC]dis cu # version 5.20, Release 2609P39 # sysname NIC-AC # domain default enable netw # telnet server enable # user-isolation vlan 111 enable user-isolation vlan 111 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d user-isolation vlan 112 enable user-isolation vlan 112 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d undo user-isolation permit broadcast # lldp enable # port-security enable # portal server rs1 ip 172.30.179.16 key cipher $c$3$LysN89wBaQy8HeCFK//aYSHAztwaSjkL8w== url http://172.30.179.16:55555/iAuth server-type cmcc portal free-rule 1 source ip any destination ip 172.30.179.0 mask 255.255.255.0 portal free-rule 2 source ip any destination ip 172.16.1.253 mask 255.255.255.255 portal device-id NIC portal wlan ssid Mall_of_Splendor server rs1 domain dm1 portal wlan ssid JM-test3 server rs1 domain dm1 portal nas-id 741F-4A05-D3B8 portal mac-trigger server ip 172.30.179.16 port 50300 portal url-param include nas-id portal url-param include user-mac portal url-param include nas-ip portal url-param include user-url portal url-param include user-ip portal url-param include ac-name portal url-param include ssid portal silent ios user-agent CaptiveNetworSupport # password-recovery enable # acl number 3000 rule 1 permit ip source 10.117.0.0 0.0.255.255 # vlan 1 # vlan 16 description ***管理**** # vlan 17 description ***无线管理*** # vlan 111 description ***无线业务1*** # vlan 112 description ***无线业务2*** # vlan 117 description New_YW # radius scheme rs1 server-type extended primary authentication 172.30.179.16 primary accounting 172.30.179.16 key authentication cipher $c$3$meHwtJ7PViR07CWrCAzITPShDEWv875bnQ== key accounting cipher $c$3$OH8Wr2KREHXZwG2+Txlsux2am3BEGyBCbA== user-name-format without-domain nas-ip 172.16.1.253 attribute 41 0 # domain dm1 authentication portal radius-scheme rs1 authorization portal none accounting portal radius-scheme rs1 access-limit disable state active idle-cut disable self-service-url disable domain netw access-limit disable state active idle-cut disable self-service-url disable domain system access-limit disable state active idle-cut disable self-service-url disable # traffic classifier 3000 operator and if-match acl 3000 # traffic behavior 3000 car cir 4000 cbs 250000 ebs 0 green pass red discard yellow pass # qos policy 3000 classifier 3000 behavior 3000 # dhcp server ip-pool 17 network 172.17.1.0 mask 255.255.255.0 gateway-list 172.17.1.254 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$7yQ9WXnFFHbMdhCccCJb9krDwIe3RQpHEemsdVaH authorization-attribute level 3 authorization-attribute user-role security-audit service-type ssh telnet service-type web local-user h3c password cipher $c$3$rFtZiJe4ZcoTsRuwwtooFdoVtGjnsJQzNKdgJkTt authorization-attribute level 3 service-type telnet service-type web local-user nic password cipher $c$3$in/1IqXwbuZfi6UTLa60rUwH5f1ntIhlAVui authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 clear ssid JM-test3 bind WLAN-ESS 7 service-template enable # wlan service-template 111 crypto # wlan service-template 112 crypto # wlan service-template 117 clear ssid Mall_of_Splendor bind WLAN-ESS 4 service-template enable # wlan service-template 118 clear bind WLAN-ESS 2 # wlan service-template 121 crypto ssid cloud-screen bind WLAN-ESS 6 cipher-suite ccmp security-ie rsn service-template enable # wlan service-template 3 clear beacon ssid-hide # interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 # interface NULL0 # interface Vlan-interface1 ip address 192.168.0.100 255.255.255.0 # interface Vlan-interface16 ip address 172.16.1.253 255.255.0.0 portal server rs1 method direct portal domain dm1 portal nas-port-type wireless portal nas-ip 172.16.1.253 portal mac-trigger enable threshold 10240 portal mac-trigger server ip 172.30.179.16 port 50300 # interface Vlan-interface17 ip address 172.17.1.254 255.255.255.0 # interface Vlan-interface111 ip address 10.111.255.253 255.255.0.0 # interface Vlan-interface112 ip address 10.112.255.253 255.255.0.0 # interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 # interface GigabitEthernet1/0/5 # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 # interface M-GigabitEthernet1/0/0 # interface Ten-GigabitEthernet1/0/9 # interface Ten-GigabitEthernet1/0/10 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 117 untagged port hybrid pvid vlan 117 # interface WLAN-ESS1 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 111 untagged port hybrid pvid vlan 111 mac-vlan enable # interface WLAN-ESS2 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS3 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS4 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 mac-vlan enable qos apply policy 3000 outbound # interface WLAN-ESS6 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$fCpCKHM/9seWNcAcNsdJJgsc9qYsMdiKcdz+ # interface WLAN-ESS7 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 # nqa entry imclinktopologypleaseignore ping type icmp-echo destination ip 172.16.255.254 frequency 270000 # wlan ap-group default_group ap xzap-1

zhiliao_hCfjVl 发表时间:2021-07-09 更多>>

[NIC-AC]dis cu # version 5.20, Release 2609P39 # sysname NIC-AC # domain default enable netw # telnet server enable # user-isolation vlan 111 enable user-isolation vlan 111 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d user-isolation vlan 112 enable user-isolation vlan 112 permit-mac 3c8c-40c3-f04e 3c8c-40c3-f04d undo user-isolation permit broadcast # lldp enable # port-security enable # portal server rs1 ip 172.30.179.16 key cipher $c$3$LysN89wBaQy8HeCFK//aYSHAztwaSjkL8w== url http://172.30.179.16:55555/iAuth server-type cmcc portal free-rule 1 source ip any destination ip 172.30.179.0 mask 255.255.255.0 portal free-rule 2 source ip any destination ip 172.16.1.253 mask 255.255.255.255 portal device-id NIC portal wlan ssid Mall_of_Splendor server rs1 domain dm1 portal wlan ssid JM-test3 server rs1 domain dm1 portal nas-id 741F-4A05-D3B8 portal mac-trigger server ip 172.30.179.16 port 50300 portal url-param include nas-id portal url-param include user-mac portal url-param include nas-ip portal url-param include user-url portal url-param include user-ip portal url-param include ac-name portal url-param include ssid portal silent ios user-agent CaptiveNetworSupport # password-recovery enable # acl number 3000 rule 1 permit ip source 10.117.0.0 0.0.255.255 # vlan 1 # vlan 16 description ***管理**** # vlan 17 description ***无线管理*** # vlan 111 description ***无线业务1*** # vlan 112 description ***无线业务2*** # vlan 117 description New_YW # radius scheme rs1 server-type extended primary authentication 172.30.179.16 primary accounting 172.30.179.16 key authentication cipher $c$3$meHwtJ7PViR07CWrCAzITPShDEWv875bnQ== key accounting cipher $c$3$OH8Wr2KREHXZwG2+Txlsux2am3BEGyBCbA== user-name-format without-domain nas-ip 172.16.1.253 attribute 41 0 # domain dm1 authentication portal radius-scheme rs1 authorization portal none accounting portal radius-scheme rs1 access-limit disable state active idle-cut disable self-service-url disable domain netw access-limit disable state active idle-cut disable self-service-url disable domain system access-limit disable state active idle-cut disable self-service-url disable # traffic classifier 3000 operator and if-match acl 3000 # traffic behavior 3000 car cir 4000 cbs 250000 ebs 0 green pass red discard yellow pass # qos policy 3000 classifier 3000 behavior 3000 # dhcp server ip-pool 17 network 172.17.1.0 mask 255.255.255.0 gateway-list 172.17.1.254 # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$7yQ9WXnFFHbMdhCccCJb9krDwIe3RQpHEemsdVaH authorization-attribute level 3 authorization-attribute user-role security-audit service-type ssh telnet service-type web local-user h3c password cipher $c$3$rFtZiJe4ZcoTsRuwwtooFdoVtGjnsJQzNKdgJkTt authorization-attribute level 3 service-type telnet service-type web local-user nic password cipher $c$3$in/1IqXwbuZfi6UTLa60rUwH5f1ntIhlAVui authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 # wlan service-template 1 clear ssid JM-test3 bind WLAN-ESS 7 service-template enable # wlan service-template 111 crypto # wlan service-template 112 crypto # wlan service-template 117 clear ssid Mall_of_Splendor bind WLAN-ESS 4 service-template enable # wlan service-template 118 clear bind WLAN-ESS 2 # wlan service-template 121 crypto ssid cloud-screen bind WLAN-ESS 6 cipher-suite ccmp security-ie rsn service-template enable # wlan service-template 3 clear beacon ssid-hide # interface Bridge-Aggregation1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 # interface NULL0 # interface Vlan-interface1 ip address 192.168.0.100 255.255.255.0 # interface Vlan-interface16 ip address 172.16.1.253 255.255.0.0 portal server rs1 method direct portal domain dm1 portal nas-port-type wireless portal nas-ip 172.16.1.253 portal mac-trigger enable threshold 10240 portal mac-trigger server ip 172.30.179.16 port 50300 # interface Vlan-interface17 ip address 172.17.1.254 255.255.255.0 # interface Vlan-interface111 ip address 10.111.255.253 255.255.0.0 # interface Vlan-interface112 ip address 10.112.255.253 255.255.0.0 # interface GigabitEthernet1/0/1 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-type trunk undo port trunk permit vlan 1 port trunk permit vlan 16 to 17 111 to 112 117 port link-aggregation group 1 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4 # interface GigabitEthernet1/0/5 # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 # interface M-GigabitEthernet1/0/0 # interface Ten-GigabitEthernet1/0/9 # interface Ten-GigabitEthernet1/0/10 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 117 untagged port hybrid pvid vlan 117 # interface WLAN-ESS1 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 111 untagged port hybrid pvid vlan 111 mac-vlan enable # interface WLAN-ESS2 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS3 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 112 untagged port hybrid pvid vlan 112 mac-vlan enable # interface WLAN-ESS4 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 mac-vlan enable qos apply policy 3000 outbound # interface WLAN-ESS6 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 port-security port-mode psk port-security tx-key-type 11key port-security preshared-key pass-phrase cipher $c$3$fCpCKHM/9seWNcAcNsdJJgsc9qYsMdiKcdz+ # interface WLAN-ESS7 port link-type hybrid undo port hybrid vlan 1 port hybrid vlan 117 untagged port hybrid pvid vlan 117 # nqa entry imclinktopologypleaseignore ping type icmp-echo destination ip 172.16.255.254 frequency 270000 # wlan ap-group default_group ap xzap-1

zhiliao_hCfjVl 发表时间:2021-07-09
粉丝:138人 关注:6人

您好,请知:

portal认证失败,以下是排查要点,请参考:

1、检查设备到服务器的路由是否可达。

2、检查指向的Portal的秘钥、URL是否准确。

3、具体还需要看下完整的配置。


粉丝:41人 关注:3人

看到图片里配置了mac-trigger,这是无感知,终端第一次通过portal认证后,后面再次连接这个网络就不用在进行portal认证了直接上网,在AC看一下dis portal user看下有没有这个终端的表项

粉丝:336人 关注:0人

您好,模版下引用了吗

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明