H3C WX2540H 公网portal认证,配置已完成,认证过程中,可以弹出认证页面,输入户密码点登录提示认证超时,dubug查看ac可以收到来自portal服务器响应且目的端口是2000,但ac未回包;wifi名xx-访客2,终端mac 32a5-3694-3503,外网radius 47开头 ,配置及debug信息见下,麻烦大佬帮助下
PAM_RADIUS: Fetched accounting-update reply-data successfully, resultCode: 0
*Dec 7 11:21:18:493 2023 H3C PORTAL/7/RULE:
[Outbound] permit the packet on the outbound {MatchRes = [Rule1-Permit]}.
IfName = WLAN-BSS1/0/2264, PortName = WLAN-BSS1/0/2264, Vlan = 504, DstMAC = 32a5-3694-3503,
SrcIP = 47.99.242.34, DstIP = 192.168.14.149
L4Protocol = 6, SrcPort = 8887, DstPort = 65517, VrfIndex = 0
*Dec 7 11:21:18:531 2023 H3C PORTAL/7/RULE:
[Inbound] execute full rule match, { MatchRes = [Rule2-Permit] }
IfName = WLAN-BSS1/0/2036, PortName = WLAN-BSS1/0/2036, Vlan = 504, SrcMAC = a4cf-997a-052b,
SrcIP = 192.168.14.58, DstIP = 157.148.41.214
L4Protocol = 6, SrcPort = 54419, DstPort = 443, VrfIndex = 0
*Dec 7 11:21:18:560 2023 H3C RADIUS/7/EVENT: Reply SocketFd recieved EPOLLIN event.
*Dec 7 11:21:18:560 2023 H3C RADIUS/7/EVENT: Received reply packet successfully.
*Dec 7 11:21:18:560 2023 H3C RADIUS/7/EVENT: Found request context, dstIP: 172.16.4.100, dstPort: 1812, VPN instance: --(public), socketFd: 219, pktID: 237.
*Dec 7 11:21:18:560 2023 H3C RADIUS/7/EVENT:
The reply packet is valid.
*Dec 7 11:21:18:560 2023 H3C RADIUS/7/EVENT:
(0)
最佳答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
您好,服务器已添加接入设备,否则服务器不会回报,ac配置如下: wlan service-template guest_network description _2 ssid 辛选网络_访客2 vlan 504 portal enable method direct portal domain wb_domain portal bas-ip 192.168.14.10 portal apply web-server wb_portal_url service-template enable radius scheme wb_radius primary authentication 47.99.242.34 key cipher $c$3$4cSAJRY2/R75RTZ9IjdV86u41lVUd4qgbmv7Fkn1Tg== primary accounting 47.99.242.34 key cipher $c$3$eJwcqfn+oIYVgod062dCpmdVmFIw/JwRfchy9QcdHA== key authentication cipher $c$3$Qw2KRSAWRNm6TuA4ygNgSmfNmKvtokACqVrjnSXfHA== key accounting cipher $c$3$opyi3zbkkG2FzbaZR6FlNOLFoW43VsO8iX0sXdM6IA== user-name-format keep-original nas-ip 192.168.14.10 domain wb_domain authentication lan-access radius-scheme wb_radius authorization lan-access radius-scheme wb_radius accounting lan-access radius-scheme wb_radius authentication portal radius-scheme wb_radius authorization portal radius-scheme wb_radius accounting portal radius-scheme wb_radius portal free-rule 1 destination ip any udp 53 portal free-rule 2 destination ip 192.168.10.10 255.255.255.255 portal free-rule 3 destination ip 172.16.4.100 255.255.255.255 portal free-rule 4 destination ip 114.114.114.114 255.255.255.255 udp 53 portal free-rule 5 destination ip 1.15.158.106 255.255.255.255 udp 53 portal free-rule 7 destination ip any tcp 53 portal free-rule 8 destination ip 47.99.242.34 255.255.255.255 portal url-unescape-chars ? # portal web-server wb_portal_url url http://47.99.242.34:8887/ui/portal.html url-parameter nasip value 218.75.35.254 portal server wb_portal_server ip 47.99.242.34 key cipher $c$3$VNAf
那就找服务器看下是那个报文或者那个模块异常吧。目前信息只能定位radius报文有回应。检查下吧