Adcampus开局mac portal认证终端无法上线
- 0关注
- 0收藏,322浏览
问题描述:
Adcampus开局,拓扑采用spine--leaf--access结构,按照官网Adcampus6.3指导手册进行mac portal配置,完成相关配置后终端无法正常通过mac portal上线,在leaf设备上进行debug,有以下信息,请帮忙分析下是哪一步操作由问题。认证终端是有线PC,接入access设备G1/0/23口,有线终端上无法获取到IP地址。
<dlb_leaf>*Dec 23 13:40:24:621 2023 dlb_leaf MACA/7/EVENT: Processing new mac event: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:622 2023 dlb_leaf MACA/7/EVENT: State changed from Initialize to Authenticating: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:622 2023 dlb_leaf MACA/7/EVENT: User is being authenticated with name 0cda411d2ea3 and password ***: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:623 2023 dlb_leaf MACA/7/EVENT: Started server timeout timer: Length=100(s), UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:623 2023 dlb_leaf MACA/7/EVENT: MACA authentication begin set IP Address to PAM.
*Dec 23 13:40:24:626 2023 dlb_leaf MACA/7/EVENT: AAA processed authentication request: Result=Processing, UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:627 2023 dlb_leaf MACA/7/EVENT: Notified PortSec of new MAC processing result 1: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:629 2023 dlb_leaf MACA/7/EVENT: Received authentication response with code 26: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:630 2023 dlb_leaf MACA/7/EVENT: State changed from Authenticating to Disconnect: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:630 2023 dlb_leaf MACA/7/EVENT: Deleted server timeout timer: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:631 2023 dlb_leaf MACA/7/EVENT: Failed to get user traffic statistics: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:632 2023 dlb_leaf MACA/7/EVENT: User failed to come online (UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1). Reason: The RADIUS server rejected the authentication request.
*Dec 23 13:40:24:633 2023 dlb_leaf MACA/7/EVENT: A user was deleted: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:634 2023 dlb_leaf MACA/7/EVENT: Processing AuthenFail event: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:634 2023 dlb_leaf MACA/7/EVENT: Notified PortSec of AuthenFail result: Result=1, UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
*Dec 23 13:40:24:639 2023 dlb_leaf MACA/7/EVENT: Added a silent MAC address: UserMAC=0cda-411d-2ea3, VLANID=122, Interface=GigabitEthernet1/0/1.
- 2023-12-23提问
- 举报
-
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
没有,终端还没获取到地址
交换机上看下是否存在mac认证表项,如果没有检查一下相关配置?
交换机上没有认证表项,配置都是按照手册来配置的,看debug信息是radius服务器拒绝了认证请求
控制器-分析-认证失败记录看下是否存在对应条目
没有条目
radius 服务器通吗?dis radius scheme
<dlb_leaf>display radius scheme Total 2 RADIUS schemes ------------------------------------------------------------------ RADIUS scheme name: system Index: 0 Primary authentication server: Host name: Not Configured IP : Not Configured Port: 1812 VPN : Not configured State: Blocked Test profile: Not configured Weight: 0 Primary accounting server: Host name: Not Configured IP : Not Configured Port: 1813 VPN : Not configured State: Blocked Weight: 0 Accounting-On function : Disabled extended function : Disabled retransmission times : 50 retransmission interval(seconds) : 3 Timeout Interval(seconds) : 3 Retransmission Times : 3 Retransmission Times for Accounting Update : 5 Server Quiet Period(minutes) : 5 Realtime Accounting Interval(seconds) : 720 Stop-accounting packets buffering : Enabled Retransmission times : 500 NAS IP Address : Not configured Local NAS IP Address : Not configured NAS IP Address : Not configured VPN : Not configured User Name Format : without-domain Data flow unit : Byte Packet unit : One Attribute 15 check-mode : Strict Attribute 25 : Standard Attribute Remanent-Volume unit : Kilo server-load-sharing : Disabled Attribute 30 format : HH-HH-HH-HH-HH-HH:SSID Attribute 30 MAC format : HH-HH-HH-HH-HH-HH Attribute 31 MAC format : HH-HH-HH-HH-HH-HH Stop-accounting packets send-force : Disabled Reauthentication server selection : Inherit Attribute 218 of vendor ID 25506 : DHCP-Option 61 Format 1 (1-byte Type field) ------------------------------------------------------------------ RADIUS scheme name: byod Index: 1 Primary authentication server: Host name: Not Configured IP : 10.0.55.1 Port: 1812 VPN : vpn-default State: Active (duration: 0 weeks, 0 days, 4 hours, 12 minutes, 36 seconds) Most recent blocked period: 2023/12/23 12:22:46 - 2023/12/23 12:27:47 Test profile: Not configured Weight: 0 Primary accounting server: Host name: Not Configured IP : 10.0.55.1 Port: 1813 VPN : vpn-default State: Active (duration: 0 weeks, 0 days, 4 hours, 18 minutes, 34 seconds) Weight: 0 Accounting-On function : Enabled extended function : Disabled retransmission times : 255 retransmission interval(seconds) : 15 Timeout Interval(seconds) : 3 Retransmission Times : 3 Retransmission Times for Accounting Update : 5 Server Quiet Period(minutes) : 5 Realtime Accounting Interval(seconds) : 900 Stop-accounting packets buffering : Enabled Retransmission times : 500 NAS IP Address : Not configured Local NAS IP Address : Not configured NAS IP Address : Not configured VPN : vpn-default User Name Format : without-domain Data flow unit : Byte Packet unit : One Attribute 15 check-mode : Strict Attribute 25 : Standard Attribute Remanent-Volume unit : Kilo server-load-sharing : Disabled Attribute 30 format : HH-HH-HH-HH-HH-HH:SSID Attribute 30 MAC format : HH-HH-HH-HH-HH-HH Attribute 31 MAC format : HH-HH-HH-HH-HH-HH Stop-accounting packets send-force : Enabled Reauthentication server selection : Inherit Attribute 218 of vendor ID 25506 : DHCP-Option 61 Format 1 (1-byte Type field) ------------------------------------------------------------------ <dlb_leaf>ping 10.0.55.1 Ping 10.0.55.1 (10.0.55.1): 56 data bytes, press CTRL+C to break 56 bytes from 10.0.55.1: icmp_seq=0 ttl=63 time=1.922 ms 56 bytes from 10.0.55.1: icmp_seq=1 ttl=63 time=1.337 ms 56 bytes from 10.0.55.1: icmp_seq=2 ttl=63 time=1.358 ms 56 bytes from 10.0.55.1: icmp_seq=3 ttl=63 time=1.396 ms 56 bytes from 10.0.55.1: icmp_seq=4 ttl=63 time=1.370 ms --- Ping statistics for 10.0.55.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.337/1.477/1.922/0.224 ms <dlb_leaf>%Dec 23 16:41:00:108 2023 dlb_leaf PING/6/PING_STATISTICS: Ping statistics for 10.0.55.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.337/1.477/1.922/0.224 ms. radius服务器是通的
那可能需要检查下接口组的配置,已经mac portal 的相关配置了,策略模板,以及应用