• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

小贝无线控制器开启dot1x 认证,远端radiu认证服务器,认证失败

3小时前提问
  • 0关注
  • 0收藏,41浏览
zhiliao_Lz8S3
zhiliao_Lz8S3 二段
粉丝:0人 关注:0人

问题描述:

小贝无线控制器开启dot1x 认证,远端radiu认证服务器,无线控制器到radius认证服务器路由可达,可以ping通,但是终端笔记本连接无线后,弹出输入账号密码界面,输入后无任何反应,重新恢复输入账号密码界面。在无线控制器上debugg radius 信息如下, 请懂得帮忙分析一下是什么问题?

<AC>*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

PAM_RADIUS: Processing RADIUS authentication.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

PAM_RADIUS: Sent authentication request successfully.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Processing AAA request data.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Got request data successfully, primitive: authentication.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Getting RADIUS server info.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Got RADIUS server info successfully.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Created request context successfully.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Created request packet successfully, dstIP: 10.133.89.16, dstPort: 1812, VPN instance: --(public), socketFd: 211, pktID: 77.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Added packet socketfd to epoll successfully, socketFd: 211.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Mapped PAM item to RADIUS attribute successfully.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Got RADIUS username format successfully, format: 0.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Added attribute user-name successfully, user-name: qinan.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Filled RADIUS attributes in packet successfully.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Composed request packet successfully.

*May 21 15:21:41:939 2026 AC RADIUS/7/EVENT: 

Created response timeout timer successfully.

*May 21 15:21:41:939 2026 AC RADIUS/7/PACKET: 

    User-Name="qinan"

    Service-Type=Framed-User

    Framed-Protocol=PPP

    NAS-Identifier="AC"

    NAS-Port=16777311

    NAS-Port-Type=Wireless-802.11

    NAS-Port-

    Calling-Station-

    Called-Station-

    H3c-Nas-Startup-Timestamp=1293840011

    Acct-Session-

    H3c-User-Vlan-Id=95

    EAP-Message=0x0201000a0171696e616e

    Message-Authenticator=0x00000000000000000000000000000000

    Framed-MTU=1450

    H3c-Ip-Host-Addr="0.0.0.0 50:5b:c2:d6:eb:b9"

    H3C-MAC-Proxy-Authenticator=******

    NAS-IP-Address=10.153.82.253

    H3c-Product-

*May 21 15:21:41:940 2026 AC RADIUS/7/EVENT: 

Sent request packet successfully.

*May 21 15:21:41:940 2026 AC RADIUS/7/PACKET: 

 01 4d 01 2f 22 2b 20 14 82 50 9d c2 ae c6 db 06 

 25 d4 2b 25 01 07 71 69 6e 61 6e 06 06 00 00 00 

 02 07 06 00 00 00 01 20 04 41 43 05 06 01 00 00 

 5f 3d 06 00 00 00 13 57 12 30 31 30 30 30 30 30 

 30 30 30 30 30 30 30 39 35 1f 13 35 30 2d 35 42 

 2d 43 32 2d 44 36 2d 45 42 2d 42 39 1e 1a 45 43 

 2d 44 41 2d 35 39 2d 30 46 2d 32 36 2d 36 30 3a 

 37 35 32 35 31 35 1a 0c 00 00 63 a2 3b 06 4d 1e 

 6e 8b 2c 28 30 30 30 30 30 30 30 34 32 30 32 36 

 30 35 32 31 30 37 32 31 34 31 30 30 30 30 30 30 

 31 33 30 38 31 30 30 31 38 31 1a 0c 00 00 63 a2 

 85 06 00 00 00 5f 4f 0c 02 01 00 0a 01 71 69 6e 

 61 6e 50 12 50 b2 eb df ed 9d 59 14 f3 fd 39 8a 

 2c 93 af 09 0c 06 00 00 05 aa 1a 21 00 00 63 a2 

 3c 1b 30 2e 30 2e 30 2e 30 20 35 30 3a 35 62 3a 

*May 21 15:21:41:940 2026 AC RADIUS/7/PACKET: 

 63 32 3a 64 36 3a 65 62 3a 62 39 1a 18 00 00 63 

 a2 96 12 da ab 68 60 5b 87 14 16 3f a6 d7 4f cc 

 ec f2 f3 04 06 0a 99 52 fd 1a 16 00 00 63 a2 ff 

 10 48 33 43 20 4d 53 47 33 36 30 2d 31 30 53 

*May 21 15:21:41:940 2026 AC RADIUS/7/EVENT: 

Sent request packet and create request context successfully.

*May 21 15:21:41:940 2026 AC RADIUS/7/EVENT: 

Added request context to global table successfully.

*May 21 15:21:41:940 2026 AC RADIUS/7/EVENT: 

Processing AAA request data.

*May 21 15:21:41:940 2026 AC RADIUS/7/EVENT: 

Processing AAA request data.

*May 21 15:21:41:940 2026 AC RADIUS/7/EVENT: 

Processing AAA request data.

*May 21 15:21:52:435 2026 AC RADIUS/7/EVENT: 

Response timed out.

*May 21 15:21:52:435 2026 AC RADIUS/7/EVENT: 

Found request context, dstIP: 10.133.89.16; dstPort: 1812; VPN instance: --(public); socketfd: 211; pktID:77.

*May 21 15:21:52:435 2026 AC RADIUS/7/EVENT: 

Retransmitting request packet, currentTries: 2, maxTries: 3.

*May 21 15:22:02:435 2026 AC RADIUS/7/EVENT: 

Response timed out.

*May 21 15:22:02:435 2026 AC RADIUS/7/EVENT: 

Found request context, dstIP: 10.133.89.16; dstPort: 1812; VPN instance: --(public); socketfd: 211; pktID:77.

*May 21 15:22:02:435 2026 AC RADIUS/7/EVENT: 

Retransmitting request packet, currentTries: 3, maxTries: 3.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

Response timed out.

%May 21 15:22:12:435 2026 AC DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=qinan-UserMAC=505b-c2d6-ebb9-BSSID=ecda-590f-2662-SSID=752515-APName=ecda-590f-2660-RadioID=1-VLANID=95; A user failed 802.1X authentication.Reason:AAA processed authentication request and return 8.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

Found request context, dstIP: 10.133.89.16; dstPort: 1812; VPN instance: --(public); socketfd: 211; pktID:77.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

Reached the maximum retries.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

Set status of server to block successfully. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

Got next server failed.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

Sent reply error message to PAM.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

Sent reply message successfully.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

PAM_RADIUS: Processing RADIUS authentication.

*May 21 15:22:12:435 2026 AC RADIUS/7/EVENT: 

PAM_RADIUS: Fetched authentication reply-data successfully, resultCode: 3

*May 21 15:22:12:437 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:24:508 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:24:509 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:24:510 2026 AC RADIUS/7/EVENT: 

Aaad sent notification about the change of server status to application process successfully. Server state: active.

*May 21 15:23:24:510 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:24:692 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:24:692 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:24:693 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:24:695 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:24:695 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:24:746 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:24:746 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:24:747 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:24:832 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:24:832 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:24:832 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:25:133 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:25:133 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:25:133 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:25:144 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:25:144 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:25:144 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:25:431 2026 AC RADIUS/7/EVENT: 

Set server to active state. serverIP: 10.133.89.16, serverPort: 1812.

*May 21 15:23:25:432 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:25:432 2026 AC RADIUS/7/EVENT: 

Received status of server changing event.

*May 21 15:23:25:435 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

*May 21 15:23:25:508 2026 AC RADIUS/7/EVENT: 

Application process received the notification about the change of server status from aaad process. Server state: active.

%May 21 15:23:42:578 2026 AC DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=-UserMAC=505b-c2d6-ebb9-BSSID=ecda-590f-2662-SSID=752515-APName=ecda-590f-2660-RadioID=1-VLANID=95; A user failed 802.1X authentication.Reason:802.1X user timer timed out.

%May 21 15:25:12:778 2026 AC DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=-UserMAC=505b-c2d6-ebb9-BSSID=ecda-590f-2662-SSID=752515-APName=ecda-590f-2660-RadioID=1-VLANID=95; A user failed 802.1X authentication.Reason:802.1X user timer timed out.

 

3 个回答
按时间 按赞数
Xcheng
Xcheng 九段
粉丝:136人 关注:3人

AAA processed authentication request and returned error code codeAAA处理认证请求并返回错误码codecode取值如下:

¡  4:认证域不存在

¡  8:认证域下的配置错误/服务器上配置的共享密钥与设备配置的共享密钥不一致/认证端口1812没有开启/服务器与设备网络不可达

¡  26:用户名或密码错误/认证类型错误/服务器上没有添加设备IP地址/服务模板下认证域配置错误


配置不正确或者错误导致,仔细检查核对下配置吧。或找服务器协助处理

暂无评论

刘浩存
刘浩存 九段
粉丝:16人 关注:1人

根据日志分析,问题很明确:AC(无线控制器)和 RADIUS 服务器之间网络虽然通了,但 RADIUS 认证报文被拒绝了

日志里最关键的几行是:*May 21 15:21:52:435 2026 AC RADIUS/7/EVENT: Response timed out.

... %May 21 15:22:12:435 2026 AC DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: ...Reason:AAA processed authentication request and return 8.这说明了:

  1. AC 成功把认证请求发给了 RADIUS 服务器(10.133.89.16)。

  2. 但它在规定时间内没收到服务器的回应,于是触发超时重传。

  3. 重试了 3 次都没回应,AC 就把这台服务器暂时“拉黑”(Set status of server to block)。

  4. 最终认证失败,错误代码 return 8 通常也意味着 RADIUS 服务器无响应或请求超时。

简单说,就是 AC 和 RADIUS 服务器“握手”失败。虽然 ping 能通,但 RADIUS 协议(UDP 1812端口)的通信没建立起来。


 问题排查步骤

建议按下面几个方向,从简到繁逐一排查:

1. 检查 RADIUS 服务器的防火墙

这是最可能的原因。需要登录 RADIUS 服务器(10.133.89.16),检查系统防火墙或安全软件是否放行了 UDP 1812 端口。如果没放行,需要添加规则允许来自 AC 管理 IP(10.153.82.253)的该端口访问。

2. 核对 AC 和服务器间的共享密钥

双方配置的共享密钥(shared secret)必须完全一致,否则服务器会直接丢弃请求,导致 AC 收不到任何回应。可以在 AC 上用 display radius scheme 命令确认,并与服务器端仔细核对。

3. 检查服务器上的 RADIUS 服务状态

确认 RADIUS 服务(如 Windows 的 NPS,或 FreeRADIUS)正在运行,且配置为在 UDP 1812 端口上监听来自所有有效 IP 的请求。

4. 检查中间链路的安全策略

如果 AC 和服务器之间有防火墙或交换机,也要检查它们上面的 ACL 规则,确保没有阻止 AC 到服务器的 UDP 1812 流量。

5. 检查 RADIUS 服务器可达性

虽然 ping 能通,但从业务网段发起的连通性测试更有意义。可以在 AC 上用 ping -a 10.153.82.253 10.133.89.16 命令,模拟从 AC 源 IP 发出的探测,确认无丢包。

 快速测试方法
可以在 Windows 服务器上用抓包工具(如 Wireshark),或通过简单的端口测试命令 Test-NetConnection -ComputerName 10.133.89.16 -Port 1812 来验证。

暂无评论

hedgeknight
hedgeknight 九段
粉丝:35人 关注:5人

根据日志推断,可能是AC的1812端口(radius认证)与服务器之间链路问题,导致状态翻转,可以AC和服务器之间抓包看下access request报文是否发出,服务器是否收到;以及服务器回复的access accept或reject报文是否发出和被AC收到,另外就是AC上display radius statistics看下radius报文的增长情况。

暂无评论

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +
网站相关
关于我们
服务条款
隐私政策
帮助中心
经验与权限
积分规则
联系我们
联系我们
建议反馈
常用链接
标杆的神器下载
关注我们
H3C官网
新华三服务公众号
安仔远程运维服务
新华三商城
内容许可
除特别说明外,用户内容均可采用知识共享署名-相同方式共享3.0中国大陆许可协议进行许可

Copyright©2026新华三集团保留一切权利 当前呈现版本 NO.1

本图标版权归新华三集团所有,仅限本社区使用,切勿用做商业目的,违者必究

浙ICP备09064986号-1   浙公网安备 33010802004416号

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 pub.zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到pub.zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明