• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 全部
  • 全部
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
高级搜索

用户未能通过802.1X身份验证。

2020-07-10提问
  • 0关注
  • 0收藏,98浏览
粉丝:0人 关注:1人

问题描述:

设置列表 有序列表 无序列表对齐方式 靠左 居中 靠右 无线控制器:H3C WX3010EAP:H3C 配置信息如下:[ac]display current-configuration # version 5.20, Release 3509P44 # sysname ac # domain default enable nuray # telnet server enable # port-security enable # dot1x quiet-period dot1x authentication-method eap # oap management-ip 192.168.0.101 slot 0 # wlan auto-ap enable wlan auto-persistent enable # password-recovery enable # vlan 1 # radius scheme nuray server-type extended primary authentication 192.168.1.250 primary accounting 192.168.1.250 key authentication cipher $c$3$34Iz7Od5njs2YAfX3Ys4MRv09U+KudeA key accounting cipher $c$3$TPeH3ijgIR+rov7oyrc4wTwy0rfDkBVg timer realtime-accounting 3 undo stop-accounting-buffer enable accounting-on enable # domain nuray authentication lan-access radius-scheme nuray authorization lan-access radius-scheme nuray accounting lan-access radius-scheme nuray access-limit disable state active idle-cut disable self-service-url disable domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$CDUDtVQDx/xBdnxs3VDYFbC7dAyyrCsK4WRuvq0= authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 load-balance session 35 load-balance rssi-threshold 35 # wlan service-template 2 crypto ssid NURAYTECH bind WLAN-ESS 1 cipher-suite ccmp security-ie rsn service-template enable # wlan ap-group default_group ap 6100 ap 6207 ap 6401 ap 6408 ap 6100-out ap clean-room ap 3c8c-4043-94e0 # interface Bridge-Aggregation1 # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.201 255.255.255.0 # interface GigabitEthernet1/0/1 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-aggregation group 1 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 untagged # interface WLAN-ESS1 port-security port-mode userlogin-secure-ext port-security tx-key-type 11key undo dot1x handshake undo dot1x multicast-trigger # interface WLAN-ESS2 # wlan ap 3c8c-4043-94e0 model WA2610i-GN id 1 serial-id 219801A0CKC151000304 radio 1 # wlan ap 6100 model WA4320-ACN id 11 serial-id 210235A1GTC157000488 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6100-out model WA2620-AGN-C id 2 serial-id 219801A0KXM155000215 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6207 model WA2620-AGN-C id 3 serial-id 219801A0KXM153000313 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6401 model WA2620-AGN-C id 4 serial-id 219801A0KXM153000323 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6408 model WA4320-ACN id 6 serial-id 210235A1GTC177000526 radio 1 service-template 2 radio enable radio 2 service-template 2 radio enable # wlan ap clean-room model WA2620-AGN-C id 5 serial-id 219801A0KXM153000158 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ids whitelist mac-address 0024-d6e6-a334 whitelist mac-address 1002-b524-ec17 whitelist mac-address 1002-b583-6e72 whitelist mac-address 1002-b583-af9f whitelist mac-address 1002-b583-b021 whitelist mac-address 1002-b598-da05 whitelist mac-address 2856-5a7b-dfd7 whitelist mac-address 2856-5a7b-e335 whitelist mac-address 3052-cb7d-59b7 whitelist mac-address 3052-cb7d-5d9b whitelist mac-address 3468-958c-e883 whitelist mac-address 3468-958c-e8d5 whitelist mac-address 3468-958c-f2af whitelist mac-address 34f3-9a7e-185f whitelist mac-address 34f3-9a7e-21a6 whitelist mac-address 4845-2089-7254 whitelist mac-address 5ce0-c5a5-74d1 whitelist mac-address 5ce0-c5a5-74e0 whitelist mac-address 5ce0-c5a5-74ef whitelist mac-address 5ce0-c5a5-7558 whitelist mac-address 5cea-1d68-833f whitelist mac-address 5eea-1d68-833f whitelist mac-address 68ef-43c1-4ffe whitelist mac-address 80ad-16dc-ae6c whitelist mac-address 9c2e-a1dc-0ceb whitelist mac-address 9cb6-d0d7-b8e1 whitelist mac-address a86b-ad0e-5b13 whitelist mac-address a86b-ad0e-5b99 whitelist mac-address a86b-ad33-ec99 whitelist mac-address a86b-ad33-eca1 whitelist mac-address ace0-100f-8475 whitelist mac-address acfd-ce90-920a whitelist mac-address b886-8752-dc2b whitelist mac-address b886-8753-4811 whitelist mac-address ba6b-ad0e-5b13 whitelist mac-address bc83-85d9-d67d whitelist mac-address c48e-8f29-e3a1 whitelist mac-address c48e-8f29-f54d whitelist mac-address c48e-8f29-f54f whitelist mac-address d80f-995d-a005 whitelist mac-address d80f-995e-04e1 whitelist mac-address d80f-996c-92a9 whitelist mac-address d80f-996c-92b1 whitelist mac-address e4a4-710c-aa1c whitelist mac-address e4a4-710c-aa21 whitelist mac-address e4a4-7127-ef7a whitelist mac-address e4a4-7127-ef84 whitelist mac-address e4a4-7127-fab0 whitelist mac-address e4a4-7146-7b34 whitelist mac-address e4a4-71dc-f4ec whitelist mac-address e4a7-a00f-290e whitelist mac-address e4a7-a07f-b674 whitelist mac-address f0d5-bfaa-5a87 whitelist mac-address f0d5-bfd6-d599 whitelist mac-address f0d5-bfd6-d63e whitelist mac-address f859-717c-3d78 # wlan ips malformed-detect-policy default signature deauth_flood signature-id 1 signature broadcast_deauth_flood signature-id 2 signature disassoc_flood signature-id 3 signature broadcast_disassoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_success_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8 signature cts_flood signature-id 9 signature rts_flood signature-id 10 signature addba_req_flood signature-id 11 signature-policy default countermeasure-policy default attack-detect-policy default virtual-security-domain default attack-detect-policy default malformed-detect-policy default signature-policy default countermeasure-policy default # ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 # info-center loghost 192.168.1.194/nuraytech.com # user-interface con 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3之前做了一个Radius 认证。今天上午突然就访问无妨连接这个无线网络了。提示如下:[ac] %Jul 10 17:19:09:478 2020 ac WMAC/6/WMAC_CLIENT_JOIN_WLAN: Client e4a4-710c-aa1c successfully joins WLAN NURAYTECH, on APID 2 with BSSID 3c8c-40d1-02b0. %Jul 10 17:19:09:598 2020 ac 8021X/4/DOT1X_USER_ONLINE_FAIL: -UserName=NURAYTECH\lic-IPAddr=0.0.0.0-IfName=WLAN-DBSS1:3-VlanID=1-MACAddr=E4:A4:71:0C:AA:1C-SSID=NURAYTECH-APMAC=3C:8C:40:D1:02:A0-Type=0-NasId=-NasPortId=-Reason=Rejected by RADIUS server without any message ; User failed to get online. %Jul 10 17:19:42:617 2020 ac WMAC/6/WMAC_CLIENT_GOES_OFFLINE: Client e4a4-710c-aa1c disconnected from WLAN NURAYTECH. Reason code is 1. %Jul 10 17:20:09:498 2020 ac PORTSEC/6/PORTSEC_DOT1X_LOGIN_FAILURE: -IfName=WLAN-DBSS1:3-MACAddr=E4:A4:71:0C:AA:1C-VlanId=1-UserName=NURAYTECH\lic; The user failed the 802.1X authentication. %Jul 10 17:20:10:497 2020 ac PORTSEC/5/PORTSEC_VIOLATION: -IfName=WLAN-DBSS1:3-MACAddr=E4:A4:71:0C:AA:1C-VlanId=-1-IfStatus=Up; Intrusion detected.说是The user failed the 802.1X authentication和Rejected by RADIUS server without any message ; User failed to get online我该如何去解决啊?

组网及组网描述:

设置列表 有序列表 无序列表对齐方式 靠左 居中 靠右 无线控制器:H3C WX3010EAP:H3C 配置信息如下:[ac]display current-configuration # version 5.20, Release 3509P44 # sysname ac # domain default enable nuray # telnet server enable # port-security enable # dot1x quiet-period dot1x authentication-method eap # oap management-ip 192.168.0.101 slot 0 # wlan auto-ap enable wlan auto-persistent enable # password-recovery enable # vlan 1 # radius scheme nuray server-type extended primary authentication 192.168.1.250 primary accounting 192.168.1.250 key authentication cipher $c$3$34Iz7Od5njs2YAfX3Ys4MRv09U+KudeA key accounting cipher $c$3$TPeH3ijgIR+rov7oyrc4wTwy0rfDkBVg timer realtime-accounting 3 undo stop-accounting-buffer enable accounting-on enable # domain nuray authentication lan-access radius-scheme nuray authorization lan-access radius-scheme nuray accounting lan-access radius-scheme nuray access-limit disable state active idle-cut disable self-service-url disable domain system access-limit disable state active idle-cut disable self-service-url disable # user-group system group-attribute allow-guest # local-user admin password cipher $c$3$CDUDtVQDx/xBdnxs3VDYFbC7dAyyrCsK4WRuvq0= authorization-attribute level 3 service-type telnet service-type web # wlan rrm dot11a mandatory-rate 6 12 24 dot11a supported-rate 9 18 36 48 54 dot11b mandatory-rate 1 2 dot11b supported-rate 5.5 11 dot11g mandatory-rate 1 2 5.5 11 dot11g supported-rate 6 9 12 18 24 36 48 54 load-balance session 35 load-balance rssi-threshold 35 # wlan service-template 2 crypto ssid NURAYTECH bind WLAN-ESS 1 cipher-suite ccmp security-ie rsn service-template enable # wlan ap-group default_group ap 6100 ap 6207 ap 6401 ap 6408 ap 6100-out ap clean-room ap 3c8c-4043-94e0 # interface Bridge-Aggregation1 # interface NULL0 # interface Vlan-interface1 ip address 192.168.1.201 255.255.255.0 # interface GigabitEthernet1/0/1 port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-aggregation group 1 # interface WLAN-ESS0 port link-type hybrid port hybrid vlan 1 untagged # interface WLAN-ESS1 port-security port-mode userlogin-secure-ext port-security tx-key-type 11key undo dot1x handshake undo dot1x multicast-trigger # interface WLAN-ESS2 # wlan ap 3c8c-4043-94e0 model WA2610i-GN id 1 serial-id 219801A0CKC151000304 radio 1 # wlan ap 6100 model WA4320-ACN id 11 serial-id 210235A1GTC157000488 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6100-out model WA2620-AGN-C id 2 serial-id 219801A0KXM155000215 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6207 model WA2620-AGN-C id 3 serial-id 219801A0KXM153000313 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6401 model WA2620-AGN-C id 4 serial-id 219801A0KXM153000323 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ap 6408 model WA4320-ACN id 6 serial-id 210235A1GTC177000526 radio 1 service-template 2 radio enable radio 2 service-template 2 radio enable # wlan ap clean-room model WA2620-AGN-C id 5 serial-id 219801A0KXM153000158 radio 1 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable radio 2 service-template 2 client-rate-limit direction outbound mode static cir 1300000 radio enable # wlan ids whitelist mac-address 0024-d6e6-a334 whitelist mac-address 1002-b524-ec17 whitelist mac-address 1002-b583-6e72 whitelist mac-address 1002-b583-af9f whitelist mac-address 1002-b583-b021 whitelist mac-address 1002-b598-da05 whitelist mac-address 2856-5a7b-dfd7 whitelist mac-address 2856-5a7b-e335 whitelist mac-address 3052-cb7d-59b7 whitelist mac-address 3052-cb7d-5d9b whitelist mac-address 3468-958c-e883 whitelist mac-address 3468-958c-e8d5 whitelist mac-address 3468-958c-f2af whitelist mac-address 34f3-9a7e-185f whitelist mac-address 34f3-9a7e-21a6 whitelist mac-address 4845-2089-7254 whitelist mac-address 5ce0-c5a5-74d1 whitelist mac-address 5ce0-c5a5-74e0 whitelist mac-address 5ce0-c5a5-74ef whitelist mac-address 5ce0-c5a5-7558 whitelist mac-address 5cea-1d68-833f whitelist mac-address 5eea-1d68-833f whitelist mac-address 68ef-43c1-4ffe whitelist mac-address 80ad-16dc-ae6c whitelist mac-address 9c2e-a1dc-0ceb whitelist mac-address 9cb6-d0d7-b8e1 whitelist mac-address a86b-ad0e-5b13 whitelist mac-address a86b-ad0e-5b99 whitelist mac-address a86b-ad33-ec99 whitelist mac-address a86b-ad33-eca1 whitelist mac-address ace0-100f-8475 whitelist mac-address acfd-ce90-920a whitelist mac-address b886-8752-dc2b whitelist mac-address b886-8753-4811 whitelist mac-address ba6b-ad0e-5b13 whitelist mac-address bc83-85d9-d67d whitelist mac-address c48e-8f29-e3a1 whitelist mac-address c48e-8f29-f54d whitelist mac-address c48e-8f29-f54f whitelist mac-address d80f-995d-a005 whitelist mac-address d80f-995e-04e1 whitelist mac-address d80f-996c-92a9 whitelist mac-address d80f-996c-92b1 whitelist mac-address e4a4-710c-aa1c whitelist mac-address e4a4-710c-aa21 whitelist mac-address e4a4-7127-ef7a whitelist mac-address e4a4-7127-ef84 whitelist mac-address e4a4-7127-fab0 whitelist mac-address e4a4-7146-7b34 whitelist mac-address e4a4-71dc-f4ec whitelist mac-address e4a7-a00f-290e whitelist mac-address e4a7-a07f-b674 whitelist mac-address f0d5-bfaa-5a87 whitelist mac-address f0d5-bfd6-d599 whitelist mac-address f0d5-bfd6-d63e whitelist mac-address f859-717c-3d78 # wlan ips malformed-detect-policy default signature deauth_flood signature-id 1 signature broadcast_deauth_flood signature-id 2 signature disassoc_flood signature-id 3 signature broadcast_disassoc_flood signature-id 4 signature eapol_logoff_flood signature-id 5 signature eap_success_flood signature-id 6 signature eap_failure_flood signature-id 7 signature pspoll_flood signature-id 8 signature cts_flood signature-id 9 signature rts_flood signature-id 10 signature addba_req_flood signature-id 11 signature-policy default countermeasure-policy default attack-detect-policy default virtual-security-domain default attack-detect-policy default malformed-detect-policy default signature-policy default countermeasure-policy default # ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 # info-center loghost 192.168.1.194/nuraytech.com # user-interface con 0 user-interface vty 0 4 authentication-mode scheme user privilege level 3之前做了一个Radius 认证。今天上午突然就访问无妨连接这个无线网络了。提示如下:[ac] %Jul 10 17:19:09:478 2020 ac WMAC/6/WMAC_CLIENT_JOIN_WLAN: Client e4a4-710c-aa1c successfully joins WLAN NURAYTECH, on APID 2 with BSSID 3c8c-40d1-02b0. %Jul 10 17:19:09:598 2020 ac 8021X/4/DOT1X_USER_ONLINE_FAIL: -UserName=NURAYTECH\lic-IPAddr=0.0.0.0-IfName=WLAN-DBSS1:3-VlanID=1-MACAddr=E4:A4:71:0C:AA:1C-SSID=NURAYTECH-APMAC=3C:8C:40:D1:02:A0-Type=0-NasId=-NasPortId=-Reason=Rejected by RADIUS server without any message ; User failed to get online. %Jul 10 17:19:42:617 2020 ac WMAC/6/WMAC_CLIENT_GOES_OFFLINE: Client e4a4-710c-aa1c disconnected from WLAN NURAYTECH. Reason code is 1. %Jul 10 17:20:09:498 2020 ac PORTSEC/6/PORTSEC_DOT1X_LOGIN_FAILURE: -IfName=WLAN-DBSS1:3-MACAddr=E4:A4:71:0C:AA:1C-VlanId=1-UserName=NURAYTECH\lic; The user failed the 802.1X authentication. %Jul 10 17:20:10:497 2020 ac PORTSEC/5/PORTSEC_VIOLATION: -IfName=WLAN-DBSS1:3-MACAddr=E4:A4:71:0C:AA:1C-VlanId=-1-IfStatus=Up; Intrusion detected.说是The user failed the 802.1X authentication和Rejected by RADIUS server without any message ; User failed to get online我该如何去解决啊?

最佳答案

lqlqlq 七段
粉丝:8人 关注:15人

所有终端都不能认证成功?

所有的电脑都不能连接无线网络,都是认证未通过、radius服务器没有任何信息。我没动过服务器和无线控制器。不知道为什么了。

zhiliao_9A29A 发表时间:2020-07-10
0 个回答

该问题暂时没有网友解答

编辑答案

你正在编辑答案

如果你要对问题或其他回答进行点评或询问,请使用评论功能。

分享扩散:

提出建议

    +
<

亲~登录后才可以操作哦!

确定

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作

举报

×

侵犯我的权益 >
对根叔社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明