不涉及
部分哑终端大概10分钟左右就掉线,下线原因Idle Timeout(空闲时间超时),DR2000控制器上没有做相关限制,有问题的普遍是刷卡门禁哑终端,一段时间没人刷卡就掉线了。
1、首先查看认证设备leaf上的配置,未发现特殊的配置,leaf下行口主要配置如下:
interface GigabitEthernet1/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port-isolate enable group 1
stp tc-restriction
mac-based ac
dot1x
dot1x critical vsi vsi3501
mac-authentication
mac-authentication domain adcampus
mac-authentication critical vsi vsi3501 url-user-logoff
port-security free-vlan 1 3501 to 3508 4093 to 4094
#
service-instance 3501
encapsulation s-vid 3501
xconnect vsi vsi3501
arp detection trust
2、哑终端掉线过程中,采集debugging mac-authentication all 、debugging radius all信息,发现如下信息:
*May 17 16:36:49:590 2019 zyzyl-1F-zhibanshi-leaf RADIUS/7/EVENT:
PAM_RADIUS: RADIUS accounting updated.
*May 17 16:36:49:591 2019 zyzyl-1F-zhibanshi-leaf RADIUS/7/EVENT:
PAM_RADIUS: Fetched accounting-update reply-data successfully, resultCode: 0
*May 17 16:36:49:591 2019 zyzyl-1F-zhibanshi-leaf RADIUS/7/EVENT:
Sent reply message successfully.
<zyzyl-1F-zhibanshi-leaf>*May 17 16:37:02:581 2019 zyzyl-1F-zhibanshi-leaf RADIUS/7/EVENT:
PAM_RADIUS: RADIUS accounting stopped.
*May 17 16:37:02:581 2019 zyzyl-1F-zhibanshi-leaf RADIUS/7/EVENT:
PAM_RADIUS: Sent accounting-stop request successfully.
*May 17 16:37:02:581 2019 zyzyl-1F-zhibanshi-leaf RADIUS/7/EVENT:
Processing AAA request data.
*May 17 16:37:02:581 2019 zyzyl-1F-zhibanshi-leaf RADIUS/7/EVENT:
Got request data successfully, primitive: accounting-stop.
从上述信息看,设备主动发送计费停止报文,radius服务器相应计费停止报文后,终端掉线。
至于设备为什么会主动发出计费停止报文?查阅官网mac地址认证章节,发现设备端口开启mac地址认证时,端口的MAC地址认证下线检测功能缺省是处于开启状态(mac-authentication offline-detect enable)。于是,告知现场工程师手动关闭端口的MAC地址认证下线检测功能(undo mac-authentication offline-detect enable),经测试,哑终端不再下线,故障问题解决。
关闭leaf下行认证接口的MAC地址认证下线检测功能undo mac-authentication offline-detect enable。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作