某局点终端无线portal认证通过后依旧无法上网问题处理经验案例

根据现场反馈，终端接入无线网络后可以弹出portal页面，输入账号密码后提示认证成功，在认证服务器上可以看到终端在线，但是在设备上提示认证失败终端下线，终端依旧无法上网。接到用户反馈后，我们立刻收集信息对问题进行分析。

一、查看配置

radius scheme real-radius
    primary authentication 10.136.1.89
    primary accounting 10.136.1.89
    key authentication cipher $c$3$mOlwQGEWrVum+BURkpiSVV+EUWBTS57baUY=
    key accounting cipher $c$3$UUVOPjYOYsG2lX629jvzjKIkZG8iL1kSirM=
    user-name-format without-domain
    nas-ip 10.136.43.253

domain real
    authentication portal radius-scheme real-radius
    authorization portal radius-scheme real-radius
    accounting portal radius-scheme real-radius
    access-limit disable
    state active
    idle-cut disable
    self-service-url disable

interface Vlan-interface1001
    ip address 10.136.38.254 255.255.255.0
    portal server portal method direct
    portal domain real
    portal nas-ip 10.136.43.253

查看配置没有问题。

二、收集debugging信息确认

IfName=Vlan-interface1001, PortName=WLAN-DBSS10:0, SrcIP=10.136.38.2, DstIP=10.136.38.254, Flow=27264038!
   *Jun 15 14:23:19:561 2017 AC PORTAL/7/PORTAL_DEBUG: The user (10.136.38.2) redirect url is http://10.255.254.253/cid/6278/portal.html?userip=10.136.38.2&userurl=http://10.136.38.254/router/get_rand_key.cgi.
   *Jun 15 14:23:19:561 2017 AC PORTAL/7/PORTAL_DEBUG: The user (10.136.38.2) redirect success.（重定向成功）

*Jun 15 14:24:34:623 2017 AC PORTAL/7/PORTAL_DEBUG:（开始认证）
Portal receive from 10.255.254.253 packet length:56
  Portal check packet OK
  Portal packet head:
   Type:3   SN:59052 ReqId:0    AttrNum:2  ErrCode:0  UserIP:10.136.38.2
  Portal packet attribute list:
   [  1 UserName            ] [ 13] [13913937552]
   [  2 PassWord            ] [ 11] [***]
  Portal raw packet:
   02 03 01 00 e6 ac 00 00 0a 88 26 02 00 00 00 02
   81 ed 2a b9 e0 7a 70 98 f8 bc 0d fd 95 db 59 57
   01 0d 31 33 39 31 33 39 33 37 35 35 32 02 0b 2a
   26 5e 25 24 23 40 21 7e

*Jun 15 14:24:34:624 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_REQAUTH: user index 5 IP 10.136.38.2 state DISCOVERED!
*Jun 15 14:24:34:624 2017 AC PORTAL/7/PORTAL_DEBUG: User: 5 IP: 10.136.38.2 state: DISCOVERED send AUTHREQ message to ACM!
*Jun 15 14:24:34:624 2017 AC PORTAL/7/PORTAL_DEBUG: State DISCOVERED change to WAIT_AUTHEN_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:625 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_AUTHEN: user index 5 IP 10.136.38.2 state WAIT_AUTHEN_ACK!
*Jun 15 14:24:34:625 2017 AC PORTAL/7/PORTAL_DEBUG: Send message 1 to WLAN return(1).
*Jun 15 14:24:34:627 2017 AC RDS/7/DEBUG: Recv MSG,[MsgType=Auth request Index = 5, ulParam3=3443344208]
*Jun 15 14:24:34:628 2017 AC RDS/7/DEBUG: Send attribute list:
*Jun 15 14:24:34:628 2017 AC RDS/7/DEBUG:
[1  User-name                   ] [13] [13913937552]
[4  NAS-IP-Address              ] [6 ] [10.136.43.253]
[32 NAS-Identifier              ] [4 ] [AC]
[5  NAS-Port                    ] [6 ] [16819177]
[87 NAS_Port_Id                 ] [18] [0100010000001001]
[61 NAS-Port-Type               ] [6 ] [19]
*Jun 15 14:24:34:628 2017 AC RDS/7/DEBUG:
[6  Service-Type                ] [6 ] [2]
[7  Framed-Protocol             ] [6 ] [255]
[31 Caller-ID                   ] [19] [46302D44352D42462D38382D38412D3245]
[30 Called-station-Id           ] [26] [80-F6-2E-BB-C8-60:GLJY-2]
[44 Acct-Session-Id             ] [23] [117061514243406b66925]
[8  Framed-Address              ] [6 ] [10.136.38.2]
*Jun 15 14:24:34:629 2017 AC RDS/7/DEBUG: NULL
*Jun 15 14:24:34:629 2017 AC RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 0 packet.
*Jun 15 14:24:34:629 2017 AC RDS/7/DEBUG: Malloc seed:8 in 10.255.254.253 for User ID:5
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG:
Event: Modify NAS-IP to 10.136.43.253.
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG: Send: IP=[10.255.254.253], UserIndex=[5], ID=[8], RetryTimes=[0], Code=[1], Length=[177]
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG: Send Raw Packet is:
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG:
 01 08 00 b1 44 59 03 1f 09 af a8 b1 b5 32 26 ac
 f1 40 6f 78 01 0d 31 33 39 31 33 39 33 37 35 35
 32 02 12 c1 18 3f 2a d4 4d 94 ce ff 7d 08 76 84
 0a d9 f0 04 06 0a 88 2b fd 20 04 41 43 05 06 01
 00 a3 e9 57 12 30 31 30 30 30 31 30 30 30 30 30
 30 31 30 30 31 3d 06 00 00 00 13 06 06 00 00 00
 02 07 06 00 00 00 ff 1f 13 46 30 2d 44 35 2d 42
 46 2d 38 38 2d 38 41 2d 32 45 1e 1a 38 30 2d 46
 36 2d 32 45 2d 42 42 2d 43 38 2d 36 30 3a 47 4c
 4a 59 2d 32 2c 17 31 31 37 30 36 31 35 31 34 32
 34 33 34 30 36 62 36 36 39 32 35 08 06 0a 88 26
 02
 
*Jun 15 14:24:34:632 2017 AC RDS/7/DEBUG: Recv MSG,[MsgType=PKT response Index = 51, ulParam3=3443476080]
*Jun 15 14:24:34:632 2017 AC RDS/7/DEBUG: Receive Raw Packet is:
*Jun 15 14:24:34:633 2017 AC RDS/7/DEBUG:
 02 08 00 33 c4 f9 5c d7 aa 20 f4 6d 8c c4 2e dd
 c3 f3 d4 d6 01 0d 31 33 39 31 33 39 33 37 35 35
 32 06 06 00 00 00 08 55 06 00 00 27 10 1b 06 00
 02 a3 00
 
*Jun 15 14:24:34:633 2017 AC RDS/7/DEBUG: No pick-up Notify from Receive Raw Packet!
*Jun 15 14:24:34:633 2017 AC RDS/7/DEBUG: Event: Received the detect response from auth-server(IP:10.255.254.253).
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG: Free seed:8 in 10.255.254.253 for User ID:5
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG: Receive:IP=[10.255.254.253],Code=[2],Length=[51]
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG:
[1  User-name                   ] [13] [13913937552]
[6  Service-Type                ] [6 ] [8]
[85 Acct_Interim_Interval       ] [6 ] [10000]
[27 Session-TimeOut             ] [6 ] [172800]
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG:
Info: Receive Acct username:13913937552.
*Jun 15 14:24:34:636 2017 AC PORTAL/7/PORTAL_DEBUG: Processing AUTHEN-ACK user 5 IP 10.136.38.2 recv AUTH-ACCEPT from ACM!
*Jun 15 14:24:34:637 2017 AC PORTAL/7/PORTAL_DEBUG: State WAIT_AUTHEN_ACK change to WAIT_AUTHOR_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:637 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_AUTHOR: user index 5 IP 10.136.38.2 state WAIT_AUTHOR_ACK!
*Jun 15 14:24:34:637 2017 AC PORTAL/7/PORTAL_DEBUG: State WAIT_AUTHOR_ACK change to WAIT_ACL_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:638 2017 AC PORTAL/7/PORTAL_DEBUG: Server no authorization userprofile name
*Jun 15 14:24:34:638 2017 AC DPPORTAL/7/DP_PORTAL_DEBUG:
 DRV_FUNC2:
    IfName = Vlan-interface1001
    SrcIP          = 10.136.38.2
    SrcMac         = f0d5-bf88-8a2e
    Vlan ID        = 1001
    AuthorACL      = N/A
    Operation      = ADD
*Jun 15 14:24:34:638 2017 AC DPPORTAL/7/DP_PORTAL_DEBUG:
Added Permit ACL: Successfully!
    RuleID    = 0x0000000a
    Sequence  = 0x0000000a
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: Add ACL driver return:0
 Inbound interface = all
 Type              = dynamic
 Action            = permit
 Protocol          = 0
 Source:
    IP        = 10.136.38.2
    Mask      = 255.255.255.255
    Port      = any
    MAC       = f0d5-bf88-8a2e
    Interface = any
    VLAN      = 1001
    SSID      =
    Spot      = N/A
 Destination:
    IP        = 0.0.0.0
    Mask      = 0.0.0.0
    Port      = any
 Context      = 0x0000000a,0xffffffff
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: Processing AUTHOR-ACK user 5 IP 10.136.38.2 successfully!
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: State WAIT_AUTHOR_ACK change to WAIT_LOGIN_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_LOGIN: user index 5 IP 10.136.38.2 state WAIT_LOGIN_ACK!
*Jun 15 14:24:34:640 2017 AC PORTAL/7/PORTAL_DEBUG:
Portal send to 10.255.254.253 packet length:52
  Portal packet head:
   Type:4   SN:59052 ReqId:0    AttrNum:3  ErrCode:0  UserIP:10.136.38.2
  Portal packet attribute list:
   [ 10 BAS-IP              ] [  6] [10.136.43.253]
   [ 11 Session-ID          ] [  8] [f0d5bf888a2e]
   [ 38 DeviceStartTime     ] [  6] [1497535015]
  Portal raw packet:
   02 04 01 00 e6 ac 00 00 0a 88 26 02 00 00 00 03
   79 32 55 7b 4e 1e 8a d5 c7 32 c5 7b 4f 06 8c 7e
   0a 06 0a 88 2b fd 0b 08 f0 d5 bf 88 8a 2e 26 06
   59 42 92 27

*Jun 15 14:24:34:642 2017 AC RDS/7/DEBUG: Recv MSG,[MsgType=Account request Index = 5, ulParam3=0]
*Jun 15 14:24:34:642 2017 AC RDS/7/DEBUG: Send attribute list:
*Jun 15 14:24:34:643 2017 AC RDS/7/DEBUG:
[1  User-name                   ] [13] [13913937552]
[32 NAS-Identifier              ] [4 ] [AC]
[5  NAS-Port                    ] [6 ] [16819177]
[87 NAS_Port_Id                 ] [18] [0100010000001001]
[61 NAS-Port-Type               ] [6 ] [19]
[31 Caller-ID                   ] [19] [46302D44352D42462D38382D38412D3245]
*Jun 15 14:24:34:643 2017 AC RDS/7/DEBUG:
[30 Called-station-Id           ] [26] [80-F6-2E-BB-C8-60:GLJY-2]
[40 Acct-Status-Type            ] [6 ] [1]
[45 Acct-Authentic              ] [6 ] [1]
[44 Acct-Session-Id             ] [23] [117061514243406b66925]
[8  Framed-Address              ] [6 ] [10.136.38.2]
[4  NAS-IP-Address              ] [6 ] [10.136.43.253]
*Jun 15 14:24:34:643 2017 AC RDS/7/DEBUG:
[55 Event-Timestamp             ] [6 ] [1497536674]
*Jun 15 14:24:34:644 2017 AC RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 1 packet.
*Jun 15 14:24:34:644 2017 AC RDS/7/DEBUG: Malloc seed:9 in 10.255.254.253 for User ID:5
*Jun 15 14:24:34:644 2017 AC RDS/7/DEBUG:
Event: Modify NAS-IP to 10.136.43.253.
*Jun 15 14:24:34:645 2017 AC RDS/7/DEBUG: Send: IP=[10.255.254.253], UserIndex=[5], ID=[9], RetryTimes=[0], Code=[4], Length=[165]
*Jun 15 14:24:34:645 2017 AC RDS/7/DEBUG: Send Raw Packet is:
*Jun 15 14:24:34:645 2017 AC RDS/7/DEBUG:
 04 09 00 a5 a6 77 3b bf 16 9b 5b 5a 18 fc d6 d8
 d9 92 c7 45 01 0d 31 33 39 31 33 39 33 37 35 35
 32 20 04 41 43 05 06 01 00 a3 e9 57 12 30 31 30
 30 30 31 30 30 30 30 30 30 31 30 30 31 3d 06 00
 00 00 13 1f 13 46 30 2d 44 35 2d 42 46 2d 38 38
 2d 38 41 2d 32 45 1e 1a 38 30 2d 46 36 2d 32 45
 2d 42 42 2d 43 38 2d 36 30 3a 47 4c 4a 59 2d 32
 28 06 00 00 00 01 2d 06 00 00 00 01 2c 17 31 31
 37 30 36 31 35 31 34 32 34 33 34 30 36 62 36 36
 39 32 35 08 06 0a 88 26 02 04 06 0a 88 2b fd 37
 06 59 42 98 a2
 
*Jun 15 14:24:34:647 2017 AC DPPORTAL/7/DP_PORTAL_DEBUG:
Info: Find the freerule result (0),Param:SrcIP 0afffefd,DstIP 0a882602,DstMac(f0d5-bf88-8a2e)
*Jun 15 14:24:34:647 2017 AC PORTAL/7/PORTAL_DEBUG:
Portal receive from 10.255.254.253 packet length:32
  Portal check packet OK
  Portal packet head:
   Type:7   SN:59052 ReqId:0    AttrNum:0  ErrCode:0  UserIP:10.136.38.2
  Portal packet attribute list:
   NULL
  Portal raw packet:
   02 07 01 00 e6 ac 00 00 0a 88 26 02 00 00 00 00
   61 34 f5 02 d9 69 ae 1f a4 80 24 55 4e 3e 3b 28

Event: Begin to switch RADIUS server when sending 1 packet.
*Jun 15 14:24:43:634 2017 AC RDS/7/DEBUG:
Event: No active RADIUS server is available for switching when sending packet (pkt-flag = 1).
*Jun 15 14:24:43:634 2017 AC RDS/7/DEBUG: Free seed:9 in 10.255.254.253 for User ID:5
*Jun 15 14:24:43:634 2017 AC RDS/7/DEBUG:
Error: Accounting server no response.(AAAID = 5, Req-ID = 0)
%Jun 15 14:24:43:666 2017 AC PORTAL/4/PORTAL_USER_LOGON_FAIL: -UserName=13913937552-IPAddr=10.136.38.2-IfName=Vlan-interface1001-VlanID=1001-MACAddr=F0:D5:BF:88:8A:2E-Reason=Rejected : 1; User failed to get online.（设备提示计费服务器无响应，用户上线失败）

至此，我们发现了终端无法上线的原因，和现场沟通后确认现场使用的radius服务器是不支持计费功能的。

由于现场的radius服务器不支持计费功能，而我们的设备上又配置了计费的命令，所以在认证时设备认为计费服务器没有响应导致终端上线失败。

让现场把计费配置为none即可解决该问题。

（accounting portal radius-scheme portal改为accounting portal none）

遇到现场radius服务器不支持计费功能时，我们需要把portal中的计费配置配为none。注意：不要把计费配置删除而应该配为none。