根据现场反馈,终端接入无线网络后可以弹出portal页面,输入账号密码后提示认证成功,在认证服务器上可以看到终端在线,但是在设备上提示认证失败终端下线,终端依旧无法上网。接到用户反馈后,我们立刻收集信息对问题进行分析。
一、查看配置
radius scheme real-radius
primary authentication 10.136.1.89
primary accounting 10.136.1.89
key authentication cipher $c$3$mOlwQGEWrVum+BURkpiSVV+EUWBTS57baUY=
key accounting cipher $c$3$UUVOPjYOYsG2lX629jvzjKIkZG8iL1kSirM=
user-name-format without-domain
nas-ip 10.136.43.253
domain real
authentication portal radius-scheme real-radius
authorization portal radius-scheme real-radius
accounting portal radius-scheme real-radius
access-limit disable
state active
idle-cut disable
self-service-url disable
interface Vlan-interface1001
ip address 10.136.38.254 255.255.255.0
portal server portal method direct
portal domain real
portal nas-ip 10.136.43.253
查看配置没有问题。
二、收集debugging信息确认
IfName=Vlan-interface1001, PortName=WLAN-DBSS10:0, SrcIP=10.136.38.2, DstIP=10.136.38.254, Flow=27264038!
*Jun 15 14:23:19:561 2017 AC PORTAL/7/PORTAL_DEBUG: The user (10.136.38.2) redirect url is http://10.255.254.253/cid/6278/portal.html?userip=10.136.38.2&userurl=http://10.136.38.254/router/get_rand_key.cgi.
*Jun 15 14:23:19:561 2017 AC PORTAL/7/PORTAL_DEBUG: The user (10.136.38.2) redirect success.(重定向成功)
*Jun 15 14:24:34:623 2017 AC PORTAL/7/PORTAL_DEBUG:(开始认证)
Portal receive from 10.255.254.253 packet length:56
Portal check packet OK
Portal packet head:
Type:3 SN:59052 ReqId:0 AttrNum:2 ErrCode:0 UserIP:10.136.38.2
Portal packet attribute list:
[ 1 UserName ] [ 13] [13913937552]
[ 2 PassWord ] [ 11] [***]
Portal raw packet:
02 03 01 00 e6 ac 00 00 0a 88 26 02 00 00 00 02
81 ed 2a b9 e0 7a 70 98 f8 bc 0d fd 95 db 59 57
01 0d 31 33 39 31 33 39 33 37 35 35 32 02 0b 2a
26 5e 25 24 23 40 21 7e
*Jun 15 14:24:34:624 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_REQAUTH: user index 5 IP 10.136.38.2 state DISCOVERED!
*Jun 15 14:24:34:624 2017 AC PORTAL/7/PORTAL_DEBUG: User: 5 IP: 10.136.38.2 state: DISCOVERED send AUTHREQ message to ACM!
*Jun 15 14:24:34:624 2017 AC PORTAL/7/PORTAL_DEBUG: State DISCOVERED change to WAIT_AUTHEN_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:625 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_AUTHEN: user index 5 IP 10.136.38.2 state WAIT_AUTHEN_ACK!
*Jun 15 14:24:34:625 2017 AC PORTAL/7/PORTAL_DEBUG: Send message 1 to WLAN return(1).
*Jun 15 14:24:34:627 2017 AC RDS/7/DEBUG: Recv MSG,[MsgType=Auth request Index = 5, ulParam3=3443344208]
*Jun 15 14:24:34:628 2017 AC RDS/7/DEBUG: Send attribute list:
*Jun 15 14:24:34:628 2017 AC RDS/7/DEBUG:
[1 User-name ] [13] [13913937552]
[4 NAS-IP-Address ] [6 ] [10.136.43.253]
[32 NAS-Identifier ] [4 ] [AC]
[5 NAS-Port ] [6 ] [16819177]
[87 NAS_Port_Id ] [18] [0100010000001001]
[61 NAS-Port-Type ] [6 ] [19]
*Jun 15 14:24:34:628 2017 AC RDS/7/DEBUG:
[6 Service-Type ] [6 ] [2]
[7 Framed-Protocol ] [6 ] [255]
[31 Caller-ID ] [19] [46302D44352D42462D38382D38412D3245]
[30 Called-station-Id ] [26] [80-F6-2E-BB-C8-60:GLJY-2]
[44 Acct-Session-Id ] [23] [117061514243406b66925]
[8 Framed-Address ] [6 ] [10.136.38.2]
*Jun 15 14:24:34:629 2017 AC RDS/7/DEBUG: NULL
*Jun 15 14:24:34:629 2017 AC RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 0 packet.
*Jun 15 14:24:34:629 2017 AC RDS/7/DEBUG: Malloc seed:8 in 10.255.254.253 for User ID:5
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG:
Event: Modify NAS-IP to 10.136.43.253.
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG: Send: IP=[10.255.254.253], UserIndex=[5], ID=[8], RetryTimes=[0], Code=[1], Length=[177]
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG: Send Raw Packet is:
*Jun 15 14:24:34:630 2017 AC RDS/7/DEBUG:
01 08 00 b1 44 59 03 1f 09 af a8 b1 b5 32 26 ac
f1 40 6f 78 01 0d 31 33 39 31 33 39 33 37 35 35
32 02 12 c1 18 3f 2a d4 4d 94 ce ff 7d 08 76 84
0a d9 f0 04 06 0a 88 2b fd 20 04 41 43 05 06 01
00 a3 e9 57 12 30 31 30 30 30 31 30 30 30 30 30
30 31 30 30 31 3d 06 00 00 00 13 06 06 00 00 00
02 07 06 00 00 00 ff 1f 13 46 30 2d 44 35 2d 42
46 2d 38 38 2d 38 41 2d 32 45 1e 1a 38 30 2d 46
36 2d 32 45 2d 42 42 2d 43 38 2d 36 30 3a 47 4c
4a 59 2d 32 2c 17 31 31 37 30 36 31 35 31 34 32
34 33 34 30 36 62 36 36 39 32 35 08 06 0a 88 26
02
*Jun 15 14:24:34:632 2017 AC RDS/7/DEBUG: Recv MSG,[MsgType=PKT response Index = 51, ulParam3=3443476080]
*Jun 15 14:24:34:632 2017 AC RDS/7/DEBUG: Receive Raw Packet is:
*Jun 15 14:24:34:633 2017 AC RDS/7/DEBUG:
02 08 00 33 c4 f9 5c d7 aa 20 f4 6d 8c c4 2e dd
c3 f3 d4 d6 01 0d 31 33 39 31 33 39 33 37 35 35
32 06 06 00 00 00 08 55 06 00 00 27 10 1b 06 00
02 a3 00
*Jun 15 14:24:34:633 2017 AC RDS/7/DEBUG: No pick-up Notify from Receive Raw Packet!
*Jun 15 14:24:34:633 2017 AC RDS/7/DEBUG: Event: Received the detect response from auth-server(IP:10.255.254.253).
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG: Free seed:8 in 10.255.254.253 for User ID:5
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG: Receive:IP=[10.255.254.253],Code=[2],Length=[51]
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG:
[1 User-name ] [13] [13913937552]
[6 Service-Type ] [6 ] [8]
[85 Acct_Interim_Interval ] [6 ] [10000]
[27 Session-TimeOut ] [6 ] [172800]
*Jun 15 14:24:34:634 2017 AC RDS/7/DEBUG:
Info: Receive Acct username:13913937552.
*Jun 15 14:24:34:636 2017 AC PORTAL/7/PORTAL_DEBUG: Processing AUTHEN-ACK user 5 IP 10.136.38.2 recv AUTH-ACCEPT from ACM!
*Jun 15 14:24:34:637 2017 AC PORTAL/7/PORTAL_DEBUG: State WAIT_AUTHEN_ACK change to WAIT_AUTHOR_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:637 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_AUTHOR: user index 5 IP 10.136.38.2 state WAIT_AUTHOR_ACK!
*Jun 15 14:24:34:637 2017 AC PORTAL/7/PORTAL_DEBUG: State WAIT_AUTHOR_ACK change to WAIT_ACL_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:638 2017 AC PORTAL/7/PORTAL_DEBUG: Server no authorization userprofile name
*Jun 15 14:24:34:638 2017 AC DPPORTAL/7/DP_PORTAL_DEBUG:
DRV_FUNC2:
IfName = Vlan-interface1001
SrcIP = 10.136.38.2
SrcMac = f0d5-bf88-8a2e
Vlan ID = 1001
AuthorACL = N/A
Operation = ADD
*Jun 15 14:24:34:638 2017 AC DPPORTAL/7/DP_PORTAL_DEBUG:
Added Permit ACL: Successfully!
RuleID = 0x0000000a
Sequence = 0x0000000a
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: Add ACL driver return:0
Inbound interface = all
Type = dynamic
Action = permit
Protocol = 0
Source:
IP = 10.136.38.2
Mask = 255.255.255.255
Port = any
MAC = f0d5-bf88-8a2e
Interface = any
VLAN = 1001
SSID =
Spot = N/A
Destination:
IP = 0.0.0.0
Mask = 0.0.0.0
Port = any
Context = 0x0000000a,0xffffffff
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: Processing AUTHOR-ACK user 5 IP 10.136.38.2 successfully!
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: State WAIT_AUTHOR_ACK change to WAIT_LOGIN_ACK,ID 5 IP 10.136.38.2
*Jun 15 14:24:34:639 2017 AC PORTAL/7/PORTAL_DEBUG: Start timer TMR_LOGIN: user index 5 IP 10.136.38.2 state WAIT_LOGIN_ACK!
*Jun 15 14:24:34:640 2017 AC PORTAL/7/PORTAL_DEBUG:
Portal send to 10.255.254.253 packet length:52
Portal packet head:
Type:4 SN:59052 ReqId:0 AttrNum:3 ErrCode:0 UserIP:10.136.38.2
Portal packet attribute list:
[ 10 BAS-IP ] [ 6] [10.136.43.253]
[ 11 Session-ID ] [ 8] [f0d5bf888a2e]
[ 38 DeviceStartTime ] [ 6] [1497535015]
Portal raw packet:
02 04 01 00 e6 ac 00 00 0a 88 26 02 00 00 00 03
79 32 55 7b 4e 1e 8a d5 c7 32 c5 7b 4f 06 8c 7e
0a 06 0a 88 2b fd 0b 08 f0 d5 bf 88 8a 2e 26 06
59 42 92 27
*Jun 15 14:24:34:642 2017 AC RDS/7/DEBUG: Recv MSG,[MsgType=Account request Index = 5, ulParam3=0]
*Jun 15 14:24:34:642 2017 AC RDS/7/DEBUG: Send attribute list:
*Jun 15 14:24:34:643 2017 AC RDS/7/DEBUG:
[1 User-name ] [13] [13913937552]
[32 NAS-Identifier ] [4 ] [AC]
[5 NAS-Port ] [6 ] [16819177]
[87 NAS_Port_Id ] [18] [0100010000001001]
[61 NAS-Port-Type ] [6 ] [19]
[31 Caller-ID ] [19] [46302D44352D42462D38382D38412D3245]
*Jun 15 14:24:34:643 2017 AC RDS/7/DEBUG:
[30 Called-station-Id ] [26] [80-F6-2E-BB-C8-60:GLJY-2]
[40 Acct-Status-Type ] [6 ] [1]
[45 Acct-Authentic ] [6 ] [1]
[44 Acct-Session-Id ] [23] [117061514243406b66925]
[8 Framed-Address ] [6 ] [10.136.38.2]
[4 NAS-IP-Address ] [6 ] [10.136.43.253]
*Jun 15 14:24:34:643 2017 AC RDS/7/DEBUG:
[55 Event-Timestamp ] [6 ] [1497536674]
*Jun 15 14:24:34:644 2017 AC RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 1 packet.
*Jun 15 14:24:34:644 2017 AC RDS/7/DEBUG: Malloc seed:9 in 10.255.254.253 for User ID:5
*Jun 15 14:24:34:644 2017 AC RDS/7/DEBUG:
Event: Modify NAS-IP to 10.136.43.253.
*Jun 15 14:24:34:645 2017 AC RDS/7/DEBUG: Send: IP=[10.255.254.253], UserIndex=[5], ID=[9], RetryTimes=[0], Code=[4], Length=[165]
*Jun 15 14:24:34:645 2017 AC RDS/7/DEBUG: Send Raw Packet is:
*Jun 15 14:24:34:645 2017 AC RDS/7/DEBUG:
04 09 00 a5 a6 77 3b bf 16 9b 5b 5a 18 fc d6 d8
d9 92 c7 45 01 0d 31 33 39 31 33 39 33 37 35 35
32 20 04 41 43 05 06 01 00 a3 e9 57 12 30 31 30
30 30 31 30 30 30 30 30 30 31 30 30 31 3d 06 00
00 00 13 1f 13 46 30 2d 44 35 2d 42 46 2d 38 38
2d 38 41 2d 32 45 1e 1a 38 30 2d 46 36 2d 32 45
2d 42 42 2d 43 38 2d 36 30 3a 47 4c 4a 59 2d 32
28 06 00 00 00 01 2d 06 00 00 00 01 2c 17 31 31
37 30 36 31 35 31 34 32 34 33 34 30 36 62 36 36
39 32 35 08 06 0a 88 26 02 04 06 0a 88 2b fd 37
06 59 42 98 a2
*Jun 15 14:24:34:647 2017 AC DPPORTAL/7/DP_PORTAL_DEBUG:
Info: Find the freerule result (0),Param:SrcIP 0afffefd,DstIP 0a882602,DstMac(f0d5-bf88-8a2e)
*Jun 15 14:24:34:647 2017 AC PORTAL/7/PORTAL_DEBUG:
Portal receive from 10.255.254.253 packet length:32
Portal check packet OK
Portal packet head:
Type:7 SN:59052 ReqId:0 AttrNum:0 ErrCode:0 UserIP:10.136.38.2
Portal packet attribute list:
NULL
Portal raw packet:
02 07 01 00 e6 ac 00 00 0a 88 26 02 00 00 00 00
61 34 f5 02 d9 69 ae 1f a4 80 24 55 4e 3e 3b 28
Event: Begin to switch RADIUS server when sending 1 packet.
*Jun 15 14:24:43:634 2017 AC RDS/7/DEBUG:
Event: No active RADIUS server is available for switching when sending packet (pkt-flag = 1).
*Jun 15 14:24:43:634 2017 AC RDS/7/DEBUG: Free seed:9 in 10.255.254.253 for User ID:5
*Jun 15 14:24:43:634 2017 AC RDS/7/DEBUG:
Error: Accounting server no response.(AAAID = 5, Req-ID = 0)
%Jun 15 14:24:43:666 2017 AC PORTAL/4/PORTAL_USER_LOGON_FAIL: -UserName=13913937552-IPAddr=10.136.38.2-IfName=Vlan-interface1001-VlanID=1001-MACAddr=F0:D5:BF:88:8A:2E-Reason=Rejected : 1; User failed to get online.(设备提示计费服务器无响应,用户上线失败)
至此,我们发现了终端无法上线的原因,和现场沟通后确认现场使用的radius服务器是不支持计费功能的。
由于现场的radius服务器不支持计费功能,而我们的设备上又配置了计费的命令,所以在认证时设备认为计费服务器没有响应导致终端上线失败。
让现场把计费配置为none即可解决该问题。
(accounting portal radius-scheme portal改为accounting portal none)
遇到现场radius服务器不支持计费功能时,我们需要把portal中的计费配置配为none。注意:不要把计费配置删除而应该配为none。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作