组网及说明
组网不涉及
问题描述
无线本地转发,对接IMC做portal认证,失败报错设备拒绝请求
过程分析
报错设备拒绝请求:
查看配置暂未看到错误:
#
radius scheme imc-portal
primary authentication X.X.X.X
primary accounting X.X.X.X
key authentication cipher $c$3$Fmonc4CpZOhS8EA7ppsY/8/g/l5SAM75vA==
key accounting cipher $c$3$ok7HK44VspPeH3pg1vxnX+lv9KobGsMG2Q==
user-name-format without-domain
nas-ip X.X.X.X
#
domain name imc-portal
authentication portal radius-scheme imc-portal
authorization portal radius-scheme imc-portal
accounting portal radius-scheme imc-portal
#
portal server imc-portal
ip X.X.X.X key cipher $c$3$/kEHNk7fb5Qe7cBVwqDzA61h+iolGGvhVA==
#
portal web-server imc-portal
url http://X.X.X.X:8080/portal/
wlan service-template avatr-guest
ssid AVATR-GUEST
client forwarding-location ap
portal enable method direct
portal domain imc-portal
portal bas-ip X.X.X.X
portal apply web-server imc-portal
service-template enable
和IMC对应地址配置查看是一致的,同时两端radius密码删除重配故障依旧
Debug portal packet和Debug radius packet提示在ack_auth这一步报错
AC1 PORTAL/7/PACKET: Portal sent 38 bytes of packet[Type=ack_auth(4), ErrCode=1, IP=X.X.X.X].
同时debug没有radius报文的信息,查看portal free-rule配置发现放通端口只有8080和8443:
portal free-rule 0 destination ip X.X.X.X 255.255.255.255 tcp 8080
portal free-rule 1 destination ip X.X.X.X 255.255.255.255 tcp 8443
测试删掉端口直接放通地址,报错依旧
因为debug是Debug portal packet和Debug radius packet,信息有限,建议现场再次测试,同时收集Debug portal all和Debug radius all,看看AC没发radius报文前的打印看有什么异常
重新收集后发现:
AC1 PORTAL/7/EVENT: Auth-SM[X.X.X.X]: Auth-sm created successfully.
AC1 PORTAL/7/ERROR: Failed to create the user because VSRP was down on the interface.
AC1 PORTAL/7/ERROR: User-SM[X.X.X.X]: Failed to create user when REQ_AUTH.
AC1 PORTAL/7/EVENT: Auth-SM[X.X.X.X]: Auth-sm was destroyed.
VSRP设备上配置:
wlan global-configuration
vsrp-instance inst
calibrate-channel self-decisive enable all
calibrate-power self-decisive enable all
解决方法
将vsrp-instance inst删除后可正常通过认证
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作