Print

某局点portal认证失败

2020-02-06发表

组网及说明


问题描述

portal认证,能弹出重定向页面,输入用户名密码后认证失败


过程分析

收集认证过程的debug:

*Jan 19 16:16:57:263 2020 AC PORTAL/7/REDIRECT-EVENT: Get the original URL(http://www.qq.com/q.cgi).

*Jan 19 16:16:57:263 2020 AC PORTAL/7/REDIRECT-EVENT: The user ip is 172.21.16.4,user-agent is Mozilla/4.0(compatible;MSIE8.0;WindowsNT6.1;Trident/4.0)

*Jan 19 16:16:57:263 2020 AC PORTAL/7/REDIRECT-EVENT: The user ip is 172.21.16.4; the redirect url is http://222.193.95.42/eportal/index.jsp?wlanuserip=172.21.16.4

*Jan 19 16:16:57:263 2020 AC PORTAL/7/HTTP_REDIRECT-EVENT: Process the redirect packet(flag:0x18) successfully and reply. //重定向成功

*Jan 19 16:16:59:342 2020 AC PORTAL/7/PACKET:

Portal received 55 bytes of packet: Type=req_auth(3), ErrCode=0, IP=172.21.16.4 //服务器向接入设备发起认证请求,携带用户的认证信息

*Jan 19 16:16:59:342 2020 AC PORTAL/7/ERROR: Failed to obtain user physical information when create user.UserIP=172.21.16.4

*Jan 19 16:16:59:342 2020 AC PORTAL/7/ERROR: Portal is disabled on the interface.

*Jan 19 16:16:59:343 2020 AC PORTAL/7/ERROR: User mac is invalid.

*Jan 19 16:16:59:343 2020 AC PORTAL/7/ERROR: Failed to get get ssid by user mac,UserMac is Zero.

*Jan 19 16:16:59:343 2020 AC PORTAL/7/PACKET:   //设备arp表项里没有查到终端信息,终端合法性检查不通过

Portal sent 23 bytes of packet: Type=ack_auth(4), ErrCode=1, IP=172.21.16.4 //接入设备向返回认证结果,失败

*Jan 19 16:16:59:343 2020 AC PORTAL/7/PACKET:


解决方法

增加portal host-check enable配置,开启无线Portal客户端合法性检查功能

原因:

portal认证时需要携带用户的mac地址,如果AC上没有业务vlan的三层地址,就不能通过arp读取用户mac,需要配置portal host-check enable命令,从client表项中读取的用户mac。