Print

某局点portal无感知认证经典案例

2020-04-13 发表

组网及说明


终端--75e--服务器

问题描述

接口下开启无感知认证后直接绕过认证,后台imc上面也没有用户在线信息,portalserver日志中没有接收到免认证信息。接口下关掉免认证后,portal认证正常

过程分析

测试终端mac30:65:EC:C4:C2:D2ac92-325c-ce79

开启debug信息后,没有打印出与这两个mac相关的radius报文:

*Dec 31 11:21:14:730 2019 ERAL-ORTAL/7/EVENT: -MDC=1-Slot=2; Notify daemon new mac trigger rule added.

*Dec 31 11:21:13:916 2019 ERAL-ORTAL/7/EVENT: -MDC=1; MAC-trigger: Received new MAC event, interface=Vlan-interface102, MAC=ac92-325c-ce79, IP=192.168.30.106, ifIndexL2=233, vlan=102.

*Dec 31 11:21:14:730 2019 ERAL-ORTAL/7/RULE: -MDC=1-Slot=2;

    MT_RULE:

    InterfaceL3      = Vlan-interface102

    InterfaceL2      = GigabitEthernet2/0/39

    VLAN             = 102

    SrcMAC           = ac92-325c-ce79

    SrcIP            = 192.168.30.106

*Dec 31 11:21:14:730 2019 ERAL-ORTAL/7/EVENT: -MDC=1-Slot=2; Notify portal daemon new mac trigger entry successfully.

*Dec 31 11:21:13:917 2019 ERAL-ORTAL/7/ERROR: -MDC=1;

 The rule is created while setting user rule, set drv flag:0.

*Dec 31 11:21:13:917 2019 ERAL-ORTAL/7/RULE: -MDC=1;

查看设备日志:

*Dec 31 11:17:35:881 2019 ERAL-ORTAL/7/EVENT: -MDC=1; MAC-trigger: User's traffic has not reached the free-auth traffic upper threshold. User MAC=b0e5-ed94-2b12, user traffic=1342, threshold=1024000.


解决方法

查看设备上配置了免认证阈值的功能:

free-traffic threshold命令用来配置用户免认证流量的阈值。

设备开启了基于MAC地址的快速认证功能时,用户在上线后都拥有一定的免认证流量。设备会在MAC-Trigger表项老化之前实时检测Portal用户收发的流量。当用户收发的流量还未达到设定的阈值时,允许用户访问外部网络资源;当用户收发的流量达到设定的阈值时,则触发基于MAC地址的快速认证。

 

 

将配置取消后,问题解决。