组网及说明
核心旁挂认证服务器,下联protal认证终端
告警信息
配置完protal认证后终端无法弹出认证界面
问题描述
配置完protal认证后终端无法弹出认证界面
过程分析
查看portal服务器状态正常
<1>dis portal server
Portal server: imc
Type : IMC
IP : 172.100.X.X
VPN instance : Not configured
Port : 50100
Server detection : Not configured
User synchronization : Not configured
Status : Up
debug portal查看有如下报错
*Jan 9 23:31:33:219 2025 1 PORTAL/7/RULE: -Chassis=2-Slot=1;
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
L3 Interface = Vlan224, L2 Interface = BAGG9, VLAN = 224, SrcMac = 82b1-7406-XXXX,
SrcIP = 10.225.X.X, DstIP = 10.225.X.X
*Jan 9 23:31:39:206 2025 1 PORTAL/7/ERROR: -Chassis=2-Slot=1; Failed to get the host name for free rule.
查看配置发现现场只放通了到portal服务器的地址,需要再放通DNS端口
portal free-rule 1 source ip any destination ip 172.100.X.X 255.255.255.255
添加如下命令测试正常
portal free-rule 1 destination ip any udp 53
portal free-rule 2 destination ip any tcp 53 //放通DNS查询UDP OR TCP 53端口
portal free-rule 3 destination ip any tcp 5223 //ios iphone特殊情况查询DNS方式
解决方法
添加如下命令测试正常
portal free-rule 1 destination ip any udp 53
portal free-rule 2 destination ip any tcp 53 //放通DNS查询UDP OR TCP 53端口
portal free-rule 3 destination ip any tcp 5223 //ios iphone特殊情况查询DNS方式