No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 User Fails Web Authentication Because the Source IP Address of the Packets Sent from the ME60 to the RADIUS Server Is Incorrect

Publication Date:  2012-07-27 Views:  40 Downloads:  0
Issue Description
Networking: user---ME60---firewall---backbone network---RADIUS server
After the Web authentication service is configured on the ME60, the Web page can be displayed at the user side. After the user enters the user name and password, the system prompts that the network connection times out. 
 
Alarm Information
Null
Handling Process
1. Run the debug web all command in hidden mode. The command output shows that the ME60 receives the authentication request packet sent by the Web server. Detailed information about the packet is as follows:
*1.1043036687 ME60 WEB/7/DEBUG:
packet received from socket( len = 65 Vrf = 0):
ver : 2
type : auth req
Method : pap
SerialNo: 1274
ReqID : 0
UserIP : x.x.x.243
ErrCode : 0
AttrNum : 2
*1.1043036688 ME60 WEB/7/DEBUG:
02 03 01 00 04 fa 00 00 76 76 a6 f3 00 00 00 02
de d8 19 a2 69 9e 6a 90 f9 ec bd f5 b6 5b 29 6f
02 08 31 31 31 31 31 31 01 19 64 78 31 74 40 77
6c 61 6e 2e 73 63 2e 63 68 6e 74 65 6c 2e 63 6f 6d
*1.1043036688 ME60 WEB/7/DEBUG:
[Web-Err]Fail to process packet for portal server x.x.x.216 not config
2. According to Web-Err, it is inferred that no Web server is configured on the ME60. Configure Web server X.X.X.216. Then, carry out the test again. The problem persists. Continue to trace the packet by using the debug command. The command output shows the following information:
*1.1043515286 ME60 WEB/7/DEBUG:
packet received from socket( len = 65 Vrf = 0):
ver : 2
type : auth req
Method : pap
SerialNo: 1280
ReqID : 0
UserIP : x.x.x.243
ErrCode : 0
AttrNum : 2
*1.1043515286 ME60 WEB/7/DEBUG:
02 03 01 00 05 00 00 00 76 76 a6 f3 00 00 00 02
d2 9f db 59 67 f1 9d 1c 68 5f ec 78 69 5a a6 22
02 08 31 31 31 31 31 31 01 19 64 78 31 74 40 77
6c 61 6e 2e 73 63 2e 63 68 6e 74 65 6c 2e 63 6f 6d
*1.1043515286 ME60 WEB/7/DEBUG:
[Web-Evt] Receive authen req packet from portal server successfully (ip: 0x7676a6f3, sn:1280)
*1.1043515286 ME60 WEB/7/DEBUG:
[Web-Msg] Send auth-req msg:
*1.1043515286 ME60 WEB/7/DEBUG:
[Web-Msg] CID : 138959
*1.1043515286 ME60 WEB/7/DEBUG:
[Web-Msg] ReqID : 0
*1.1043515287 ME60 WEB/7/DEBUG:
[Web-Msg] ucAuthType : 0
*1.1043515287 ME60 WEB/7/DEBUG:
[Web-Msg] szUserName : dx1t@wlan.xx.chntel.com
*1.1043515287 ME60 WEB/7/DEBUG:
[Web-Msg] ucChapId : 255
*1.1043515287 ME60 WEB/7/DEBUG:
[Web-Msg] ulWEBIP : 1032535512
*1.1043515287 ME60 WEB/7/DEBUG:
[Web-Msg] ucVersion : 2
*1.1043515287 ME60 WEB/7/DEBUG:
[Web-Evt]send authen request message to cm successfully(cid:138959 ReqID:0)
*1.1043515384 ME60 WEB/7/DEBUG:
[Web-Msg] Recv auth-ack msg:
*1.1043515384 ME60 WEB/7/DEBUG:
[Web-Msg] CID : 138959
*1.1043515384 ME60 WEB/7/DEBUG:
[Web-Msg] ReqID : 0
*1.1043515384 ME60 WEB/7/DEBUG:
[Web-Msg] ucResult : 0
*1.1043515384 ME60 WEB/7/DEBUG:
[Web-Msg] ucIfReAllocIP : 0
*1.1043515385 ME60 WEB/7/DEBUG:
[Web-Msg] ucIfPnP : 0
*1.1043515385 ME60 WEB/7/DEBUG:
[Web-Msg] ucErrorCode : 0
*1.1043515385 ME60 WEB/7/DEBUG:
[Web-Msg] szReplyMessage: Authentication success,Welcome!
*1.1043515385 ME60 WEB/7/DEBUG:
[Web-Evt] Receive authen ack message from cm successfully(cid:138959 ReqID:0)
*1.1043515385 ME60 WEB/7/DEBUG:
[Web-Evt] Send authen ack packet to portal server successfully
*1.1043515385 ME60 WEB/7/DEBUG:
packet sent to socket( len = 32 Vrf = 0):
ver : 2
type : auth ack
Method : pap
SerialNo: 1280
ReqID : 0
UserIP : x.x.x.243
ErrCode : 0
AttrNum : 0
*1.1043515385 ME60 WEB/7/DEBUG:
02 04 01 00 05 00 00 00 76 76 a6 f3 00 00 00 00
64 16 d9 a8 91 f7 29 22 63 19 37 c5 c7 4d f1 b1
*1.1043545315 ME60 WEB/7/DEBUG:
[Web-Err] Exception timer timeout:(Statue:0x4,reqid:0)
*1.1043545315 ME60 WEB/7/DEBUG:
[Web-Evt] Send logout ntf packet to portal server successfully
*1.1043545315 ME60 WEB/7/DEBUG:
packet sent to socket( len = 32 Vrf = 0):
ver : 2
type : logout ntf
Method : pap
SerialNo: 0
ReqID : 0
UserIP : x.x.x.243
ErrCode : 0
AttrNum : 0
*1.1043545315 ME60 WEB/7/DEBUG:
02 08 01 00 00 00 00 00 76 76 a6 f3 00 00 00 00
7b ec ab c0 c7 5d a8 66 00 e0 51 6b fa 64 66 ad
3. The preceding information shows that the ME60 sends an ACK packet indicating successful authentication to the Web server but receives no response. As a result, the system prompts "[Web-Err] Exception timer timeout:(Statue:0x4,reqid:0)."
4. Check whether the ACK packet is filtered out by the firewall. It is found that the configuration of the firewall is correct. Use the debug command on the firewall. The command output shows that the source IP address of the packets sent by the ME60 is the IP address of the upstream interface on the ME60. The Web server, however, can receive only packets with the IP address of the loopback interface on the ME60.
5. On the ME60, run the Web-auth-server source interface LoopBack0 command in the system view to change the source IP address of the packets to be sent by the ME60 to the RADIUS server. Then, the fault is rectified. 
 
Root Cause
1. Configurations such as the address of the Web server are incorrect.
2. Packets are filtered out by the firewall.
3. The configuration of the Web server is incorrect. 
 
Suggestions
Null

END