Case Study: STA Portal Authentication Fails Because the Port Number for Listening to Portal Packets Is Incorrectly Configured on the AC

Symptom

External Portal authentication is configured on the AC. The Portal authentication page is displayed on the terminal. However, after the account and password are submitted, the authentication fails.

Relevant Alarms and Logs

None

Cause Analysis

The number of the port that listens to Portal packets configured on the AC is different from that configured on the server.

Procedure

1. Reproduce the fault and use the trace and debugging functions to check the authentication packet exchange process.

   [AC] trace object mac-address sta-mac
   [AC] trace enable
   [AC] quit
   <AC> debug web all
   <AC> debug portal all

   The command output shows that there is no Portal packet exchange process.

2. Check the Portal authentication configuration on the AC and packet transmission on the server.
   1. Check the Portal authentication configuration on the AC.

      <AC> display web-auth-server configuration
      Listening port           : 3000
      Portal                   : version 1, version 2
      Include reply message    : enabled
      ......

   2. Use the packet obtaining tool to obtain mirrored packets on the interface connecting the AC to the Portal server.

   3. The comparison result shows that the listening port (3000) of Portal protocol packets configured on the AC is different from the port (2000) of the Portal server. As a result, Portal packets fail to be exchanged.

3. Run the undo web-auth-server listening-port command in the AC system view to restore the default port number 2000 for Portal protocol packets. The fault is rectified.

Suggestion and Summary

You can run the web-auth-server listening-port command to configure the number of the port through which the device listens to Portal protocol packets. The port number must be the same as the destination port number in Portal packets sent by the Portal server and must be unique.