Troubleshooting: Failures in External Portal Authentication Using the Portal Protocol

WLAN Troubleshooting Guide

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Portal Authentication Process Using the Portal Protocol
Key Configuration Check
- VAP Profile Configuration
- Authentication Mode Configuration
Common Failures in External Portal Authentication Using the Portal Protocol
Collecting Information
Portal Authentication Trace Information

Portal Authentication Process Using the Portal Protocol

Click to enlarge

In this process, pay attention to the following points:

WLAN services are implemented on APs instead of on ACs.
Although the Portal server and RADIUS server are the same server in most cases, they are two different NEs logically and functionally.

Key Configuration Check

VAP Profile Configuration

Find the corresponding VAP profile based on the SSID, and check the configurations of the VAP profile, including the configuration of the authentication profile.

Run the display vap-profile all command to check all VAP profiles and find the corresponding VAP profile based on the SSID.

[Huawei] display vap-profile all
FMode   : Forward mode
STA U/D : Rate limit client up/down
VAP U/D : Rate limit VAP up/down
BR2G/5G : Beacon 2.4G/5G rate
---------------------------------------------------------------
Name         FMode    Type     VLAN       AuthType     STA U/D(Kbps)  VAP U/D(Kbps)  BR2G/5G(Mbps)  Reference  SSID
---------------------------------------------------------------
default      direct   service  VLAN 1    Open         -/-            -/-               1/6              0           HUAWEI-WLAN
vap_portal  tunnel    service  VLAN 200 Open+Portal -/-            -/-               1/6              3           portal_test
---------------------------------------------------------------
Total: 2

It is not recommended that the same SSID be bound to multiple VAP profiles because exceptions (such as access failures) will occur when multiple VAP profiles with the same SSID are bound to the same AP.

Check the configuration of the VAP profile, and find the authentication profile bound to the VAP profile.

[Huawei] wlan
[Huawei-wlan-view] vap-profile name vap_portal
[Huawei-wlan-vap-prof-vap_portal]display this
#
 forward-mode tunnel
 service-vlan vlan-id 200
 ssid-profile localportal
 authentication-profile authen_portal
#

Check the configuration of the authentication profile. It must have a Portal access profile bound.

[Huawei] authentication-profile name authen_portal
[Huawei-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test
#

Check the configuration of the Portal access profile. It must have a Portal server template bound.

[Huawei] portal-access-profile name access_portal
[Huawei-portal-access-profile-access_portal] display this
#
portal-access-profile name access_portal
 web-auth-server portal_test direct
#

Check the configuration of the Portal server template. The server IP address and URL must be configured.

The URL can be configured using two methods: 1. directly configured on the Portal server; 2. configured in a URL template referenced in the Portal server template. If the Portal server requires specific URL parameters, you can only use method 2 to configure them in the URL template.

Method 1: Configure a URL on the Portal server.

[Huawei] web-auth-server portal_test
[Huawei-web-auth-server-portal_test] display this
#
web-auth-server server_portal
 server-ip 12.12.12.1
 port 50100
 url http://12.12.12.1:8080/portal
 protocol http
#

Method 2: Configure a URL template on the Portal server.

[Huawei] web-auth-server portal_test
[Huawei-web-auth-server-portal_test] display this
#
web-auth-server server_portal
 server-ip 12.12.12.1
 port 50100
 url-template url_test
 protocol http
#

Check the configuration in the URL template. The URL and required parameters need to be configured.

[Huawei]url-template name url_test
[Huawei-url-template-url_test] display this
#
url-template name url_test
 url http://12.12.12.1:8080/portal
 url-parameter device-ip ac-ip user-ipaddress userip ssid ssid
#

Authentication Mode Configuration

External Portal authentication supports local, RADIUS, LDAP, and AD authentication modes. RADIUS authentication is applied in most scenarios, and is used for an example in this document.

The authentication mode is specified in an authentication scheme. An authentication scheme can be applied using either of the following two methods: Method 1: Apply it to an authentication profile directly. Method 2: Apply it to a domain, which is then bound to the authentication profile. The first method has a higher priority than the second method. If both methods are configured, the first method takes effect, and the default or forcible domain configured in the authentication profile using the second method does not take effect.

Method 1: Apply an authentication scheme to an authentication profile.

When applying an authentication scheme to an authentication profile, you must also apply a RADIUS server template. If accounting is required, apply an accounting scheme.

[Huawei] authentication-profile name authen_portal
[Huawei-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 authentication-scheme radius
 accounting-scheme radius
 radius-server radius_test
#

Method 2: Apply an authentication scheme to a domain.
When applying an authentication scheme to a domain, you must also apply a RADIUS server template. If accounting is required, apply an accounting scheme to the domain.
```
[Huawei] aaa
[Huawei-aaa] domain domain_test
[Huawei-aaa-domain-domain_test] display this
#
 domain domain_test
  authentication-scheme radius
  accounting-scheme radius
  radius-server radius_test
#
```
Then configure the default domain or forcible domain in the authentication profile. It is recommended that you configure a default domain without specifying the access type in the authentication profile.
```
[Huawei] authentication-profile name authen_portal
[Huawei-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test
#
```
The authentication domain for a terminal is selected in descending order of priority: forcible domain for a specified access type > forcible domain with no access type specified > valid domain carried in the user name > default domain for a specified access type > default domain with no access type specified > global default domain. The following are configuration examples of different domains:
- Forcible domain for a specified access type:
```
[Huawei-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test portal force
```
- Forcible domain with no access type specified:
```
[Huawei-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test force
```
- Valid domain carried in the user name: The user name used for authentication contains the domain name in @ format, and the domain has been created on the device.
- Default domain for a specified access type:
```
[Huawei-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test portal
```
- Default domain with no access type specified:
```
[Huawei-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test
```
- Global default domain: It is specified by the domain xxx command in the system view.

Common Failures in External Portal Authentication Using the Portal Protocol

An Authentication Failure Is Displayed on the Portal Authentication Page

The Device Does Not Receive Authentication Request Packets from the Portal Server

Use the service diagnosis function to trace the online authentication process of the STA. It is found that no challenge or authentication request is received.

[Huawei] trace object ip-address 200.1.1.64
[Huawei] trace enable

Collect debugging information. The same symptom occurs.

<Huawei> debugging web all
<Huawei> terminal debugging
<Huawei> terminal monitor
<Huawei> debugging timeout 0

When the device receives a Portal challenge request or authentication request, the following trace information is displayed:

[BTRACE][2019/01/05 15:23:50][9216][WEB_FC][12.12.12.197]:Receive challenge request packet from portal server.
[BTRACE][2019/01/05 15:23:50][9216][WEB_FC][12.12.12.197]:Receive authentication request packet from portal srever.

If the device does not receive any Portal challenge request or authentication request, perform the following steps:

Check whether the listening port of the device is changed. The default port number is 2000.

[Huawei] display web-auth-server configuration
 Listening port           : 2000
 Portal                     : version 1, version 2
 Include reply message   : enabled
 Source-IP                  : -

Query the process accessed by the STA based on the STA's MAC address, and then query the number of Portal packets in this process to check whether the count of Portal challenge request packets, authentication request packets, or error packets increases.

Query the process accessed by the STA based on the STA's MAC address.

[Huawei] diagnose
[Huawei-diagnose] display access-user | include 5cd9-98bc-034c
process  7:
--------------------------------------------------------------
UserID  Username       IP address    MAC                Status
--------------------------------------------------------------
16588   5cd998bc034c   200.1.1.64   5cd9-98bc-034c   Pre-authen
--------------------------------------------------------------
Total: 1, printed: 1

Query the number of Portal packets in this process.

[Huawei-diagnose] display web statistics packet process 7
process  7:
  Packet error Totol     :0
  Challenge req error    :0
  Auth req error         :0
  Recv auth req          :0
  Recv Challenge req     :0

If the count of challenge request packets, authentication request packets, and error packets is 0, the device does not receive packets from the Portal server.

Based on the preceding packet count statistics, you can determine whether the device has received packets from the Portal server. For further confirmation, you can obtain packets on the outbound interface connected to the Portal server.

The possible causes are as follows:

The Portal server cannot find the device. After a STA accesses the Portal server page and the user name and password are entered, the Portal server cannot identify the device from which the STA accesses the network based on the STA's IP address.
The possible causes for this are as follows:
- The IP address of the device is not added to the Portal server.
  Check whether the IP address of the device is added to the Portal server.
- When a STA accesses the authentication page of the Portal server, the Portal server needs to carry the IP address of the STA or device.
  In this case, configure URL parameters in the URL template as follows:
```
[Huawei] url-template name url_test
[Huawei-url-template-url_test] url-parameter device-ip ac-ip user-ipaddress userip
```
  The parameter ac-ip or user-ipaddress must be configured based on the requirements of the Portal server. For example, some Portal servers require that device-ip be set to wlanacip, and user-ipaddress be set to wlanuserip.
  
  By default, the value of device-ip carried by the device is the CAPWAP source IP address. If the IP address of the device added to the Portal server is not the CAPWAP source IP address, change the value of device-ip to an available IP address of the device as follows:
```
[Huawei] url-template name url_test
[Huawei-url-template-url_test] url-parameter set device-ip x.x.x.x
```
An exception occurs on the intermediate network. For example, the firewall shuts down the Portal port (2000 by default), or the route configuration is incorrect.
The destination port number sent by the Portal server is incorrect. By default, the destination port number of Portal packets is 2000, which is changed on the Portal server.

The Shared Key Configured in the Portal Server Template on the Device Is Different from That on the Portal Server

Use the service diagnosis function to trace the online authentication process of the STA. The Portal packet version is 2 and the message "The shared-key configured on the device must be the same as the one configured on the portal server." is displayed. It can be confirmed that the shared key configured in the Portal server template on the device is different from that configured on the server.

[Huawei] trace object ip-address 200.1.1.64
[Huawei] trace enable
[BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : challenge request
Method          : chap
SerialNo        : 245
RequestID       : 0
UserIP          : 200.1.1.64
ErrorCode       : 0
AttributeNumber : 0
[BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully.
02 01 00 00 00 f5 00 00 c8 01 01 40 00 00 00 00
77 95 11 3a d4 82 10 86 51 ba 11 4e bb 30 a9 c6
[BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0
[BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:The shared-key configured on the device must be the same as the one configured on the portal server.

Configure the same shared key on the Portal server template and Portal server.

The Portal Version Supported by the Device Is Incompatible with the Server

Use the service diagnosis function to trace the online authentication process of the STA. The Portal packet version is 1 and the message "The shared-key configured on the device must be the same as the one configured on the portal server." is displayed. After the fault described in The Shared Key Configured in the Portal Server Template on the Device Is Different from That on the Portal Server is excluded, it can be determined that the device supports only the Portal protocol version v2, but the Portal server uses the Portal v1 to send Portal packets.

[Huawei] trace object ip-address 200.1.1.64
[Huawei] trace enable
[BTRACE][2020/11/26 10:13:07][7168][WEB][200.1.1.64]:Received packet from socket (length = 16 Vrf = 0):
Version         : 1
Type            : challenge request
Method          : chap
SerialNo        : 269
RequestID       : 0
UserIP          : 200.1.1.64
ErrorCode       : 0
AttributeNumber : 0
[BTRACE][2020/11/26 10:13:07][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully.
01 01 00 00 01 0d 00 00 c8 01 01 40 00 00 00 00
[BTRACE][2020/11/26 10:13:07][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0
[BTRACE][2020/11/26 10:13:07][7168][WEB][200.1.1.64]:The shared-key configured on the device must be the same as the one configured on the portal server.

Perform either of the following operations to rectify this fault:

Set the Portal protocol version supported by the device to v2 and v1.

[Huawei] web-auth-server version v2 v1

Restore the default Portal protocol version configuration (v2 and v1) of the device.

[Huawei] undo web-auth-server version

The server-ip Configured in the Portal Server Template Is Different From the Source IP Address of Portal Packets Received by the Device

Use the service diagnosis function to trace the online authentication process of the STA. The message "Failed to process packet for portal server,because server IP does not config.(serverIP=x.x.x.x)" is displayed, indicating that the source IP address of Portal packets received by the device is not in the server-ip list configured on the device.

[Huawei] trace object ip-address 200.1.1.64
[Huawei] trace enable
[BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : challenge request
Method          : chap
SerialNo        : 313
RequestID       : 0
UserIP          : 200.1.1.64
ErrorCode       : 0
AttributeNumber : 0
[BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully.
02 01 00 00 01 39 00 00 c8 01 01 40 00 00 00 00
3a 00 8f c3 a3 db 1c 26 7c 29 4a f3 aa 59 27 1a
[BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0
[BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:Failed to process packet for portal server,because server IP does not config.(serverIP=12.12.12.1)

Check whether the actual IP address of the Portal server is the same as the source IP address of the received packets. If so, the server IP address specified on the device is incorrect. In this case, modify the server IP address in the Portal server template on the device.

If the actual IP address of the Portal server is different from the source IP address of the received packets, NAT may be deployed between the Portal server and the device, leading to a change of the source IP address of Portal packets. It is recommended that the NAT configuration between the device and Portal server be deleted. If the NAT configuration cannot be deleted, modify the server-ip configuration in the Portal server template on the device.

The Source IP Address of the Portal Packets Sent by the Device Is Different from the Device IP Address Added to the Portal Server

Use the service diagnosis function to trace the online authentication process of the STA. It is found that the device sends a challenge response packet after receiving a challenge request packet from the Portal server, but receives a challenge request packet from the Portal server again several seconds later.

[Huawei] trace object ip-address 200.1.1.64
[Huawei] trace enable
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : challenge request
Method          : chap
SerialNo        : 330
RequestID       : 0
UserIP          : 200.1.1.64
ErrorCode       : 0
AttributeNumber : 0
[BTRACE][2020/11/26 15:23:19][9216][WEB_FC][200.1.1.64]:Receive challenge request packet from portal server.
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully.
02 01 00 00 01 4a 00 00 c8 01 01 40 00 00 00 00
db 7c c2 38 22 83 63 21 5e 7a b5 24 dd ea 9f e1
[BTRACE][2020/11/26 15:23:19][9216][WEB_FC][200.1.1.64]:Send packet to NodeID(7168).(UserIP=3355509056)
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server.
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server successfully.
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server.[ReqID=31]
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Send packet to socket (length = 50 Vrf = 0):
Version         : 2
Type            : challenge ack
Method          : chap
SerialNo        : 330
RequestID       : 2079
UserIP          : 200.1.1.64
ErrorCode       : 0
AttributeNumber : 1
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:WEB send packet to portal server successfully.
02 02 00 00 01 4a 08 1f c8 01 01 40 00 00 00 01
73 80 d8 6b 16 f3 21 f3 1a 6c 5c 12 6c b1 60 1b
03 12 17 ec f7 d2 f9 03 01 a9 bb b3 4f 74 b3 9c
36 00
[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Send challenge ack packet to portal server.(Result:WEB_CHALLENGEACK_SUCCESS)
[BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : challenge request
Method          : chap
SerialNo        : 330
RequestID       : 0
UserIP          : 200.1.1.64
ErrorCode       : 0
AttributeNumber : 0
[BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:WEB_FC receive packet from portal server successfully.
02 01 00 00 01 4a 00 00 c8 01 01 40 00 00 00 00
db 7c c2 38 22 83 63 21 5e 7a b5 24 dd ea 9f e1
[BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:Receive challenge request packet from portal server.
[BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:Send packet to NodeID(7168).(UserIP=3355509056)
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : challenge request
Method          : chap
SerialNo        : 330
RequestID       : 0
UserIP          : 200.1.1.64
ErrorCode       : 0
AttributeNumber : 0
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully.
02 01 00 00 01 4a 00 00 c8 01 01 40 00 00 00 00
db 7c c2 38 22 83 63 21 5e 7a b5 24 dd ea 9f e1
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server.
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server successfully.
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:User is in process.
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Send challenge ack packet to portal server successfully.
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Send packet to socket (length = 32 Vrf = 0):
Version         : 2
Type            : challenge ack
Method          : chap
SerialNo        : 330
RequestID       : 0
UserIP          : 200.1.1.64
ErrorCode       : 3
AttributeNumber : 0
[BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:WEB send packet to portal server successfully.
02 02 00 00 01 4a 00 00 c8 01 01 40 00 00 03 00
a2 39 fd 9a 09 a6 4e 73 80 e3 6f d3 ca 65 9d d8

The common cause for this problem is that the Portal server does not process the challenge response packet sent by the device. Ensure that the source IP address of Portal packets sent by the device is the same as the device IP address added to the Portal server.

You can run the corresponding command to configure the source IP address of Portal packets sent by the device. If the source IP address is not configured, the IP address of the outbound interface in the route is used. If the device IP address added to the Portal server is the same as the IP address of the outbound interface in the route, you do not need to configure the source IP address for communicating with the Portal server on the device. If they are not the same, run the corresponding command to configure the source IP address.

If the source IP address for communicating with the Portal server is not configured on the device, the IP address of the outbound interface in the route is used. Search the routing table for the outbound interface based on the IP address of the Portal server, and then determine the IP address based on the outbound interface.

[Huawei] display ip routing-table 12.12.12.1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask   Proto   Pre  Cost  Flags NextHop    Interface
12.12.12.0/24   Direct  0    0      D   12.12.12.76  Vlanif12
[Huawei] interface Vlanif 12
[Huawei-Vlanif12] display this
#
interface Vlanif12
 ip address 12.12.12.76 255.255.255.0
#

The source IP address for the device to communicate with the Portal server can be configured globally or in a Portal server template. The source IP address configured in a Portal server template takes precedence over that configured globally.
If wireless configuration synchronization is enabled in a VRRP HSB scenario, you can configure the source IP address for communicating with the Portal server only in the system view. In a single-device scenario, you are advised to configure the source IP address in the Portal server template.
1. Query the source IP address configured on the device for communicating with the Portal server.
```
[Huawei] display web-auth-server configuration
 Listening port           : 2000
 Portal                   : version 1, version 2
 Include reply message    : enabled
 Source-IP                : -
[Huawei] display web-auth-server configuration
 Listening port           : 2000
 Portal                   : version 1, version 2
 Include reply message    : enabled
 Source-IP                : 100.1.1.1
```
  If Source-IP displays -, no source IP address is configured globally. If a specific IP address is displayed, the source IP address is configured globally.
1. Check whether the source IP address for communicating with the Portal server is configured in the Portal server template.
```
[Huawei] web-auth-server server_portal
[Huawei-web-auth-server-server_portal] display this
#
web-auth-server server_portal
 server-ip 12.12.12.1
 port 50100
 shared-key cipher xxxxxx
 url-template url_portal
 source-ip 100.1.1.1
#
```
  If source-ip x.x.x.x does not exist in the Portal server template, no source IP address is configured in the Portal server template.

NAT Is Deployed Between the STA and the Portal Server

Use the service diagnosis function (based on the STA's IP address) to trace the online authentication process of the STA, but no information is displayed. Run the debugging web all command. The command output shows that the device has received a request packet from the Portal server, but the IP address of the packet is not the actual IP address of the STA.

Nov 27 2020 15:22:48.840.1+08:00 AC6605_8_76 WEB/7/DEBUG:Slot=0,Vcpu=6;
Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : challenge request
Method          : chap
SerialNo        : 639
RequestID       : 0
UserIP          : 12.12.12.76
ErrorCode       : 0
AttributeNumber : 0
[AC6605_8_76]
Nov 27 2020 15:22:48.840.2+08:00 AC6605_8_76 WEB/7/DEBUG:Slot=0,Vcpu=6;
02 01 00 00 02 7f 00 00 0c 0c 0c 4c 00 00 00 00
b4 1c 01 21 e0 10 db 11 d7 5b 98 cf 0d d2 3f 3a
[Huawei] display access-user
-----------------------------------------------------------------
UserID  Username         IP address     MAC                Status
----------------------------------------------------------------- 
16608   5cd998bc034c    200.1.1.64    5cd9-98bc-034c   Pre-authen
-----------------------------------------------------------------
Total: 1, printed: 1

The cause for this problem is the NAT configuration between the STA and device. The source IP address of the HTTP request packet sent from the STA to the device is the NAT-translated IP address. The device cannot find STA information based on the IP address. As a result, the authentication fails. In this case, the STA's IP address parameter needs to be carried in the URL template.

[Huawei] url-templat  name url_portal
[Huawei-url-template-url_portal] url-parameter user-ipaddress userip

The RADIUS Server Returns an Access-Reject Packet

Run the display aaa online-fail-record mac-address H-H-H command to check the STA's online failure records. The User online fail reason field displays Radius authentication reject.

[Huawei] display aaa online-fail-record mac-address 64e5-99f3-18f6
----------------------------------------------------------------
User name               : test
Domain name             : domain_test
User MAC                : 64e5-99f3-18f6
User access type        : 802.1x
User access interface   : Wlan-Dbss17496
Qinq vlan/User vlan     : 0/200
User IP address         : -
User IPV6 address       : -
User ID                 : 32846
User login time         : 2020/10/19 14:53:22
User online fail reason : Radius authentication reject
Authen reply message    : ErrorReason is Incorrect user na...
User name to server     : test
AP ID                   : 0
Radio ID                : 0
AP MAC                  : 18de-d777-c120
SSID                    : dot1x_test
----------------------------------------------------------------

Based on the service diagnosis function, trace the authentication process of the STA. It is found that the RADIUS server responds with an Access-Reject packet.

[Huawei] trace object mac-address 64e5-99f3-18f6
[Huawei] trace enable
[BTRACE][2020/10/19 14:53:23][6144][RADIUS][64e5-99f3-18f6]:
Received a authentication reject packet from radius server(server ip = 10.10.10.1).
[BTRACE][2020/10/19 14:53:23][6144][RADIUS][64e5-99f3-18f6]:
Server Template: 4
Server IP   : 10.10.10.1
Server Port : 1812
Protocol: Standard
Code    : 3
Len     : 176
ID      : 80
[EAP-Message                        ] [6 ] [04 22 00 04 ]
[State                              ] [16] [\001u?\237\372O]
[Reply-Message                      ] [116] [ErrorReason is Incorrect user name or password or Incorrect dataSource or Incorrect access device key.ErrCode:4101]
[Message-Authenticator              ] [18] [00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
[BTRACE][2020/10/19 14:53:23][6144][RADIUS][64e5-99f3-18f6]:Send authentication reject message to AAA.
[BTRACE][2020/10/19 14:53:23][6144][AAA][64e5-99f3-18f6]:
AAA receive AAA_RD_MSG_AUTHENREJECT message(51) from RADIUS module(235).

There are various causes for this problem, for example, the user name or password is incorrect, or the authorization policy fails to be matched. You can locate the root cause by checking server logs and adjust the server, terminal, or device configuration.

The RADIUS Server Does Not Respond

Run the display aaa online-fail-record mac-address H-H-H command to check the STA's online failure records. In the command output, the value of User online fail reason is The radius server is up but has no reply or The radius server is not reachable.

[Huawei] display aaa online-fail-record mac-address 64e5-99f3-18f6
----------------------------------------------------------------
User name               : test
Domain name             : domain_test
User MAC                : 64e5-99f3-18f6
User access type        : 802.1x
User access interface   : Wlan-Dbss17496
Qinq vlan/User vlan     : 0/200
User IP address         : -
User IPV6 address       : -
User ID                 : 32861
User login time         : 2020/10/19 17:01:02
User online fail reason : The radius server is up but has no reply
Authen reply message    : -
User name to server     : test
AP ID                   : 0
Radio ID                : 0
AP MAC                  : 18de-d777-c120
SSID                    : dot1x_test
----------------------------------------------------------------

[Huawei] display aaa online-fail-record mac-address 64e5-99f3-18f6
----------------------------------------------------------------
User name               : test
Domain name             : domain_test
User MAC                : 64e5-99f3-18f6
User access type        : 802.1x
User access interface   : Wlan-Dbss17496
Qinq vlan/User vlan     : 0/200
User IP address         : -
User IPV6 address       : -
User ID                 : 32865
User login time         : 2020/10/19 20:43:21
User online fail reason : The radius server is not reachable
Authen reply message    : -
User name to server     : test
AP ID                   : 0
Radio ID                : 0
AP MAC                  : 18de-d777-c120
SSID                    : dot1x_test
----------------------------------------------------------------

Based on the service diagnosis function, trace the authentication process of the STA. It is found that the RADIUS server does not respond.

[Huawei] trace object mac-address 64e5-99f3-18f6
[Huawei] trace enable
[BTRACE][2020/10/19 17:01:03][6144][AAA][64e5-99f3-18f6]:
AAA receive AAA_RD_MSG_SERVERNOREPLY message(61) from RADIUS module(235).
[BTRACE][2020/10/19 17:01:03][6144][AAA][64e5-99f3-18f6]:
CID:51  TemplateNo:4  SerialNo:62
SrcMsg:AAA_RD_MSG_AUTHENREQ
PriyServer::: Vrf:0
SendServer:10.10.10.1 Vrf:0
[BTRACE][2020/10/19 17:01:03][6144][AAA][64e5-99f3-18f6]:Radius server is up but no response.
[BTRACE][2020/10/19 17:01:03][6144][AAA][64e5-99f3-18f6]:
[AAA ERROR]authen finish,the authen fail code is:8,reason is:Radius server is up but no response.
[BTRACE][2020/10/19 20:43:22][6144][AAA][64e5-99f3-18f6]:
AAA receive AAA_RD_MSG_SERVERNOREPLY message(61) from RADIUS module(235).
[BTRACE][2020/10/19 20:43:22][6144][AAA][64e5-99f3-18f6]:
CID:55  TemplateNo:4  SerialNo:69
SrcMsg:AAA_RD_MSG_AUTHENREQ
PriyServer::: Vrf:0
SendServer:10.10.10.1 Vrf:0
[BTRACE][2020/10/19 20:43:22][6144][AAA][64e5-99f3-18f6]:Radius authentication has no response.
[BTRACE][2020/10/19 20:43:22][6144][AAA][64e5-99f3-18f6]:
[AAA ERROR]authen finish,the authen fail code is:7,reason is:Radius authentication has no response.

Troubleshoot the fault as follows:

Check whether the device IP address is correctly added to the RADIUS server.
If the device IP address is not added to the RADIUS server, add the correct device IP address.
If the IP address of the device has been added to the RADIUS server, check whether the IP address of the added device is the same as the source IP address of the RADIUS authentication request packet sent by the device.
You can run the command to configure the source IP address of RADIUS authentication request packets sent by the device. If the source IP address is not configured using the command, the IP address of the outbound interface in the route is used. If the IP address of the device added to the RADIUS server is the same as the IP address of the outbound interface in the route, you do not need to configure the source IP address for communicating with the RADIUS server on the device. Otherwise, you need to run the command to configure the source IP address.
1. Search the routing table for the outbound interface based on the IP address of the RADIUS server, and then determine the IP address based on the outbound interface. If the IP address of the device added to the RADIUS server is the same as the IP address of the outbound interface of the route, you do not need to run the command to configure the source IP address for communicating with the RADIUS server.
```
[Huawei] display ip routing-table 10.10.10.1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto  Pre Cost Flags NextHop     Interface
10.10.10.0/24     Direct 0   0     D     10.10.10.76   Vlanif12
[Huawei] interface Vlanif 12
[Huawei-Vlanif12] display this
#
interface Vlanif12
 ip address 10.10.10.76 255.255.255.0
#
```
2. If the device IP address added to the RADIUS server is different from the IP address of the outbound interface of the route, you need to configure the source IP address for communicating with the RADIUS server on the device. The source IP address can be configured globally or in a RADIUS server template. The source IP address configured in a RADIUS server template takes precedence over that configured globally.
  If wireless configuration synchronization is enabled in a VRRP dual-device hot backup scenario, you can configure the source IP address for communicating with the RADIUS server only in the system view. In a single-device scenario, you are advised to configure the source IP address in the RADIUS server template.
  
  Query the source IP address configured on the device for communicating with the RADIUS server.
  1. Check whether the source IP address for communicating with the RADIUS server is configured globally.
```
[Huawei] display radius-server configuration
------------------------------------------------------
Global:
 Radius Server Source IP Address           : -
 Radius Server Source IPv6 Address         : ::
 Radius Attribute Nas IP Address           : -
 Radius Attribute Nas IPv6 Address         : ::
------------------------------------------------------
[Huawei] display radius-server configuration
------------------------------------------------------
Global:
 Radius Server Source IP Address           : 100.1.1.1
 Radius Server Source IPv6 Address         : ::
 Radius Attribute Nas IP Address           : -
 Radius Attribute Nas IPv6 Address         : ::
------------------------------------------------------
```
    If the value of Radius Server Source IP Address is -, no source IP address is configured globally. If the value of Radius Server Source IP Address is a specific IP address, a source IP address is configured.
  2. Check whether the source IP address for communicating with the RADIUS server is configured in the RADIUS server template.
```
[Huawei] radius-server template radius_test
[Huawei-radius-radius_test] display this
#
radius-server template radius_test
 radius-server shared-key cipher %^%#x\[y<Fe^2Dee<5/L>B5Wd"!3GqH6,@[kW(Xi6PYA%^%#
 radius-server authentication 10.10.10.1 1812 source ip-address 100.1.1.1 weight 80
 radius-server accounting 10.10.10.1 1813 source ip-address 100.1.1.1 weight 80
#
[Huawei] radius-server template radius_test
[Huawei-radius-radius_test] display this
#
radius-server template radius_test
 radius-server shared-key cipher %^%#x\[y<Fe^2Dee<5/L>B5Wd"!3GqH6,@[kW(Xi6PYA%^%#
 radius-server authentication 10.10.10.1 1812 source Vlanif 100 weight 80
 radius-server accounting 10.10.10.1 1813 source Vlanif 100 weight 80
```
    If source ip-address or source Vlanif is displayed next to the authentication or accounting server in the RADIUS server template, the source IP address is configured in the RADIUS server template.
  Configure the source IP address for communication between the device and RADIUS server.
  1. Configure the source address for communicating with the RADIUS server in the system view.
```
[Huawei] radius-server source ip-address 100.1.1.1
```
  2. Configure the source IP address for communicating with the RADIUS server in the RADIUS template.
```
[Huawei] radius-server template radius_test
[Huawei-radius-radius_test] radius-server authentication 10.10.10.1 1812 source ip-address 100.1.1.1
```
Check whether the link between the device and RADIUS server is normal.
1. Ping the server from the specified source IP address on the device to check whether the route is reachable.
```
[Huawei] ping -a 10.10.10.76 10.10.10.1
```
2. Obtain packets on the device and server to check whether authentication packets are sent and received normally. The common problem is that a firewall exists on the intermediate network and the firewall does not permit RADIUS packets (default authentication port: 1812).

Check whether the RADIUS server status is normal. If the value of the STState field is not STState-up, the RADIUS server status is abnormal.

[Huawei] display radius-server item template radius_test
---------------------------------------------------------------
  STState    = STState-up
  STChgTime  = -
  Type       = auth-server
  State      = state-up
  AlarmFlag  = false
  STUseNum   = 1
  IPAddress  = 10.10.10.76
  AlarmTimer = 0xffffffff
  Head       = 10274
  Tail       = 10273
  ProbeID    = 255
 --------------------------------------------------------------

Check whether the shared key configured on the device is the same as that on the RADIUS server. You can run the test-aaa command and enable RADIUS debugging. If Authenticator error is displayed in the debugging information, the shared keys configured on the device and RADIUS server are inconsistent. In this case, you need to change the shared keys on the device and RADIUS server to be the same.
```
[Huawei] test-aaa test test radius-template radius_test
[Huawei]
Oct 24 2020 15:57:49.591.1+08:00 AC6605_129_76 RDS/7/DEBUG:
RADIUS packet: IN (TotalLen=20)
Len 1 ~ 20:
02 08 00 14 F6 DA 06 57 40 25 32 2A A9 70 6E FD
46 F6 B1 25
[Huawei]
Oct 24 2020 15:57:49.591.2+08:00 AC6605_129_76 RDS/7/DEBUG:
[RDS(Err):] Receive a illegal packet(Authenticator error), please check share key config.(ip:10.10.10.1 port:1812)
```
You can configure a shared key for a specified RADIUS server in the system view or in the RADIUS server template view. The shared key configured in the system view takes precedence over that configured in the RADIUS server template view.

You are advised to configure the shared key in the RADIUS server template. If both the shared key and shared key are configured, you are advised to delete the global configuration and retain only the configuration in the template.

Configure a shared key in the RADIUS server template.
```
[Huawei] radius-server template radius_test
[Huawei-radius-radius_test] radius-server shared-key cipher huawei@123
```
Configure a shared key of the RADIUS server globally.
```
[Huawei] radius-server ip-address 10.10.10.1 shared-key cipher huawei@123
```

RADIUS Authorization Data Check Fails

Run the display aaa online-fail-record mac-address H-H-H command to check the STA's online failure records. In the command output, the User online fail reason field displays Authorization data error.

[Huawei] display aaa online-fail-record mac-address 64e5-99f3-18f6
----------------------------------------------------------------
User name               : test
Domain name             : domaintest
User MAC                : 64e5-99f3-18f6
User access type        : 802.1x
User access interface   : Wlan-Dbss17496
Qinq vlan/User vlan     : 0/200
User IP address         : -
User IPV6 address       : -
User ID                 : 32873
User login time         : 2020/10/24 16:32:34
User online fail reason : Authorization data error
Authen reply message    : -
User name to server     : test
AP ID                   : 0
Radio ID                : 0
AP MAC                  : 18de-d777-c120
SSID                    : dot1x_test
----------------------------------------------------------------

The RADIUS server grants related permissions (such as ACL), but the corresponding authorization content is not configured on the device (for example, the authorization ACL is not created). Alternatively, the RADIUS server has authorized a VLAN, but Portal authentication does not support VLAN authorization.

Based on the service diagnosis function, trace the authentication process of the STA and check authorization data delivered by the RADIUS server.

[Huawei] trace object mac-address 64e5-99f3-18f6
[Huawei] trace enable

Authorization ACL check failure

Received a authentication accept packet from radius server(server ip = 12.12.12.1).
[BTRACE][2020/10/24 16:52:19][6144][RADIUS][64e5-99f3-18f6]:
Server Template: 4
Server IP   : 12.12.12.1
Server Port : 1812
Protocol: Standard
Code    : 2
Len     : 182
ID      : 205
[Filter-Id                          ] [6 ] [3000]
[EAP-Message                        ] [6 ] [03 4c 00 04 ]
[State                              ] [16] [\001uY\314\321\003]
[MS-MPPE-Send-Key                   ] [52] [bd ce 7f 1d bf 78 33 d4 6c 45 d8 d0 1b f7 ee d2 02 16 7a ac fd 62 25 88 f7 84 7a 22 44 d8 01 8a 99 a3 33 66 7d 47 e9 a7 ed 88 d5 01 f8 62 4f 9d cd 56 ]
[MS-MPPE-Recv-Key                   ] [52] [bd ce 7f 54 6f 27 35 d1 01 5c f1 5e aa e8 27 91 c7 8b 89 2f 06 8f ac 46 13 5c 92 78 ec cf 39 aa dc bb f8 ff b1 b8 5c 42 6b f8 ca 80 76 b1 e8 35 c9 ed ]
[Message-Authenticator              ] [18] [00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]
[BTRACE][2020/10/24 16:52:19][6144][RADIUS][64e5-99f3-18f6]:Send authentication reply message to AAA.
[BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]:
AAA receive AAA_RD_MSG_AUTHENACCEPT message(50) from RADIUS module(235).
[BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]:
CID:58  TemplateNo:4  SerialNo:75
SrcMsg:AAA_RD_MSG_AUTHENREQ
PriyServer::: Vrf:0
SendServer:12.12.12.1 Vrf:0
SessionTimeout:0 IdleTimeout:0
AcctInterimInterval:0 RemanentVolume:0
InputPeakRate:0 InputAverageRate:0
OutputPeakRate:0 OutputAverageRate:0
InputBasicRate:0 OutputBasicRate:0
InputPBS:0 OutputPBS:0
Priority:[0,0] DNS:[0.0.0.0, 0.0.0.0]
ServiceType:0 LoginService:0 AdminLevel:0 FramedProtocol:0
LoginIpHost:0 NextHop:0
EapLength:4 ReplyMessage:
TunnelType:0 MediumType:0 PrivateGroupID:
ACLID:3000
WlanReasonCode:0
[BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]:
[AAA ERROR]AAA check radius authen ack, check acl error!
[BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]:Radius authorization data error.
[BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]:
[AAA ERROR]authen finish,the authen fail code is:16,reason is:Radius authorization data error.

Precautions for authorization ACL: In wireless scenarios, the authorization ACL ID ranges from 3000 to 3031, and the maximum value of rule id in the ACL is 64.

If the RADIUS server fails to authorize data, perform the following steps:

Check whether the corresponding authorization is required.
- If authorization is required, create authorization contents on the device. For example, you need to create the corresponding VLAN on the device for VLAN-based authorization, and create the corresponding ACL for ACL-based authorization and configure the corresponding rules in the ACL.
- If authorization is not required, you can modify the authorization policy on the RADIUS server to delete the corresponding authorization content. You can also run the following command to configure the device to ignore the corresponding authorization content:
  Ignore the authorization VLAN.
```
[Huawei] radius-server template radius_test
[Huawei-radius-radius_test] radius-server attribute translate
[Huawei-radius-radius_test] radius-attribute disable Tunnel-Private-Group-ID receive
```
  Ignore the authorization ACL.
```
[Huawei] radius-server template radius_test
[Huawei-radius-radius_test] radius-server attribute translate
[Huawei-radius-radius_test] radius-attribute disable Filter-Id receive
```

The Portal Authentication Page Is Displayed Again When a User Accesses the Network After Successful Authentication

When the device connects to the Agile Controller, the user enters the user name and password on the Portal authentication page and is successfully authenticated. However, when the user accesses another web page, the Portal authentication page is displayed again. Check the user status on the device. The user is still in Pre-authen state.

Click to enlarge

The Authentication Success Page and Pushed Page Are Repeatedly Displayed

When the device connects to the Agile Controller, the user enters the user name and password on the Portal authentication page and is successfully authenticated. The system automatically redirects the user to the pushed page, and then redirects the user to the authentication success page. This process repeats. Check the user status on the device. The user is still in Pre-authen state.

The cause for this problem is that the STA IP address list is not configured on the Agile Controller or the configured STA IP address list is inconsistent with the actual STA IP address, as shown in the following figure. This symptom occurs because the Agile Controller is configured to push a specified page after successful authentication.

After a PC Is Successfully Authenticated, the User Closes the Authentication Page. After a Period of Time, the Portal Authentication Page Is Displayed Again When the PC Accesses the Web Page

After a PC passes Portal authentication, the user closes the authentication page. After a period of time, the Portal authentication page is displayed again when the PC accesses the web page. Run the display aaa offline-record mac-address H-H-H command on the device to check the STA going-online and offline records. The displayed reason for the STA to go offline is Web user request.

[Huawei] display aaa offline-record mac-address 5cd9-98bc-034c
----------------------------------------------------------------
User name             : test
Domain name           : radius
User MAC              : 5cd9-98bc-034c
User access type      : Web
User access interface : Wlan-Dbss17498
Qinq vlan/User vlan   : 0/200
User IP address       : 200.1.1.64
User IPV6 address     : -
User ID               : 16614
User login time       : 2020/11/28 10:17:57
User offline time     : 2020/11/28 10:28:47
User offline reason   : Web user request
User name to server   : test
AP ID                 : 0
Radio ID              : 0
AP MAC                : 18de-d777-c120
SSID                  : portal_test
----------------------------------------------------------------

There is a high probability that this problem occurs because Wireless PC compatibility is not enabled in Session Timeout Interval of Wireless Terminal Web Authentication on the Agile Controller. To resolve this problem, enable Wireless PC compatibility in Session Timeout Interval of Wireless Terminal Web Authentication, as shown in the following figure.

Click to enlarge

Collecting Information

User Status

[Huawei] display access-user mac-address xxxx-xxxx-xxxx

trace and station-trace

Collect trace information on an AC to reproduce the problems. The STA authentication process is displayed.

[Huawei] trace object mac-address xxxx-xxxx-xxxx
[Huawei] trace object ip-address xx.xx.xx.xx
[Huawei] trace enable

Collect station-trace information on the AC and reproduce the problems. The authentication packets sent and received on APs are displayed.

[Huawei-diagnose] station-trace sta-mac xxxx-xxxx-xxxx

When the collection is complete, disable the station-trace function.

[Huawei] undo trace object mac-address xxxx-xxxx-xxxx
[Huawei] undo trace object ip-address xx.xx.xx.xx
[Huawei] undo trace enable
[Huawei-diagnose] undo station-trace sta-mac xxxx-xxxx-xxxx

Reasons for STAs Go Online and Offline

Run the following commands on the AAA server:

[Huawei] display aaa online-fail-record mac-address xxxx-xxxx-xxxx
[Huawei] display aaa abnormal-offline-record mac-address xxxx-xxxx-xxxx
[Huawei] display aaa offline-record mac-address xxxx-xxxx-xxxx

Run the following commands on the WLAN side:

[Huawei-diagnose] display station online-fail-record sta-mac xxxx-xxxx-xxxx
[Huawei-diagnose] display station offline-record sta-mac xxxx-xxxx-xxxx

Protocol Trace

RADIUS protocol trace

[Huawei-diagnose] display aaa abnormal-radius-track mac xxxx-xxxx-xxxx

Logs

AAA going-online logs (recorded in AC logs)

%%01CM/5/USER_ACCESSRESULT(s)[395622]:[WLAN_STA_INFO_AUTHENTICATION]ACMAC:xx-xx-xx-xx-xx-xx;ACNAME:xxx;APMAC:xx-xx-xx-xx-xx-xx;APNAME:xxx;SSID:xxx;RADIOID:1;USER:xxx;MAC:xx-xx-xx-xx-xx-xx;IPADDRESS:-;TIME:1608639482;ZONE:UTC+0300;DAYLIGHT:false;ERRCODE:4294967295;RESULT:Open;USERGROUP:NULL;CIB ID:10192;INTERFACE:Wlan-Dbss18108;ACCESS TYPE:None;RDSIP:-;Portal TYPE:-;AUTHID=866625466;AuthFailType:MAC;AUTHPROTOCOL:PAP;

AAA going-offline logs (recorded in AC logs)

%%01CM/5/USER_OFFLINERESULT(s)[395621]:[WLAN_STA_INFO_OFFLINE]ACMAC:xx-xx-xx-xx-xx-xx;ACNAME:xxx;APMAC:xx-xx-xx-xx-xx-xx;APNAME:xxx;SSID:xxx;RADIOID:1;USER:xxx;MAC:xx-xx-xx-xx-xx-xx;IPADDRESS:-;TIME:1608639482;ZONE:UTC+0300;DAYLIGHT:false;SESSIONTIME:2;ERRCODE:208;RESULT:Authentication during association failed;USERGROUP:NULL;AUTHENPLACE:None;EXTENDINFO:The signal strength of the STA is -43 dbm.;CIB ID:11430;INTERFACE:Wlan-Dbss18108;ACCESS TYPE:None;RDSIP:-;Portal TYPE:-;AUTHID=1837558961;AUTHPROTOCOL:-;

802.1X high-precision logs on an AP (recorded in the AP logs)

%%01WSRV/6/STA_EVENT_DOT1X_PROC(l)[294062]:dot1x authentication procedure(ApMac=xx-xx-xx-xx-xx-xx,UserMac=xx-xx-xx-xx-xx-xx,Identify=xxx,RadioId=1,Band=2,VapId=20,SSID=xxx,Result=Fail,Msg=ae 5 17;se 0 19;se 38 26;ae 6 47;se 166 49;ae 1012 77;se 6 104;ae 1008 121;se 6 122;ae 10 154;se 136 162;ae 57 219;se 6 229;ae 36 246;se 69 248;ae 69 269;se 123 272;ae 82 293;se 37 294;ae 46 314;se 46 315;ae 4

STA association and disassociation logs on an AP

One-Click Diagnosis Information

[Huawei] display diagnostic-information

Portal Authentication Trace Information

This section uses WLAN AC V200R019C00SPC500 as an example to describe trace information about MAC address-prioritized Portal authentication when an external Portal server is deployed.

Portal Authentication Process

Module Overview

Module Name	Function
WEB_FC	Receives packets from the Portal server, searches for authentication entries based on users' IP addresses, and distributes the packets to the web module of each core. (In WLAN AC multi-core scenarios, the WEB_FC module exists. In cloud AP and Fat AP single-core scenarios, the WEB_FC module does not exist.)
WEB	Processes authentication requests from the Portal server, sends authentication requests to the CM module, and forwards the authentication results from the CM module to the Portal server.
CM	Manages the login, logout, and authorization of authenticated users.
AAA	Manages user authentication domains, authentication policies, accounting policies, and authorization policies, distributes authentication requests from the CM module to the RADIUS and AD server modules, and forwards responses from the server module to the CM module.
RADIUS	Processes packets exchanged between the device and RADIUS server.
TM	Forwards authorization messages.
WLAN_AC	Processes STA association messages and communicates with APs.
AP	Processes user packets, performs four-way handshake with users to negotiate keys, and communicates with the AC.

Portal authentication flowchart

Click to enlarge

Process of MAC address-prioritized Portal authentication

SSID association: If the association succeeds, the WLAN module sends an authentication request packet to the UCM module. If the association fails, the STA leaves the network.
The WLAN module sends an authentication request packet to the UCM module. The UCM module determines that the authentication mode is MAC+Portal based on the authentication profile configuration and performs MAC address authentication first.
1. The UCM module sends a MAC authentication request to the AAA module.
2. The AAA module searches for the authentication domain, determines that the authentication mode is RADIUS, and sends an authentication request packet to the RADIUS module.
3. The RADIUS module sends an authentication request packet to the RADIUS server.
4. After receiving the response packet from the RADIUS server, the RADIUS module sends the authentication result to the AAA module.
5. The AAA module sends the authentication result to the CM module.
6. The CM module receives a MAC authentication failure response and delivers pre-connection authorization. In this case, the Portal page redirection can be triggered only when the terminal accesses the web page.
7. The CM authorization ends, and the authentication mode is switched to Portal authentication.
Pre-connection authorization: After receiving an IP address change event from the WLAN module, the UCM module is triggered to deliver authorization (optional).
The WEB_FC module receives the packet from the Portal server and performs Portal authentication.
1. After receiving the authentication challenge packet, the WEB_FC module distributes the authentication challenge packet to the WEB module based on the IP address in the packet. (This step is required only when the CHAP mode is configured On the Portal server.)
2. After receiving the authentication challenge packet, the WEB module sends an authentication challenge response packet to the Portal server. (This step is required only when the Portal server uses CHAP authentication.)
3. After receiving the authentication request packet, the WEB_FC module distributes the authentication request to the web module based on the IP address in the packet.
4. The WEB module receives the Portal authentication request and forwards the request to the UCM module.
5. The UCM module sends a Portal authentication request to the AAA module.
6. The AAA module searches for the authentication domain, determines that the authentication mode is RADIUS, and sends an authentication request packet to the RADIUS module.
7. The RADIUS module sends an authentication request packet to the RADIUS server.
8. After receiving the response packet from the RADIUS server, the RADIUS module sends the authentication result to the AAA module.
9. The AAA module sends the authentication result to the UCM module.
10. The UCM receives the authentication success packet and delivers authentication success authorization. The STA obtains the Internet access permission.
11. The UCM module sends an authentication success response packet to the WEB module and an accounting-start request packet to the AAA module.
12. The WEB module sends the authentication result to the Portal server.
13. After receiving the authentication success response packet from the Portal server, the WEB_FC module distributes the authentication request to the WEB module.
14. The WEB module receives an authentication success packet from the Portal server.
The AAA module receives an accounting-start packet from the UCM module.
1. The AAA module finds that the accounting mode of the authentication domain is RADIUS and sends an accounting request to the RADIUS module.
2. The RADIUS module sends an accounting-start packet to the RADIUS server.
3. The RADIUS module receives an accounting response packet from the RADIUS server.
4. The AAA module receives an accounting response packet from the RADIUS module.

Portal Packet Exchange Information

Three-step PAP authentication packets of the Portal protocol:

Click to enlarge

Five-step CHAP authentication packets of the Portal protocol:

Click to enlarge

Trace Information About Successful Portal Authentication

The following shows entry information after successful Portal authentication when the STA associates with an SSID for the first time.

[AC] display access-user user-id 16464

Basic:
  User ID                         : 16464
  User name                       : test1  //User name entered on the Portal page
  Domain-name                     : domaintest                      
  User MAC                        : 84c9-b272-47e0
  User IP address                 : 200.1.1.231
  User vpn-instance               : -
  User IPv6 address               : -
  User access Interface           : Wlan-Dbss17500
  User vlan event                 : Success        
  QinQVlan/UserVlan               : 0/200
  User vlan source                : user request                  
  User access time                : 2020/11/14 14:58:42
  User accounting session ID      : AC6605_000000000002002c****0100050
  User accounting mult session ID : 18DED777C12084C9B27247E05FAF8****51A9BA5
  User access type                : WEB
  AP name                         : AP-10
  Radio ID                        : 0
  AP MAC                          : 18de-d777-c120
  SSID                            : portal_76
  Online time                     : 14(s)
  Device type                     : windows-pc
  HTTP User_Agent                 : Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
  DHCP option ID                  : 12
  DHCP option content             : LMT-PC-8
  DHCP option ID                  : 55
  DHCP option content             : \001\017\003\006,./\037!y\371+
  DHCP option ID                  : 60
  DHCP option content             : MSFT 5.0
  Web-server IP address           : 172.168.10.6
  User Group Priority             : 0

AAA:
  User authentication type        : WEB authentication  //Portal authentication
  Current authentication method   : RADIUS
  Current authorization method    : -
  Current accounting method       : RADIUS

When the STA associates with the SSID for the first time, the Portal authentication succeeds. The following table describes key information.


[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WSTA] Receive STA (Re)associate request message.
Assoc local:1, AP ID:0, Radio ID:0, Wlan ID:3, Type(1:assoc, 2:reassoc):1, Pmk:0, Wapi IE:0, Bk ID Num:0, SFN Flag:0, Ability:40, 2.4G CHs:0, 5G CHs:0. FT Roam:0, FT Access:0, Rssi:-53, Old Ap Mac:0000-0000-0000, Auth Type:8 UniCipher:6 MultiCipher:6. Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000, ProcessId:2048. Message len:112, Element len:100, Total len:109, Fix len:88, Ext num:0, Ext Len:0, AGV:0, Assoc duration time:37457
[AC] display vap-profile all
FMode   : Forward mode
STA U/D : Rate limit client up/down
VAP U/D : Rate limit VAP up/down
BR2G/5G : Beacon 2.4G/5G rate
--------------------------------------------------------------------------------------------------------------------------------------
Name             FMode    Type     VLAN      AuthType         STA U/D(Kbps)  VAP U/D(Kbps)  BR2G/5G(Mbps)  Reference  SSID
--------------------------------------------------------------------------------------------------------------------------------------
default          direct   service  VLAN 1    Open             -/-            -/-            1/6            0          HUAWEI-WLAN
vapdot1x         tunnel   service  VLAN 200  WPA2+802.1X      -/-            -/-            1/6            3
dot1x_test    vap_localportal  tunnel   service  VLAN 200  Open+Portal      -/-            -/-            1/6            3          localportal_test
test             tunnel   service  VLAN 200  Open+Portal/MAC  -/-            -/-            1/6            3          portal_76
--------------------------------------------------------------------------------------------------------------------------------------
Total: 4
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]
[WADP] Send authentication request message to UCM.     srcChannelId = 187, dstChannelId = 232, WmiForkId = 7168, EsapForkId = 7168     Interface: 93018000, Vlan:200, AuthMethod:32, User DownReason:0, Roam Flag:0, FwdDirect:0, UserAclNum:4294967295.     AP ID:0, Fwd Mode:0, Service Vlan:200, Access Type:32, Radio ID:0, AP State:9, Phy IfIndex:0, Roam flag:0.     Ap Mac:18de-d777-c120, Ap Name:AP-10, SSID:portal_76, AP IP:100.1.1.114, AC IP:100.1.1.1, Ret code:0.     Rssi[42], TerminalPosX[0], TerminalPosY[0], OpenFlag[0], UsrGrp[0], serVlan[200], UsrVlan[0], UserName[], Sn[369]
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WLAN_STA_INFO_AP_ASSOCIATE]ACMAC:84-5b-12-69-22-e8;ACNAME:AC;APMAC:18-de-d7-77-c1-20;APNAME:AP-10;APIP:100.1.1.114;RADIO:0;BAND:2.4G;SSID:portal_76;ACCESS TYPE:Open+Portal/MAC;USER:84c9b27247e0;MAC:84-c9-b2-72-47-e0;ASSOCDURATION:37457us;TIME:1605337092;ZONE:UTC+0800;DAYLIGHT:false;ERRCODE:0;RESULT:Success;
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_AUTH_REQ from WLAN module (msg code: 184 CID:80).
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:
CID:105  TemplateNo:4  SerialNo:4294967295
PriyServer::: Vrf:0
SendServer::: Vrf:0
AccessType:mac AuthenMethod:PAP
UserName:84c9b27247e0 Password:***
Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056         CID:16465  AcctSessionId:AC6605_0000000000020056b8840100051        PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255        EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255        IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0        ProductID:AC szVersion:Huawei AC6605-26-PWR        SecurityStr:
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:      Send a authentication request packet to radius server( server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Protocol: Standard
Code    : 1
Len     : 468
ID      : 12
[User-Name                          ] [14] [84c9b27247e0]      [User-Password                      ] [18] [aa c3 ee 42 f6 dc cd dd 75 df 5d ea f4 5a b6 33 ]
[NAS-Port                           ] [6 ] [200]
[Service-Type                       ] [6 ] [2]
[Framed-Protocol                    ] [6 ] [1]
[Calling-Station-Id                 ] [16] [84c9-b272-47e0]
[NAS-Identifier                     ] [13] [AC]
[NAS-Port-Type                      ] [6 ] [19]
[NAS-Port-Id                        ] [36] [slot=0;subslot=0;port=0;vlanid=200]
[Called-Station-Id                  ] [29] [18-DE-D7-77-C1-20:portal_76]
[NAS-IP-Address                     ] [6 ] [172.168.10.76]
[Acct-Session-Id                    ] [36] [AC6605_00000000000200580fd60100050]
[WLAN-Pairwise-Cipher               ] [6 ] [0]
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
[WLAN-Group-Cipher                  ] [6 ] [0]      [WLAN-AKM-Suite                     ] [6 ] [0]
[WLAN-Group-Mgmt-Cipher             ] [6 ] [0]
[HW-NAS-Startup-Time-Stamp          ] [6 ] [1604918038]
[HW-IP-Host-Address                 ] [35] [255.255.255.255 84:c9:b2:72:47:e0]
[HW-Connect-ID                      ] [6 ] [16464]
[HW-Version                         ] [22] [Huawei AC6605-26-PWR]
[HW-Product-ID                      ] [4 ] [AC]
[HW-AP-Information                  ] [16] [18DE-D777-C120]      [HW-Access-Type                     ] [6 ] [2]
[HW-User-Extend-Info                ] [38] [AP-Device-Code=19220382118ded777c120]
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-X=0]
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-Y=0]
[HW-User-Extend-Info                ] [18] [Wifi-Density=-53]
[HW-User-Extend-Info                ] [27] [HW-Access-Time=1605337092]
[HW-Domain-Name                     ] [12] [domaintest]
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
Received a authentication reject packet from radius server(server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Server Port : 1812
Protocol: Standard
Code    : 3      Len     : 82      ID      : 12
[Reply-Message                      ] [62] [ErrorReason is No authorization rule is matched.ErrCode:4153]
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:
DestIndex:80 SrcIndex:80 Slot:4294967295
Result:1 DomainIndex:2 ServiceScheme:65535        AuthedPalace:3  VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0        IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0        SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295        EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295        RTAcctInterval:4294967295 Priority:[255,255]        AdminLevel:255 NextHop:4294967295 Role:0 LiAdmin:0        EapSize:0 ReplyMessage:ErrorReason is No authorization rule is matched.ErrCode:4153        TunnelType:0 MediumType:0 PrivateGroupID:        SerialNo:4294967295 WlanReasonCode:0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:User authentication fail (CID:80).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM NAC State Auth Entity, CurrAccessType:23, DownReason:130, WlanReasonCode:4294967295
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Get local authorization over, NewAuthorizeType = 1.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[CM NAC Proc Port Vlan]Vlan change.(IfIndex=2466349056, IsPortBased=0, newVlan=0, VlanType=3, IsPortbasedGuestAuthened=0)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535]
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 1, OldPreAuthFlag = 0,Cib AccessType = 0.
[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:
[TM DBG]SrcNode = 7168, DstNode = 7168.
[TM DBG] Rev CM_SET(MsgCode=197) from UCM. Slot:7168 SourceIndex:80
Command:ADD_CIB Slot:0 .    [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]Proc EventCall.Index:162    [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]Proc EventCall.(OpType=0)    (mac=84c9-b272-47e0, IPV6=00000000:00000000:00000000:00000000, IPV4=0xffffffff, Slot=0, ISPVlan=0)    (AuthVlan=0, AuthVlanType=3, PvcVlan=200, PvcVlanType=3, UsrGroup=65535, UclGroup=65535, IsPortBased=0, IfIndex=2466349056)    (PreAuthFlag=1,OldPreAuthFlag=0, AuthModifyBmp=0x4, ArpDeny=0,ucHttpFwdFlg=0)    (UserGroupPriority=255)    [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]    (WlanFlag=1, RemoteUser=0, UCRemoteUser=0)    [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]Proc EventCall.(ForwardInterface=0,ForwardPdtIndex=0, ISPVlan=0)
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]
[WADP] Send User Authorization Info to Ap.     (ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:0,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295     UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:1,BeforeAuth_En:1,DenyAll:1,ServiceVlan:200     AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0)
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:0, Code:0, Id:162.    [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](AAASuccFlag=0, AuthSeqIndex=1)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](currentAccessType=23, AuthSeqIndex=1, MaxFailTimes=1, FailTimes=1, AuthorizeType=1)    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](NewAccessType=24)    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=0, NacCib ReauthTimeLen=0).    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer]set ReauthTimeLen 0.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::.
[AC] display access-user
------------------------------------------------------------------------------------------------------
UserID  Username               IP address                               MAC            Status
------------------------------------------------------------------------------------------------------
16464   84c9b27247e0           200.1.1.231                              84c9-b272-47e0 Pre-authen
------------------------------------------------------------------------------------------------------
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0):
Version         : 2
Type            : authentication request
Method          : pap
SerialNo        : 58879
RequestID       : 0
UserIP          : 200.1.1.231
ErrorCode       : 0    AttributeNumber : 2
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully.
02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02
bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f
01 07 74 65 73 74 31 02 07 74 65 73 74 31        
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive authentication request packet from portal srever.
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Send packet to NodeID(7168).(UserIP=3355509223)
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0):
Version         : 2
Type            : authentication request
Method          : pap
SerialNo        : 58879
RequestID       : 0
UserIP          : 200.1.1.231
ErrorCode       : 0
AttributeNumber : 2
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB receive packet from portal server successfully.
02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02
bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f
01 07 74 65 73 74 31 02 07 74 65 73 74 31
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:[WEB Proc PS Msg] Server IP = 172.168.10.6, Server Vrf = 0
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal srever.
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal server.(ReqID=15)
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Start a new authentication.
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send auth-req msg:
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:CID   : 80
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ReqID : 15
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:AuthType : 0
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:UserName : test1
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ChapId   : 0
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEBIP    : 202116102
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Version  : 2
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send authentication request message to cm successfully(userid=80,requestid=15)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC State Up Entity]Received auth request.(cid=80, AccessType=24, Reason=0)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Check ReAuth Req]NEW ACCESS TYPE IS 24,OLD ACCESS TYPE IS 0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:     [CM NAC_CheckReAuthReq] User has V4 address 3355509223.
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
DestIndex:80 SrcIndex:80 Slot:7168
User:test1 Password:*** MAC:84c9-b272-47e0
Slot:0 SubSlot:0 Port:0 VLAN:200
IP:200.1.1.231 AccessType:web AuthenType:PAP
AdminLevel:0 EapSize:0 AuthenCode:WEB
ulInterface:2466349056 ChallengeLen:16 ChapID:0        LineType:0 LineIndex:0 PortType:19        AcctSessionId:AC6605_000000000002002cad1b0100050
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
CID:102  TemplateNo:4  SerialNo:4294967295
PriyServer::: Vrf:0
SendServer::: Vrf:0
AccessType:web AuthenMethod:PAP        UserName:test1  Password:***        Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056         CID:16464 AcctSessionId:AC6605_000000000002002cad1b0100050        PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:200.1.1.231        EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255        IPHostAddr:200.1.1.231 84:c9:b2:72:47:e0        ProductID:AC szVersion:Huawei AC6605-26-PWR        SecurityStr:
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Send a authentication request packet to radius server( server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Protocol: Standard
Code    : 1
Len     : 710
ID      : 13
[User-Name                          ] [7 ] [test1]
[User-Password                      ] [18] [57 4d 2a 93 10 d9 b5 fb c4 5a 3d d1 92 a2 5a 53 ]
[NAS-Port                           ] [6 ] [200]
[Service-Type                       ] [6 ] [2]
[Framed-Protocol                    ] [6 ] [1]
[Framed-IP-Address                  ] [6 ] [200.1.1.231]
[Calling-Station-Id                 ] [16] [84c9-b272-47e0]
[NAS-Identifier                     ] [13] [AC]
[NAS-Port-Type                      ] [6 ] [19]
[NAS-Port-Id                        ] [36] [slot=0;subslot=0;port=0;vlanid=200]
[Called-Station-Id                  ] [29] [18-DE-D7-77-C1-20:portal_76]
[NAS-IP-Address                     ] [6 ] [172.168.10.76]
[Acct-Session-Id                    ] [36] [AC6605_000000000002002cad1b0100050]
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
[HW-HTTP-UA                         ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)]
[HW-Access-Type                     ] [6 ] [3]
[HW-User-Extend-Info                ] [38] [AP-Device-Code=19220382118ded777c120]
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-X=0]
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-Y=0]
[HW-User-Extend-Info                ] [18] [Wifi-Density=-53]
[HW-User-Extend-Info                ] [27] [HW-Access-Time=1605337122]
[HW-Domain-Name                     ] [12] [domaintest]
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Received a authentication accept packet from radius server(server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Server Port : 1812
Protocol: Standard
Code    : 2
Len     : 20
ID      : 13
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:User authentication success (CID:80).
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:
TM send authorization para info to Ap:    AclID = 65535,65535 UpRateLimitValue = -1 DownRateLimitValue = -1 Mac = 84c9-b272-47e0    Isolated = 0 InterIsolated = 0 VLAN = 200 UserGroup = 65535 UclGroup = 65535 Optype = 2 UserUpFlag = 1 PushFlag = 0 AccessType = 24    IsPortBased = 0 UserVlanType = 3 AuthenUserAddCIB = 1 IfIndex = -1828618240 IpAddr = 200.1.1.231 VrfIndex = 0 Cid = -1 PortalLayer3Flag = 0    AckIndex = 163 preauthfalg = 0 httpflag = 0 denyallflag = 0 UpFlowstatistics = 0 DownFlowstatistics = 0    Redirect AclId = 65535, RedirectURL = , IPSecFlag = 2, ArpDeny = 0,fwdflg=0
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]
[WADP] Send User Authorization Info to Ap.     (ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:1,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295     UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:0,BeforeAuth_En:0,DenyAll:0,ServiceVlan:200     AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)
[BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0)
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:2, Code:0, Id:163.
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:TM send ack message to CM module, result: Modify CIB OK
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
In ADD USER recevie CM_EVENT_MODIFY_SUCCESS clear modify trigger bitmap.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Send Auth Ack](DownModule=0, NewAuthorizeType=6, AckModuleId=72, ExpResult=8, CMAAAAuth=0x20547cf4).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[AfterUp]CM login request, make start accounting request.(CID=80)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 18DE-D777-C120.    [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM fill data flow info.(TariffLevel=0)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[0] UpLBytes 0 UpLPackets 0 DownLBytes 0 DownLPackets 0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM send accounting request message to AAA module (CID:80).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM make accounting request.(acctType = 1, CID=80)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:     [Cib is optimized for struct CM_ACCTDATA_S]Come in CMSetAcctWaitFlag.
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authen ack message from authentication server(result:AUTH_PASS).
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send packet to socket (length = 40 Vrf = 0):
Version         : 2
Type            : authentication ack
Method          : pap
SerialNo        : 58879
RequestID       : 2063
UserIP          : 200.1.1.231
ErrorCode       : 0
AttributeNumber : 1
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB send packet to portal server successfully.
02 04 01 00 e5 ff 08 0f c8 01 01 e7 00 00 00 01
86 74 29 a9 60 ab 5e d1 e2 ba 83 37 09 06 f8 74
0b 08 84 c9 b2 72 47 e0
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA receive AAA_SRV_MSG_ACCT_REQ message(32) from UCM module(232).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
DestIndex:80 SrcIndex:80 Slot:7168
AcctType:Start AcctMethod:RADIUS AcctSessionID:AC6605_000000000002002cad1b0100050
ucIfTwoLevelAcct:255 RTAcctInterval:65535 AuthedPlace:3
RdsGroup:4 TacTempletID:128 CopyRdsGroup:65535
UpBytes:[0,0] DnBytes:[0,0]
UpPkts:[0,0] DnPkts:[0,0]
AcctStartTime:1605337122 UTCAcctStartTime:4294967295 UTCAcctStopTime:4294967295
AcctStartSeconds:4294967295 AcctStopSeconds:4294967295 SessionLength:0
UserName:test1 MAC:84c9-b272-47e0 Domain:2
AccessType:web  AuthenCode:WEB
IP:200.1.1.231 Priority:[0,0]
Slot:0 SubSlot:0 Port:0 Interface:2466349056
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Send a accounting request packet to radius server( server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Protocol: Standard
Code    : 4
Len     : 660
ID      : 14
[User-Name                          ] [7 ] [test1]
[NAS-IP-Address                     ] [6 ] [172.168.10.76]
[NAS-Port                           ] [6 ] [200]
[Framed-IP-Address                  ] [6 ] [200.1.1.231]
[NAS-Identifier                     ] [13] [AC]
[Acct-Status-Type                   ] [6 ] [1]
[Acct-Delay-Time                    ] [6 ] [0]
[Acct-Session-Id                    ] [36] [AC6605_000000000002002cad1b0100050]
[Acct-Authentic                     ] [6 ] [1]
[Event-Timestamp                    ] [6 ] [1605337122]
[NAS-Port-Type                      ] [6 ] [19]      [Calling-Station-Id                 ] [16] [84c9-b272-47e0]
[NAS-Port-Id                        ] [36] [slot=0;subslot=0;port=0;vlanid=200]
[Called-Station-Id                  ] [29] [18-DE-D7-77-C1-20:portal_76]
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
[Framed-Protocol                    ] [6 ] [1]
[Service-Type                       ] [6 ] [2]
[HW-IP-Host-Address                 ] [31] [200.1.1.231 84:c9:b2:72:47:e0]
[HW-Connect-ID                      ] [6 ] [16464]
[HW-AP-Information                  ] [16] [18DE-D777-C120]      [HW-Terminal-Type                   ] [12] [windows-pc]
[HW-DHCP-Option                     ] [13] [00 0c 08 4c 4d 54 2d 50 43 2d 38 ]
[HW-DHCP-Option                     ] [17] [00 37 0c 01 0f 03 06 2c 2e 2f 1f 21 79 f9 2b ]
[HW-DHCP-Option                     ] [13] [00 3c 08 4d 53 46 54 20 35 2e 30 ]
[HW-HTTP-UA                         ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)]
[HW-Access-Type                     ] [6 ] [3]
[HW-User-Extend-Info                ] [38] [AP-Device-Code=19220382118ded777c120]
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-X=0]
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-Y=0]
[HW-User-Extend-Info                ] [18] [Wifi-Density=-53]
[HW-User-Extend-Info                ] [27] [HW-Access-Time=1605337122]
[HW-Domain-Name                     ] [12] [domaintest]
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Received a accounting response packet from radius server(server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Server Port : 1813
Protocol: Standard
Code    : 5
Len     : 20
ID      : 14
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : ack of authentication ack
Method          : chap
SerialNo        : 58879
RequestID       : 2063
UserIP          : 200.1.1.231
ErrorCode       : 0
AttributeNumber : 0

[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully.
02 07 00 00 e5 ff 08 0f c8 01 01 e7 00 00 00 00
5a 89 66 95 4d a0 3e 60 8f 7f d6 d4 1d 29 13 72

[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive ack of authentication ack packet from portal server.

No.	Item	Trace Information	Description
1	STA association with an SSID and SSID configuration	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WSTA] Receive STA (Re)associate request message. Assoc local:1, AP ID:0, Radio ID:0, Wlan ID:3, Type(1:assoc, 2:reassoc):1, Pmk:0, Wapi IE:0, Bk ID Num:0, SFN Flag:0, Ability:40, 2.4G CHs:0, 5G CHs:0. FT Roam:0, FT Access:0, Rssi:-53, Old Ap Mac:0000-0000-0000, Auth Type:8 UniCipher:6 MultiCipher:6. Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000, ProcessId:2048. Message len:112, Element len:100, Total len:109, Fix len:88, Ext num:0, Ext Len:0, AGV:0, Assoc duration time:37457	The WLAN module receives an association request packet from the STA. Old Ap Mac:0000-0000-0000 indicates that the STA is not roaming. Auth-Type: authentication type. 1: WAPI-Certificate 2: WAPI-PSK 3: WAP1-802.1X 4: WAP1-PSK 5: WAP2-802.1X 6: WPA2-PSK 7: SHARE-KEY 8: Open 9: WPA1-WPA2-PSK 10: WPA1-WPA2-802.1X 11: WEP-NO-AUTH 12: WEP-802.1X 13: WAP1-PPSK 14: WPA2-PPSK 15: WAP1-WPA2-PPSK 16: WPA3-SAE 17: WPA2-PSK-WPA3-SAE 18: WPA3-802.1X
2	VAP information	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Get sta cfg info VapProfileID:4, VlanId:200, IsBoundVlanPool:0, HacServiceVlanInPool:0, MaxUserNumber:64, VlanMobilityGroupId:1, HomeAgent:0, Fordward:0 Bssid:18de-d777-c122, ssid:portal_76, Ap mac:18de-d777-c120, Ap name:AP-10, AC IP:100.1.1.1, IsDot1xOrWapi:0, Is Ppsk:0, l3 switch:0	The VAP configuration (VapProfileID:4) is obtained. You can run the display vap-profile all command to query VapProfile corresponding to the index (the index starts from 0 with Name of default) in ascending order. [AC] display vap-profile all FMode : Forward mode STA U/D : Rate limit client up/down VAP U/D : Rate limit VAP up/down BR2G/5G : Beacon 2.4G/5G rate -------------------------------------------------------------------------------------------------------------------------------------- Name FMode Type VLAN AuthType STA U/D(Kbps) VAP U/D(Kbps) BR2G/5G(Mbps) Reference SSID -------------------------------------------------------------------------------------------------------------------------------------- default direct service VLAN 1 Open -/- -/- 1/6 0 HUAWEI-WLAN vapdot1x tunnel service VLAN 200 WPA2+802.1X -/- -/- 1/6 3 dot1x_test vap_localportal tunnel service VLAN 200 Open+Portal -/- -/- 1/6 3 localportal_test test tunnel service VLAN 200 Open+Portal/MAC -/- -/- 1/6 3 portal_76 -------------------------------------------------------------------------------------------------------------------------------------- Total: 4
3	The WLAN module sends an authentication request packet to the UCM module.	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WADP] Send authentication request message to UCM. srcChannelId = 187, dstChannelId = 232, WmiForkId = 7168, EsapForkId = 7168 Interface: 93018000, Vlan:200, AuthMethod:32, User DownReason:0, Roam Flag:0, FwdDirect:0, UserAclNum:4294967295. AP ID:0, Fwd Mode:0, Service Vlan:200, Access Type:32, Radio ID:0, AP State:9, Phy IfIndex:0, Roam flag:0. Ap Mac:18de-d777-c120, Ap Name:AP-10, SSID:portal_76, AP IP:100.1.1.114, AC IP:100.1.1.1, Ret code:0. Rssi[42], TerminalPosX[0], TerminalPosY[0], OpenFlag[0], UsrGrp[0], serVlan[200], UsrVlan[0], UserName[], Sn[369]	The WLAN module sends an authentication request packet to the UCM module. Service Vlan:200 indicates service VLAN 200. Access Type:32 indicates the encryption type in a security profile. 26: WAPI-PSK 27: WPA1-802.1X 28: WPA1-PSK 29: WPA2-802.1X 30: WPA2-PSK 32: Open
4	Successful STA association with the SSID, with the SSID and authentication mode displayed	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WLAN_STA_INFO_AP_ASSOCIATE]ACMAC:84-5b-12-69-22-e8;ACNAME:AC;APMAC:18-de-d7-77-c1-20;APNAME:AP-10;APIP:100.1.1.114;RADIO:0;BAND:2.4G;SSID:portal_76;ACCESS TYPE:Open+Portal/MAC;USER:84c9b27247e0;MAC:84-c9-b2-72-47-e0;ASSOCDURATION:37457us;TIME:1605337092;ZONE:UTC+0800;DAYLIGHT:false;ERRCODE:0;RESULT:Success;	The STA is successfully associated with the SSID, and the SSID and authentication mode are displayed.
5	The CM receives an authentication request.	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_AUTH_REQ from WLAN module (msg code: 184 CID:80).	The UCM module receives an authentication request packet from the WLAN module.
6	Authentication domain	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest	The authentication domain domaintest carried in the authentication request is obtained. NOTE: If no authentication domain is bound to the authentication profile but an authentication policy and server template are bound to the authentication profile, the domain name is not displayed.
7	Authentication mode: RADIUS	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.	The authentication policy is obtained based on the authentication profile (priority: authentication policy bound to the authentication profile > authentication policy bound to the authentication domain), and then the authentication mode (RADIUS) is obtained based on the authentication policy.
8	MAC authentication request information	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]: CID:105 TemplateNo:4 SerialNo:4294967295 PriyServer::: Vrf:0 SendServer::: Vrf:0 AccessType:mac AuthenMethod:PAP UserName:84c9b27247e0 Password:*** Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056 CID:16465 AcctSessionId:AC6605_0000000000020056b8840100051 PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255 EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255 IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0 ProductID:AC szVersion:Huawei AC6605-26-PWR SecurityStr:	Content of the packet sent by the AAA module to the RADIUS module is displayed.
9	Sending an authentication request packet to the RADIUS server	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Send a authentication request packet to radius server( server ip = 172.168.10.6).	The RADIUS module sends an authentication request packet to the RADIUS server.
10	Content of an authentication request packet	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Protocol: Standard Code : 1 Len : 468 ID : 12 [User-Name ] [14] [84c9b27247e0] [User-Password ] [18] [aa c3 ee 42 f6 dc cd dd 75 df 5d ea f4 5a b6 33 ] [NAS-Port ] [6 ] [200] [Service-Type ] [6 ] [2] [Framed-Protocol ] [6 ] [1] [Calling-Station-Id ] [16] [84c9-b272-47e0] [NAS-Identifier ] [13] [AC] [NAS-Port-Type ] [6 ] [19] [NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200] [Called-Station-Id ] [29] [18-DE-D7-77-C1-20:portal_76] [NAS-IP-Address ] [6 ] [172.168.10.76] [Acct-Session-Id ] [36] [AC6605_00000000000200580fd60100050] [WLAN-Pairwise-Cipher ] [6 ] [0] [BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: [WLAN-Group-Cipher ] [6 ] [0] [WLAN-AKM-Suite ] [6 ] [0] [WLAN-Group-Mgmt-Cipher ] [6 ] [0] [HW-NAS-Startup-Time-Stamp ] [6 ] [1604918038] [HW-IP-Host-Address ] [35] [255.255.255.255 84:c9:b2:72:47:e0] [HW-Connect-ID ] [6 ] [16464] [HW-Version ] [22] [Huawei AC6605-26-PWR] [HW-Product-ID ] [4 ] [AC] [HW-AP-Information ] [16] [18DE-D777-C120] [HW-Access-Type ] [6 ] [2] [HW-User-Extend-Info ] [38] [AP-Device-Code=19220382118ded777c120] [HW-User-Extend-Info ] [18] [TERMINAL-POS-X=0] [HW-User-Extend-Info ] [18] [TERMINAL-POS-Y=0] [HW-User-Extend-Info ] [18] [Wifi-Density=-53] [HW-User-Extend-Info ] [27] [HW-Access-Time=1605337092] [HW-Domain-Name ] [12] [domaintest]	Content of the packet sent to the RADIUS server. Code: RADIUS packet type 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response 43: COA request 44: COA ACK 45: COA NAK User-Name: user name NAS-IP-Address: IP address of the access device
11	Receiving an Access-Reject packet from the server	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Received a authentication reject packet from radius server(server ip = 172.168.10.6).	An Access-Reject packet is received from the RADIUS server, and MAC address authentication fails. In the MAC address-prioritized Portal authentication scenario, the RADIUS server does not have user records. Therefore, the first MAC address authentication fails. After Portal authentication succeeds, the RADIUS server adds user information so that the next MAC address authentication can succeed.
12	Information about authentication reject packets	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Server Port : 1812 Protocol: Standard Code : 3 Len : 82 ID : 12 [Reply-Message ] [62] [ErrorReason is No authorization rule is matched.ErrCode:4153]	The RADIUS server at 172.168.10.6 sends a response packet. The source UDP port number is 1812 and the packet ID is 12. Code description: 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response 43: COA request 44: COA ACK 45: COA NAK
13	Authentication response packet information	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]: DestIndex:80 SrcIndex:80 Slot:4294967295 Result:1 DomainIndex:2 ServiceScheme:65535 AuthedPalace:3 VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0 IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0 SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295 EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295 RTAcctInterval:4294967295 Priority:[255,255] AdminLevel:255 NextHop:4294967295 Role:0 LiAdmin:0 EapSize:0 ReplyMessage:ErrorReason is No authorization rule is matched.ErrCode:4153 TunnelType:0 MediumType:0 PrivateGroupID: SerialNo:4294967295 WlanReasonCode:0	The AAA module prints the content of the authentication response packet. Result: 0: successful authentication 1: authentication failure 2: authentication challenge 3: CUT (offline) DomainIndex: Run the display domain command to query the index of the authentication domain. AuthedPalace: 1: non-authentication 2: local authentication 3: RADIUS authentication 4: TACACS authentication 5: LDAP authentication 6: AD authentication 7: HACA authentication
14	MAC address authentication failure	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:User authentication fail (CID:80).	The UCM module receives an authentication failure packet.
15	The UCM module controls the switching of the hybrid authentication type.	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM NAC State Auth Entity, CurrAccessType:23, DownReason:130, WlanReasonCode:4294967295	The UCM module controls the switching of the hybrid authentication type. The current authentication type is MAC address authentication. CurrAccessType: authentication type. 1: Telnet 2: Console port 3: SSH 13: 802.1X 23: MAC 24: Portal 27 WLAN 30: Pre-connection DownReason:130 indicates that the RADIUS server rejects the request.
16	Obtaining authorization content ends. The authorization type is pre-connection.	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Get local authorization over, NewAuthorizeType = 1.	Obtaining authorization content ends. Authorization type: 1: The user is in pre-connection state. 2: The 802.1X client does not respond. 3: The authentication fails. 4: The Portal server is Down. 5: The RADIUS server is Down.
17	Authorization VLAN information	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM NAC Proc Port Vlan]Vlan change.(IfIndex=2466349056, IsPortBased=0, newVlan=0, VlanType=3, IsPortbasedGuestAuthened=0)	The UCM module processes authorization VLAN information. newVlan=0 indicates that no authorization VLAN exists. VlanType: authorization VLAN type 1: dynamic authorization VLAN0 1: guest VLAN 2: voice VLAN 3: unauthorized VLAN
18	Authorization ACL information	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535]	The UCM module prints authorization information. UserGroupID: indicates the authorized user group. 65535 is an invalid value. UclGroupID: indicates the authorized UCL group. 65535 is an invalid value. usAclID: indicates the authorization ACL. 65535 is an invalid value. v6AclID: indicates the authorization IPv6 ACL. 65535 is an invalid value.
19	Whether pre-connection authorization is enabled	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 1, OldPreAuthFlag = 0,Cib AccessType = 0.	Authorization information about the UCM module is displayed. PreAuthFlag = 1 indicates that the current authorization mode is pre-connection authorization.
20	Authorization information	[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]SrcNode = 7168, DstNode = 7168. [TM DBG] Rev CM_SET(MsgCode=197) from UCM. Slot:7168 SourceIndex:80 Command:ADD_CIB Slot:0 . [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.Index:162 [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.(OpType=0) (mac=84c9-b272-47e0, IPV6=00000000:00000000:00000000:00000000, IPV4=0xffffffff, Slot=0, ISPVlan=0) (AuthVlan=0, AuthVlanType=3, PvcVlan=200, PvcVlanType=3, UsrGroup=65535, UclGroup=65535, IsPortBased=0, IfIndex=2466349056) (PreAuthFlag=1,OldPreAuthFlag=0, AuthModifyBmp=0x4, ArpDeny=0,ucHttpFwdFlg=0) (UserGroupPriority=255) [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG] (WlanFlag=1, RemoteUser=0, UCRemoteUser=0) [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.(ForwardInterface=0,ForwardPdtIndex=0, ISPVlan=0)	The TM module processes the authorization packet sent by the UCM module.
21	Sending authorization information to the AP	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WADP] Send User Authorization Info to Ap. (ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:0,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295 UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:1,BeforeAuth_En:1,DenyAll:1,ServiceVlan:200 AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)	The WLAN module forwards AP authorization information to the AP.
22	Authorization response information	[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0) [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:0, Code:0, Id:162. [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)	The WLAN module sends the AP authorization result to the TM module.
23	Switching MAC address authentication to Portal authentication	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](AAASuccFlag=0, AuthSeqIndex=1) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](currentAccessType=23, AuthSeqIndex=1, MaxFailTimes=1, FailTimes=1, AuthorizeType=1) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](NewAccessType=24) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=0, NacCib ReauthTimeLen=0). [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer]set ReauthTimeLen 0.	After the user table status of the UCM module goes Up, the authentication mode is switched from MAC address authentication to Portal authentication. AccessType: 1: Telnet 2: Console port 3: SSH 13: 802.1X 23: MAC 24: Portal 27: WLAN 30: Pre-connection DownReason:130 indicates that the RADIUS server rejects the request.
24	IP address change event received	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::.	When the UCM module receives an IP address change event from the WLAN module, it prints the event twice. The second printing is redundant. OpeType: change type. 0: add 1: delete IpVersion indicates the IP version. 0: IPv4 1: IPv6
25	New IP address information	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM NAC Update Ip Process (mac:84c9-b272-47e0 ip:200.1.1.231 ipv6::: vrf:0) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM SetCibUserIP: ucIsUpdateV6 = 0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM SetCibUserIP: Update ipv4 = 0xc80101e7 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM SetCibUserIP:add hash ip, ulNewIpv4Addr = 0xc80101e7 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM NAC Update Ip Process]: pstCib->ucUserType = 1 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Update Ip], new IP=0xc80101e7 new IPV6=:: vrf = 0	The UCM module updates IP information in the user table. pstCib->ucUserType = 1 is described as follows: 1 - IPv4 address; 2 - IPv6 address. Check the IP address in the user table. [AC] display access-user ------------------------------------------------------------------------------------------------------ UserID Username IP address MAC Status ------------------------------------------------------------------------------------------------------ 16464 84c9b27247e0 200.1.1.231 84c9-b272-47e0 Pre-authen ------------------------------------------------------------------------------------------------------
26	The WEB_FC module receives an authentication request packet from the Portal server.	[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0): Version : 2 Type : authentication request Method : pap SerialNo : 58879 RequestID : 0 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 2 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully. 02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02 bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f 01 07 74 65 73 74 31 02 07 74 65 73 74 31 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive authentication request packet from portal srever.	The WEB_FC module receives an authentication request packet from the Portal server. NOTE: To display information exchanged between the device and Portal server, run the trace object ip-address x.x.x.x command.
27	Sending a Portal server authentication request packet to the WEB module	[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Send packet to NodeID(7168).(UserIP=3355509223)	The WEB_FC module forwards the authentication request packet to the WEB module.
28	The WEB module receives an authentication request packet.	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0): Version : 2 Type : authentication request Method : pap SerialNo : 58879 RequestID : 0 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 2 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB receive packet from portal server successfully. 02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02 bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f 01 07 74 65 73 74 31 02 07 74 65 73 74 31 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:[WEB Proc PS Msg] Server IP = 172.168.10.6, Server Vrf = 0	The WEB module receives an authentication request packet from the Portal server forwarded by the WEB_FC module. The authentication mode is PAP, and the IP address of the Portal server is 172.168.10.6.
29	Authentication request content	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal srever. [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal server.(ReqID=15) [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Start a new authentication. [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send auth-req msg: [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:CID : 80 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ReqID : 15 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:AuthType : 0 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:UserName : test1 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ChapId : 0 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEBIP : 202116102 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Version : 2 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send authentication request message to cm successfully(userid=80,requestid=15)	The WEB module processes the Portal authentication request packet and sends the authentication request packet to the UCM module.
30	The CM module receives an authentication request packet from the WEB module.	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC State Up Entity]Received auth request.(cid=80, AccessType=24, Reason=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Check ReAuth Req]NEW ACCESS TYPE IS 24,OLD ACCESS TYPE IS 0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [CM NAC_CheckReAuthReq] User has V4 address 3355509223.	The UCM module receives a Portal authentication request packet from the WEB module, switching the authentication mode to Portal authentication. AccessType: 1: Telnet 2: Console port 3: SSH 13: 802.1X 23: MAC 24: Portal 27: WLAN 30: Pre-connection
31	Authentication request content	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: DestIndex:80 SrcIndex:80 Slot:7168 User:test1 Password:* MAC:84c9-b272-47e0 Slot:0 SubSlot:0 Port:0 VLAN:200 IP:200.1.1.231 AccessType:web AuthenType:PAP** AdminLevel:0 EapSize:0 AuthenCode:WEB ulInterface:2466349056 ChallengeLen:16 ChapID:0 LineType:0 LineIndex:0 PortType:19 AcctSessionId:AC6605_000000000002002cad1b0100050	Content of the authentication request packet received by the AAA module is described as follows: User:test1 indicates that the user name is test1. AccessType:web indicates that the authentication mode is Portal authentication.
32	User authentication domain	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest	The AAA module records the authentication domain sent by the UCM module.
33	Authentication mode: RADIUS	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.	The AAA module records the current authentication mode.
34	Content of the packet sent by the AAA module to the RADIUS module	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235). [BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: CID:102 TemplateNo:4 SerialNo:4294967295 PriyServer::: Vrf:0 SendServer::: Vrf:0 AccessType:web AuthenMethod:PAP UserName:test1 Password:*** Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056 CID:16464 AcctSessionId:AC6605_000000000002002cad1b0100050 PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:200.1.1.231 EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255 IPHostAddr:200.1.1.231 84:c9:b2:72:47:e0 ProductID:AC szVersion:Huawei AC6605-26-PWR SecurityStr:	Content of the packet sent by the AAA module to the RADIUS module is displayed.
35	Sending an authentication request to the RADIUS server	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Send a authentication request packet to radius server( server ip = 172.168.10.6).	The RADIUS module sends an authentication request packet to the RADIUS server.
36	RADIUS authentication request packet content	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Protocol: Standard Code : 1 Len : 710 ID : 13 [User-Name ] [7 ] [test1] [User-Password ] [18] [57 4d 2a 93 10 d9 b5 fb c4 5a 3d d1 92 a2 5a 53 ] [NAS-Port ] [6 ] [200] [Service-Type ] [6 ] [2] [Framed-Protocol ] [6 ] [1] [Framed-IP-Address ] [6 ] [200.1.1.231] [Calling-Station-Id ] [16] [84c9-b272-47e0] [NAS-Identifier ] [13] [AC] [NAS-Port-Type ] [6 ] [19] [NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200] [Called-Station-Id ] [29] [18-DE-D7-77-C1-20:portal_76] [NAS-IP-Address ] [6 ] [172.168.10.76] [Acct-Session-Id ] [36] [AC6605_000000000002002cad1b0100050] [BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: [HW-HTTP-UA ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)] [HW-Access-Type ] [6 ] [3] [HW-User-Extend-Info ] [38] [AP-Device-Code=19220382118ded777c120] [HW-User-Extend-Info ] [18] [TERMINAL-POS-X=0] [HW-User-Extend-Info ] [18] [TERMINAL-POS-Y=0] [HW-User-Extend-Info ] [18] [Wifi-Density=-53] [HW-User-Extend-Info ] [27] [HW-Access-Time=1605337122] [HW-Domain-Name ] [12] [domaintest]	Content of the authentication request packet sent by the RADIUS module.
37	Authentication success packet received	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Received a authentication accept packet from radius server(server ip = 172.168.10.6).	The RADIUS module receives an authentication success response packet from the RADIUS server.
38	Authentication success packet content	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Server Port : 1812 Protocol: Standard Code : 2 Len : 20 ID : 13	The content of the authentication response packet from the RADIUS server (the IDs of the request packet and response packet are the same) is displayed.
39	Successful authentication on the CM module	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:User authentication success (CID:80).	The UCM module authentication is successful.
40	The TM module sends an authorization packet to the WLAN module.	[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]: TM send authorization para info to Ap: AclID = 65535,65535 UpRateLimitValue = -1 DownRateLimitValue = -1 Mac = 84c9-b272-47e0 Isolated = 0 InterIsolated = 0 VLAN = 200 UserGroup = 65535 UclGroup = 65535 Optype = 2 UserUpFlag = 1 PushFlag = 0 AccessType = 24 IsPortBased = 0 UserVlanType = 3 AuthenUserAddCIB = 1 IfIndex = -1828618240 IpAddr = 200.1.1.231 VrfIndex = 0 Cid = -1 PortalLayer3Flag = 0 AckIndex = 163 preauthfalg = 0 httpflag = 0 denyallflag = 0 UpFlowstatistics = 0 DownFlowstatistics = 0 Redirect AclId = 65535, RedirectURL = , IPSecFlag = 2, ArpDeny = 0,fwdflg=0	The TM module sends an authorization request packet to the WLAN module, carrying authorization information such as ACL and UserGroup. AclID = 65535 indicates no authorization ACL information. UserVlanType = 3: 0: dynamic authorization VLAN 1: guest VLAN 2: voice VLAN 3: unauthorized VLAN UsrGroup=65535 indicates no UsrGroup information. UclGroup=65535 indicates no UclGroup information.
41	The WLAN module forwards an authorization request packet to the AP.	[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WADP] Send User Authorization Info to Ap. (ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:1,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295 UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:0,BeforeAuth_En:0,DenyAll:0,ServiceVlan:200 AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)	The WLAN module forwards an authorization request packet to the AP.
42	The WLAN module forwards the AP authorization result to the TM module.	[BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0) [BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:2, Code:0, Id:163. [BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)	The WLAN module forwards the AP authorization result to the TM module. RetCode:0 indicates successful authorization.
43	The TM module sends an authorization success packet to the CM module.	[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:TM send ack message to CM module, result: Modify CIB OK	The TM module sends an authorization response packet to the UCM module, indicating that the authorization is successful.
44	The CM module sends an authentication success packet to the WEB module.	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: In ADD USER recevie CM_EVENT_MODIFY_SUCCESS clear modify trigger bitmap. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Send Auth Ack](DownModule=0, NewAuthorizeType=6, AckModuleId=72, ExpResult=8, CMAAAAuth=0x20547cf4).	NewAuthorizeType: authorization type. 0: no authorization 1: Pre-connection 2: The 802.1X client does not respond. 3: The authentication fails. 4: The Portal server is Down. 5: The RADIUS server is Down. 6: Authentication succeeds. 7: Open 8: The RADIUS server does not respond.
45	The CM module sends an Accounting-Start packet.	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[AfterUp]CM login request, make start accounting request.(CID=80) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 18DE-D777-C120. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM fill data flow info.(TariffLevel=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[0] UpLBytes 0 UpLPackets 0 DownLBytes 0 DownLPackets 0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM send accounting request message to AAA module (CID:80). [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM make accounting request.(acctType = 1, CID=80) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Come in CMSetAcctWaitFlag.	The UCM sends an accounting request packet to the AAA module.
46	The WEB module receives the CM authentication result.	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authen ack message from authentication server(result:AUTH_PASS).	The Portal module receives an authentication response packet from the UCM module, indicating that the authentication is successful.
47	The WEB server module the authentication result to the Portal server.	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send packet to socket (length = 40 Vrf = 0): Version : 2 Type : authentication ack Method : pap SerialNo : 58879 RequestID : 2063 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 1 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB send packet to portal server successfully. 02 04 01 00 e5 ff 08 0f c8 01 01 e7 00 00 00 01 86 74 29 a9 60 ab 5e d1 e2 ba 83 37 09 06 f8 74 0b 08 84 c9 b2 72 47 e0	The Portal module sends the authentication result to the Portal server.
48	The AAA module receives an accounting request packet from the CM module.	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA receive AAA_SRV_MSG_ACCT_REQ message(32) from UCM module(232).	The AAA module receives an accounting request packet from the UCM module.
49	Content of an accounting request packet	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: DestIndex:80 SrcIndex:80 Slot:7168 AcctType:Start AcctMethod:RADIUS AcctSessionID:AC6605_000000000002002cad1b0100050 ucIfTwoLevelAcct:255 RTAcctInterval:65535 AuthedPlace:3 RdsGroup:4 TacTempletID:128 CopyRdsGroup:65535 UpBytes:[0,0] DnBytes:[0,0] UpPkts:[0,0] DnPkts:[0,0] AcctStartTime:1605337122 UTCAcctStartTime:4294967295 UTCAcctStopTime:4294967295 AcctStartSeconds:4294967295 AcctStopSeconds:4294967295 SessionLength:0 UserName:test1 MAC:84c9-b272-47e0 Domain:2 AccessType:web AuthenCode:WEB IP:200.1.1.231 Priority:[0,0] Slot:0 SubSlot:0 Port:0 Interface:2466349056	The AAA module receives an accounting request packet from the UCM module.
50	Sending an accounting request packet to the server.	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Send a accounting request packet to radius server( server ip = 172.168.10.6).	The RADIUS module sends an accounting request packet to the RADIUS server.
51	Content of an accounting request packet	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Protocol: Standard Code : 4 Len : 660 ID : 14 [User-Name ] [7 ] [test1] [NAS-IP-Address ] [6 ] [172.168.10.76] [NAS-Port ] [6 ] [200] [Framed-IP-Address ] [6 ] [200.1.1.231] [NAS-Identifier ] [13] [AC] [Acct-Status-Type ] [6 ] [1] [Acct-Delay-Time ] [6 ] [0] [Acct-Session-Id ] [36] [AC6605_000000000002002cad1b0100050] [Acct-Authentic ] [6 ] [1] [Event-Timestamp ] [6 ] [1605337122] [NAS-Port-Type ] [6 ] [19] [Calling-Station-Id ] [16] [84c9-b272-47e0] [NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200] [Called-Station-Id ] [29] [18-DE-D7-77-C1-20:portal_76] [BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: [Framed-Protocol ] [6 ] [1] [Service-Type ] [6 ] [2] [HW-IP-Host-Address ] [31] [200.1.1.231 84:c9:b2:72:47:e0] [HW-Connect-ID ] [6 ] [16464] [HW-AP-Information ] [16] [18DE-D777-C120] [HW-Terminal-Type ] [12] [windows-pc] [HW-DHCP-Option ] [13] [00 0c 08 4c 4d 54 2d 50 43 2d 38 ] [HW-DHCP-Option ] [17] [00 37 0c 01 0f 03 06 2c 2e 2f 1f 21 79 f9 2b ] [HW-DHCP-Option ] [13] [00 3c 08 4d 53 46 54 20 35 2e 30 ] [HW-HTTP-UA ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)] [HW-Access-Type ] [6 ] [3] [HW-User-Extend-Info ] [38] [AP-Device-Code=19220382118ded777c120] [BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: [HW-User-Extend-Info ] [18] [TERMINAL-POS-X=0] [HW-User-Extend-Info ] [18] [TERMINAL-POS-Y=0] [HW-User-Extend-Info ] [18] [Wifi-Density=-53] [HW-User-Extend-Info ] [27] [HW-Access-Time=1605337122] [HW-Domain-Name ] [12] [domaintest]	Content of the packet sent by the RADIUS module is described as follows: Code: Packet type. 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response ID:14 indicates the packet session ID, which is the same for the request and response packets. [Framed-IP-Address] [6 ] [200.1.1.231]: IP address of the STA. [Acct-Status-Type] [6] [1]: accounting type. 1: Accounting start 2: accounting stop 3: real-time accounting
52	Accounting response packet received	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Received a accounting response packet from radius server(server ip = 172.168.10.6).	The RADIUS module receives an accounting response packet from the RADIUS server.
53	Content of an accounting response packet	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Server Port : 1813 Protocol: Standard Code : 5 Len : 20 ID : 14	Content of the accounting response packet sent by the RADIUS server is displayed. The packet ID is the same as that of the request packet.
54	The WEB_FC module receives a respone packet from the Portal server.	[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 32 Vrf = 0): Version : 2 Type : ack of authentication ack Method : chap SerialNo : 58879 RequestID : 2063 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 0 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully. 02 07 00 00 e5 ff 08 0f c8 01 01 e7 00 00 00 00 5a 89 66 95 4d a0 3e 60 8f 7f d6 d4 1d 29 13 72 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive ack of authentication ack packet from portal server.	The Portal module receives a response from the Portal server.

If the STA associates with an SSID not for the first time, MAC address authentication succeeds. The entry information is as follows:

[AC] display access-user user-id 16465

Basic:
  User ID                         : 16465
  User name                       : 84c9b27247e0 //The user name is the MAC address.
  Domain-name                     : domaintest                      
  User MAC                        : 84c9-b272-47e0
  User IP address                 : 200.1.1.231
  User vpn-instance               : -
  User IPv6 address               : -
  User access Interface           : Wlan-Dbss17500
  User vlan event                 : Success        
  QinQVlan/UserVlan               : 0/200
  User vlan source                : user request                  
  User access time                : 2020/11/14 14:59:20
  User accounting session ID      : AC6605_0000000000020056****0100051
  User accounting mult session ID : 18DED777C12084C9B27247E05FAF8****E983654
  User access type                : MAC
  AP name                         : AP-10
  Radio ID                        : 0
  AP MAC                          : 18de-d777-c120
  SSID                            : portal_76
  Online time                     : 13(s)
  Device type                     : windows-pc
  DHCP option ID                  : 12
  DHCP option content             : LMT-PC-8
  DHCP option ID                  : 55
  DHCP option content             : \001\017\003\006,./\037!y\371+
  DHCP option ID                  : 60
  DHCP option content             : MSFT 5.0
  User Group Priority             : 0

AAA:
  User authentication type        : MAC authentication  // The authentication mode is MAC address authentication.
  Current authentication method   : RADIUS
  Current authorization method    : -
  Current accounting method       : RADIUS

The following table describes key information upon successful MAC address authentication.


[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WSTA] Receive STA (Re)associate request message.
Assoc local:1,  AP ID:0, Radio ID:0, Wlan ID:3, Type(1:assoc, 2:reassoc):1, Pmk:0, Wapi IE:0, Bk ID Num:0, SFN Flag:0, Ability:40, 2.4G CHs:0, 5G CHs:0. FT Roam:0, FT Access:0, Rssi:-51,  Old Ap Mac:0000-0000-0000, Auth Type:8 UniCipher:6 MultiCipher:6. Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000, ProcessId:2048. Message len:112, Element len:100, Total len:109, Fix len:88, Ext num:0, Ext Len:0, AGV:0, Assoc duration time:5342
[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process STA associate request message:(ApId:0 RadioId:0 WlanId:3 EssId:4 Assoc Type(1:Assoc,2:Reassoc):1 Vlan:200, Type:3093, Seq Num:241, Max num:64).
[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]
[WADP] Send authentication request message to UCM.
srcChannelId = 187, dstChannelId = 232, WmiForkId = 7168, EsapForkId = 7168
Interface: 93018000, Vlan:200, AuthMethod:32, User DownReason:0, Roam Flag:0, FwdDirect:0, UserAclNum:4294967295.
AP ID:0, Fwd Mode:0, Service Vlan:200, Access Type:32, Radio ID:0, AP State:9, Phy IfIndex:0, Roam flag:0.     Ap Mac:18de-d777-c120, Ap Name:AP-10, SSID:portal_76, AP IP:100.1.1.114, AC IP:100.1.1.1, Ret code:0.     Rssi[44], TerminalPosX[0], TerminalPosY[0], OpenFlag[0], UsrGrp[0], serVlan[200], UsrVlan[0], UserName[], Sn[370]
[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WLAN_STA_INFO_AP_ASSOCIATE]ACMAC:84-5b-12-69-22-e8;ACNAME:AC;APMAC:18-de-d7-77-c1-20;APNAME:AP-10;APIP:100.1.1.114;RADIO:0;BAND:2.4G;SSID:portal_76;ACCESS TYPE:Open+Portal/MAC;USER:84c9b27247e0;MAC:84-c9-b2-72-47-e0;ASSOCDURATION:5342us;TIME:1605337160;ZONE:UTC+0800;DAYLIGHT:false;ERRCODE:0;RESULT:Success;
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:
CID:101  TemplateNo:4  SerialNo:4294967295
PriyServer::: Vrf:0
SendServer::: Vrf:0
AccessType:mac AuthenMethod:PAP
UserName:84c9b27247e0 Password:***
Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056
CID:16464 AcctSessionId:AC6605_00000000000200580fd60100050        PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255
EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255
IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0
ProductID:AC szVersion:Huawei AC6605-26-PWR
SecurityStr:
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
Send a authentication request packet to radius server( server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Protocol: Standard
Code    : 1
Len     : 468
ID      : 14
[User-Name                          ] [14] [84c9b27247e0]
[User-Password                      ] [18] [05 14 41 9a 38 bf 97 c7 dc ca 61 76 e4 7a b9 e8 ]
[NAS-Port                           ] [6 ] [200]
[Service-Type                       ] [6 ] [2]
[Framed-Protocol                    ] [6 ] [1]
[Calling-Station-Id                 ] [16] [84c9-b272-47e0]
[NAS-Identifier                     ] [13] [AC6605_8_76]
[NAS-Port-Type                      ] [6 ] [19]
[NAS-Port-Id                        ] [36] [slot=0;subslot=0;port=0;vlanid=200]
[Called-Station-Id                  ] [29] [18-DE-D7-77-C1-20:portal_76]      [NAS-IP-Address                     ] [6 ] [172.168.10.76]
[Acct-Session-Id                    ] [36] [AC6605_0000000000020056b8840100051]
[WLAN-Pairwise-Cipher               ] [6 ] [0]
[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]:      
[WLAN-Group-Cipher                  ] [6 ] [0]
[WLAN-AKM-Suite                     ] [6 ] [0]      
[WLAN-Group-Mgmt-Cipher             ] [6 ] [0]
[HW-NAS-Startup-Time-Stamp          ] [6 ] [1604918038]      
[HW-IP-Host-Address                 ] [35] [255.255.255.255 84:c9:b2:72:47:e0]      [HW-Connect-ID                      ] [6 ] [16465]
[HW-Version                         ] [22] 
[Huawei AC6605-26-PWR]      
[HW-Product-ID                      ] [4 ] [AC]      
[HW-AP-Information                  ] [16] [18DE-D777-C120]      
[HW-Access-Type                     ] [6 ] [2]      
[HW-User-Extend-Info                ] [38] [AP-Device-Code=19220382118ded777c120]      
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-X=0]      
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-Y=0]      
[HW-User-Extend-Info                ] [18] [Wifi-Density=-51]      
[HW-User-Extend-Info                ] [27] [HW-Access-Time=1605337160]      [HW-Domain-Name                     ] [12] [domaintest]
[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]:
Received a authentication accept packet from radius server(server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Server Port : 1812
Protocol: Standard
Code    : 2      Len     : 20      ID      : 14

No.	Item	Trace Information	Description
1	STA association with an SSID	[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WSTA] Receive STA (Re)associate request message. Assoc local:1, AP ID:0, Radio ID:0, Wlan ID:3, Type(1:assoc, 2:reassoc):1, Pmk:0, Wapi IE:0, Bk ID Num:0, SFN Flag:0, Ability:40, 2.4G CHs:0, 5G CHs:0. FT Roam:0, FT Access:0, Rssi:-51, Old Ap Mac:0000-0000-0000, Auth Type:8 UniCipher:6 MultiCipher:6. Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000, ProcessId:2048. Message len:112, Element len:100, Total len:109, Fix len:88, Ext num:0, Ext Len:0, AGV:0, Assoc duration time:5342	The WLAN module receives an association request from the STA. Old Ap Mac:0000-0000-0000 indicates that the STA is not roaming.
2	VAP information	[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process STA associate request message:(ApId:0 RadioId:0 WlanId:3 EssId:4 Assoc Type(1:Assoc,2:Reassoc):1 Vlan:200, Type:3093, Seq Num:241, Max num:64).	The WLAN module processes the association request packet of the STA, searches for the AP group bound to the AP ID, and searches for the VAP bound to the AP group. RadioId:0 indicates 2.4 GHz and RadioId:1 indicates 5 GHz.
3	The WLAN module sends an authentication request packet to the UCM module.	[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WADP] Send authentication request message to UCM. srcChannelId = 187, dstChannelId = 232, WmiForkId = 7168, EsapForkId = 7168 Interface: 93018000, Vlan:200, AuthMethod:32, User DownReason:0, Roam Flag:0, FwdDirect:0, UserAclNum:4294967295. AP ID:0, Fwd Mode:0, Service Vlan:200, Access Type:32, Radio ID:0, AP State:9, Phy IfIndex:0, Roam flag:0. Ap Mac:18de-d777-c120, Ap Name:AP-10, SSID:portal_76, AP IP:100.1.1.114, AC IP:100.1.1.1, Ret code:0. Rssi[44], TerminalPosX[0], TerminalPosY[0], OpenFlag[0], UsrGrp[0], serVlan[200], UsrVlan[0], UserName[], Sn[370]	The WLAN module sends an authentication request packet to the UCM module. Service Vlan:200 indicates service VLAN 200. Access Type:32 indicates the encryption type in a security profile. 26: WAPI-PSK 27: WPA1-802.1X 28: WPA1-PSK 29: WPA2-802.1X 30: WPA2-PSK 32: Open
4	Successful STA association with the SSID, with the SSID and authentication mode displayed	[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WLAN_STA_INFO_AP_ASSOCIATE]ACMAC:84-5b-12-69-22-e8;ACNAME:AC;APMAC:18-de-d7-77-c1-20;APNAME:AP-10;APIP:100.1.1.114;RADIO:0;BAND:2.4G;SSID:portal_76;ACCESS TYPE:Open+Portal/MAC;USER:84c9b27247e0;MAC:84-c9-b2-72-47-e0;ASSOCDURATION:5342us;TIME:1605337160;ZONE:UTC+0800;DAYLIGHT:false;ERRCODE:0;RESULT:Success;	The STA is successfully associated with the SSID, and the SSID and authentication mode are displayed.
5	Authentication domain	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest	The authentication domain domaintest carried in the authentication request is obtained. NOTE: If no authentication domain is bound to the authentication profile but an authentication policy and server template are bound to the authentication profile, the domain name is not displayed.
6	Authentication mode: RADIUS	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.	The authentication policy is obtained based on the authentication profile (priority: authentication policy bound to the authentication profile > authentication policy bound to the authentication domain), and then the authentication mode (RADIUS) is obtained based on the authentication policy.
7	Authentication request packet	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]: CID:101 TemplateNo:4 SerialNo:4294967295 PriyServer::: Vrf:0 SendServer::: Vrf:0 AccessType:mac AuthenMethod:PAP UserName:84c9b27247e0 Password:* Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056 CID:16464** AcctSessionId:AC6605_00000000000200580fd60100050 PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255 EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255 IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0 ProductID:AC szVersion:Huawei AC6605-26-PWR SecurityStr:	Content of the packet sent by the AAA module to the RADIUS module is displayed.
8	Sending an authentication request packet to the server	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Send a authentication request packet to radius server( server ip = 172.168.10.6).	The RADIUS module sends an authentication request packet to the RADIUS server.
9	Content of an authentication request packet	[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Protocol: Standard Code : 1 Len : 468 ID : 14 [User-Name ] [14] [84c9b27247e0] [User-Password ] [18] [05 14 41 9a 38 bf 97 c7 dc ca 61 76 e4 7a b9 e8 ] [NAS-Port ] [6 ] [200] [Service-Type ] [6 ] [2] [Framed-Protocol ] [6 ] [1] [Calling-Station-Id ] [16] [84c9-b272-47e0] [NAS-Identifier ] [13] [AC6605_8_76] [NAS-Port-Type ] [6 ] [19] [NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200] [Called-Station-Id ] [29] [18-DE-D7-77-C1-20:portal_76] [NAS-IP-Address ] [6 ] [172.168.10.76] [Acct-Session-Id ] [36] [AC6605_0000000000020056b8840100051] [WLAN-Pairwise-Cipher ] [6 ] [0] [BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]: [WLAN-Group-Cipher ] [6 ] [0] [WLAN-AKM-Suite ] [6 ] [0] [WLAN-Group-Mgmt-Cipher ] [6 ] [0] [HW-NAS-Startup-Time-Stamp ] [6 ] [1604918038] [HW-IP-Host-Address ] [35] [255.255.255.255 84:c9:b2:72:47:e0] [HW-Connect-ID ] [6 ] [16465] [HW-Version ] [22] [Huawei AC6605-26-PWR] [HW-Product-ID ] [4 ] [AC] [HW-AP-Information ] [16] [18DE-D777-C120] [HW-Access-Type ] [6 ] [2] [HW-User-Extend-Info ] [38] [AP-Device-Code=19220382118ded777c120] [HW-User-Extend-Info ] [18] [TERMINAL-POS-X=0] [HW-User-Extend-Info ] [18] [TERMINAL-POS-Y=0] [HW-User-Extend-Info ] [18] [Wifi-Density=-51] [HW-User-Extend-Info ] [27] [HW-Access-Time=1605337160] [HW-Domain-Name ] [12] [domaintest]	Content of the packet sent to the RADIUS server is described as follows: Code description: 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response 43: COA request 44: COA ACK 45: COA NAK User-Name: 84c9b27247e0 indicates the user name. NAS-IP-Address: 172.168.10.76 indicates the IP address of the access device.
10	Authentication result returned by the server (accept; reject)	[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]: Received a authentication accept packet from radius server(server ip = 172.168.10.6).	A RADIUS accept packet is received from the RADIUS server, and MAC address authentication succeeds. In the MAC address-prioritized Portal authentication scenario, the RADIUS server does not have user records. Therefore, the first MAC address authentication fails. After Portal authentication succeeds, the RADIUS server adds user information so that the next MAC address authentication can succeed.
11	Response packet content	[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Server Port : 1812 Protocol: Standard Code : 2 Len : 20 ID : 14	Response packet sent by the RADIUS server at 172.168.10.6. The source UDP port number is 1812 and the packet ID is 12. Code description: 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response 43: COA request 44: COA ACK 45: COA NAK

Description of Common Trace Information When Portal Authentication Fails

No.	Trace Information	Definition	Possible Causes
1	[BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0): Version : 2 Type : challenge request Method : chap SerialNo : 245 RequestID : 0 UserIP : 200.1.1.64 ErrorCode : 0 AttributeNumber : 0 [BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully. 02 01 00 00 00 f5 00 00 c8 01 01 40 00 00 00 00 77 95 11 3a d4 82 10 86 51 ba 11 4e bb 30 a9 c6 [BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0 [BTRACE][2020/11/26 10:03:22][7168][WEB][200.1.1.64]:The shared-key configured on the device must be the same as the one configured on the portal server.	The shared key in the web-auth-server template is different from that on the Portal server.	The shared key in the web-auth-server template is different from that on the Portal server. The web-auth-server version v2 [ v1 ] command configured in the system view does not contain the version of the Portal server.
2	[BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0): Version : 2 Type : challenge request Method : chap SerialNo : 313 RequestID : 0 UserIP : 200.1.1.64 ErrorCode : 0 AttributeNumber : 0 [BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully. 02 01 00 00 01 39 00 00 c8 01 01 40 00 00 00 00 3a 00 8f c3 a3 db 1c 26 7c 29 4a f3 aa 59 27 1a [BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0 [BTRACE][2020/11/26 15:18:20][7168][WEB][200.1.1.64]:Failed to process packet for portal server,because server IP does not config.(serverIP=12.12.12.1)	The server IP address configured in the Portal server template is different from the source IP address of Portal packets received by the device.	Check whether the actual IP address of the Portal server is the same as the source IP address of the received packets. If they are the same, the server IP address configured on the device is incorrect. In this case, modify the server IP address configured in the Portal server template on the device. If the actual IP address of the Portal server is different from the source IP address of the received packet, the NAT configuration may exist between the Portal server and the device, thereby changing the source IP address of Portal packets. It is recommended that the NAT configuration between the device and Portal server be deleted. If the NAT configuration cannot be deleted, modify the server IP address in the Portal server template on the device.
3	[BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0): Version : 2 Type : challenge request Method : chap SerialNo : 330 RequestID : 0 UserIP : 200.1.1.64 ErrorCode : 0 AttributeNumber : 0 [BTRACE][2020/11/26 15:23:19][9216][WEB_FC][200.1.1.64]:Receive challenge request packet from portal server. [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully. 02 01 00 00 01 4a 00 00 c8 01 01 40 00 00 00 00 db 7c c2 38 22 83 63 21 5e 7a b5 24 dd ea 9f e1 [BTRACE][2020/11/26 15:23:19][9216][WEB_FC][200.1.1.64]:Send packet to NodeID(7168).(UserIP=3355509056) [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0 [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server. [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server successfully. [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server.[ReqID=31] [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Send packet to socket (length = 50 Vrf = 0): Version : 2 Type : challenge ack Method : chap SerialNo : 330 RequestID : 2079 UserIP : 200.1.1.64 ErrorCode : 0 AttributeNumber : 1 [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:WEB send packet to portal server successfully. 02 02 00 00 01 4a 08 1f c8 01 01 40 00 00 00 01 73 80 d8 6b 16 f3 21 f3 1a 6c 5c 12 6c b1 60 1b 03 12 17 ec f7 d2 f9 03 01 a9 bb b3 4f 74 b3 9c 36 00 [BTRACE][2020/11/26 15:23:19][7168][WEB][200.1.1.64]:Send challenge ack packet to portal server.(Result:WEB_CHALLENGEACK_SUCCESS) [BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0): Version : 2 Type : challenge request Method : chap SerialNo : 330 RequestID : 0 UserIP : 200.1.1.64 ErrorCode : 0 AttributeNumber : 0 [BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:WEB_FC receive packet from portal server successfully. 02 01 00 00 01 4a 00 00 c8 01 01 40 00 00 00 00 db 7c c2 38 22 83 63 21 5e 7a b5 24 dd ea 9f e1 [BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:Receive challenge request packet from portal server. [BTRACE][2020/11/26 15:23:24][9216][WEB_FC][200.1.1.64]:Send packet to NodeID(7168).(UserIP=3355509056) [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Received packet from socket (length = 32 Vrf = 0): Version : 2 Type : challenge request Method : chap SerialNo : 330 RequestID : 0 UserIP : 200.1.1.64 ErrorCode : 0 AttributeNumber : 0 [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:WEB receive packet from portal server successfully. 02 01 00 00 01 4a 00 00 c8 01 01 40 00 00 00 00 db 7c c2 38 22 83 63 21 5e 7a b5 24 dd ea 9f e1 [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:[WEB Proc PS Msg] Server IP = 12.12.12.1, Server Vrf = 0 [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server. [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Receive challenge request packet from portal server successfully. [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:User is in process. [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Send challenge ack packet to portal server successfully. [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:Send packet to socket (length = 32 Vrf = 0): Version : 2 Type : challenge ack Method : chap SerialNo : 330 RequestID : 0 UserIP : 200.1.1.64 ErrorCode : 3 AttributeNumber : 0 [BTRACE][2020/11/26 15:23:24][7168][WEB][200.1.1.64]:WEB send packet to portal server successfully. 02 02 00 00 01 4a 00 00 c8 01 01 40 00 00 03 00 a2 39 fd 9a 09 a6 4e 73 80 e3 6f d3 ca 65 9d d8	The source IP address of Portal packets sent by the device is different from the device IP address added to the Portal server.	Trace information shows that the device sends a challenge response packet after receiving a challenge request packet from the Portal server, but receives a challenge request packet from the Portal server again several seconds later. The common cause for this problem is that the Portal server does not process the challenge response packet sent by the device. The source IP address of the challenge response packet sent by the device is different from the device IP address added to the Portal server.
4	[BTRACE][2020/10/19 14:53:23][6144][RADIUS][64e5-99f3-18f6]: Received a authentication reject packet from radius server(server ip = 10.10.10.1).	The server rejects the authentication request.	There are various causes for this problem, for example, the user name or password is incorrect, or the authorization policy fails to be matched. You can locate the root cause by checking server logs and adjust the server, terminal, or device configuration.
5	[BTRACE][2020/10/19 17:01:03][6144][AAA][64e5-99f3-18f6]:Radius server is up but no response.	The RADIUS server does not respond.	Check whether the device IP address is correctly added to the RADIUS server (by checking whether the source IP address for communicating with the RADIUS server is configured in the RADIUS server template). Check whether the link between the device and RADIUS server is normal. Check whether the shared key configured on the device is the same as that on the RADIUS server.
6	Received a authentication accept packet from radius server(server ip = 12.12.12.1). [BTRACE][2020/10/24 16:52:19][6144][RADIUS][64e5-99f3-18f6]: Server Template: 4 Server IP : 12.12.12.1 Server Port : 1812 Protocol: Standard Code : 2 Len : 182 ID : 205 [Filter-Id ] [6 ] [3000] [EAP-Message ] [6 ] [03 4c 00 04 ] [State ] [16] [\001uY\314\321\003] [MS-MPPE-Send-Key ] [52] [bd ce 7f 1d bf 78 33 d4 6c 45 d8 d0 1b f7 ee d2 02 16 7a ac fd 62 25 88 f7 84 7a 22 44 d8 01 8a 99 a3 33 66 7d 47 e9 a7 ed 88 d5 01 f8 62 4f 9d cd 56 ] [MS-MPPE-Recv-Key ] [52] [bd ce 7f 54 6f 27 35 d1 01 5c f1 5e aa e8 27 91 c7 8b 89 2f 06 8f ac 46 13 5c 92 78 ec cf 39 aa dc bb f8 ff b1 b8 5c 42 6b f8 ca 80 76 b1 e8 35 c9 ed ] [Message-Authenticator ] [18] [00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ] [BTRACE][2020/10/24 16:52:19][6144][RADIUS][64e5-99f3-18f6]:Send authentication reply message to AAA. [BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]: AAA receive AAA_RD_MSG_AUTHENACCEPT message(50) from RADIUS module(235). [BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]: CID:58 TemplateNo:4 SerialNo:75 SrcMsg:AAA_RD_MSG_AUTHENREQ PriyServer::: Vrf:0 SendServer:12.12.12.1 Vrf:0 SessionTimeout:0 IdleTimeout:0 AcctInterimInterval:0 RemanentVolume:0 InputPeakRate:0 InputAverageRate:0 OutputPeakRate:0 OutputAverageRate:0 InputBasicRate:0 OutputBasicRate:0 InputPBS:0 OutputPBS:0 Priority:[0,0] DNS:[0.0.0.0, 0.0.0.0] ServiceType:0 LoginService:0 AdminLevel:0 FramedProtocol:0 LoginIpHost:0 NextHop:0 EapLength:4 ReplyMessage: TunnelType:0 MediumType:0 PrivateGroupID: ACLID:3000 WlanReasonCode:0 [BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]: [AAA ERROR]AAA check radius authen ack, check acl error! [BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]:Radius authorization data error. [BTRACE][2020/10/24 16:52:19][6144][AAA][64e5-99f3-18f6]: [AAA ERROR]authen finish,the authen fail code is:16,reason is:Radius authorization data error.	Authorization ACL check failure	Precautions for authorization ACL: In wireless scenarios, the authorization ACL ID ranges from 3000 to 3031, and the maximum value of rule id in the ACL is 64.

Other Common Trace Information About Portal Authentication


[AC-diagnose] display process-list
*************************************************
Accumulate total process number  :10
Forward mode: centralized
----------------------------------------------
ProcessID      ProcessName    PID
----------------------------------------------
0              vos.o          195
1              wmc            196
2              wmi            197                
3              wmi            198                
4              dhcp           200                
5              dhcp           201                
6              nac            202                
7              nac            203                
8              ucm_gc         204                
9              web_fc         205                
***************************************************
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Send STA associate Response message and add sta request (ap:0, radio:0, wlan:0, len:0, response :0, code:0).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WSTA] Receive STA (Re)associate request message.
Assoc local:1, AP ID:0, Radio ID:0, Wlan ID:3, Type(1:assoc, 2:reassoc):1, Pmk:0, Wapi IE:0, Bk ID Num:0, SFN Flag:0, Ability:40, 2.4G CHs:0, 5G CHs:0. FT Roam:0, FT Access:0, Rssi:-53, Old Ap Mac:0000-0000-0000, Auth Type:8 UniCipher:6 MultiCipher:6. Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000, ProcessId:2048. Message len:112, Element len:100, Total len:109, Fix len:88, Ext num:0, Ext Len:0, AGV:0, Assoc duration time:37457
[AC] display vap-profile all
FMode   : Forward mode
STA U/D : Rate limit client up/down
VAP U/D : Rate limit VAP up/down
BR2G/5G : Beacon 2.4G/5G rate
--------------------------------------------------------------------------------------------------------------------------------------
Name             FMode    Type     VLAN      AuthType         STA U/D(Kbps)  VAP U/D(Kbps)  BR2G/5G(Mbps)  Reference  SSID
--------------------------------------------------------------------------------------------------------------------------------------
default          direct   service  VLAN 1    Open             -/-            -/-            1/6            0          HUAWEI-WLAN
vapdot1x         tunnel   service  VLAN 200  WPA2+802.1X      -/-            -/-            1/6            3
dot1x_test    vap_localportal  tunnel   service  VLAN 200  Open+Portal      -/-            -/-            1/6            3          localportal_test
test             tunnel   service  VLAN 200  Open+Portal/MAC  -/-            -/-            1/6            3          portal_76
--------------------------------------------------------------------------------------------------------------------------------------
Total: 4
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process STA associate request message:(ApId:0 RadioId:0 WlanId:3 EssId:4 Assoc Type(1:Assoc,2:Reassoc):1 Vlan:200, Type:3093, Seq Num:238, Max num:64).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Check vap ap reach max proc(Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000.
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Add sta data roam info 0:MgIP: 0.0.0.0, IpVer:2, StaDataIp:0, Ret:1
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Add sta data roam info 1:MgIP: 0.0.0.0, Ap2AcIP:100.1.1.1
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send STA associate response message. (FT access:0, FT roam:0, Flag:1, loacl:1, Type:8)
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send STA associate response message. (Ap:0, Radio:0, WlanId:3, Type:1, Code:0, Len:326, OpType:0, Flag:0, Detect:1)
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Begin Add STA Skip request message (AP:0, Radio:0,WlanId:3).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process add STA response message (Radio:0, Wlan:3, OpType:0, TryTimes:1 Code:0).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process STA authentication done request(Auth Code:0, State:2, Assoc flag:0, Cache Flag:0, Ft Flag:0).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]
[WADP] Send authentication request message to UCM.
srcChannelId = 187, dstChannelId = 232, WmiForkId = 7168, EsapForkId = 7168
Interface: 93018000, Vlan:200, AuthMethod:32, User DownReason:0, Roam Flag:0, FwdDirect:0, UserAclNum:4294967295.
AP ID:0, Fwd Mode:0, Service Vlan:200, Access Type:32, Radio ID:0, AP State:9, Phy IfIndex:0, Roam flag:0.     Ap Mac:18de-d777-c120, Ap Name:AP-10, SSID:portal_76, AP IP:100.1.1.114, AC IP:100.1.1.1, Ret code:0.     Rssi[42], TerminalPosX[0], TerminalPosY[0], OpenFlag[0], UsrGrp[0], serVlan[200], UsrVlan[0], UserName[], Sn[369]
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WLAN_STA_INFO_AP_ASSOCIATE]ACMAC:84-5b-12-69-22-e8;ACNAME:AC6605_8_76;APMAC:18-de-d7-77-c1-20;APNAME:AP-10;APIP:100.1.1.114;RADIO:0;BAND:2.4G;SSID:portal_76;ACCESS TYPE:Open+Portal/MAC;USER:84c9b27247e0;MAC:84-c9-b2-72-47-e0;ASSOCDURATION:37457us;TIME:1605337092;ZONE:UTC+0800;DAYLIGHT:false;ERRCODE:0;RESULT:Success;
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSEC] WEP (Open or Share-Key) authentication is in AP. It will return OK in AC (Code:0).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process associate authentication successfully(State:2, Pre AP:4294967295).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] End Add STA Skip request message (AP:0, Radio:0,WlanId:3, Type:0, Same VAP:0).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] STA (Re)associate request first assoc request response (Type:3093, Code:0).
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] End to process STA first associate add request (Code:0).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_AUTH_REQ from WLAN module (msg code: 184 CID:80).
[BTRACE][2020/11/14 14:58:12][7168][EAPoL][84c9-b272-47e0]:Get domain by global config.(domain=default)
[BTRACE][2020/11/14 14:58:12][7168][EAPoL][84c9-b272-47e0]:Get mac-authen user name successfully.(username=84c9b27247e0)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Get user name successfully.(username=84c9b27247e0)
<AC> display domain
-------------------------------------------------------------------------
index    DomainName
-------------------------------------------------------------------------
0        default                                                               
1        default_admin                                                         
2        radius                                                                
3        ad                                                                    
4        ldap                                                                  
-------------------------------------------------------------------------
Total: 5
[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:cib is optimized for struct CM NAC WLAN[CM NAC Fill ExtendCib]:ulApId = 0,ucRadioId = 0,ucWirelessAccessType = 32.
[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:
[CM NAC Find Access Type Auth Seq](AccessType=27, seqIndex=4)    [BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:     [Auth Req AAA Proc Check]Change to MAC.(AccessType=23, seqIndex=1)
[BTRACE][2020/11/14 14:59:20][7168][EAPoL][84c9-b272-47e0]:Get domain by global config.(domain=default)
BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:
[CM NAC Get Mac User Domain](ForceDomain=, ForceDomainIndex=2)
[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 18DE-D777-C120.
[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:CM send authentication request message to AAA module (CID:81).
[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:
CM Send Auth Ack Msg to TID IPC WLAN.  (result=0, isWlanMacAuth=1)
[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:CM send authentication ack message to WLAN module (CID:81).
[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:State from IDLE(substate:BUTT) to AUTH(substate:BUTT). (cib=81, event=AUTH_REQ)
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:
AAA receive AAA_SRV_MSG_AUTHEN_REQ message(31) from UCM module(232).
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:
DestIndex:81 SrcIndex:81 Slot:7168
User:84c9b27247e0 Password:*** MAC:84c9-b272-47e0        Slot:0 SubSlot:0 Port:0 VLAN:200        IP:255.255.255.255 AccessType:mac AuthenType:PAP        AdminLevel:0 EapSize:0 AuthenCode:Invalid        ulInterface:2466349056 ChallengeLen:16 ChapID:0        LineType:0 LineIndex:0 PortType:19        AcctSessionId:AC6605_0000000000020056b8840100051
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:
AAA_MAIN initiate NormalAuthenReq event to AAA_AUTHEN module.
CID:0 Result:0 Info:542417012
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:
AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235).
[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:
CID:105  TemplateNo:4  SerialNo:4294967295
PriyServer::: Vrf:0
SendServer::: Vrf:0
AccessType:mac AuthenMethod:PAP        UserName:84c9b27247e0 Password:***        Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056         CID:16465  AcctSessionId:AC6605_0000000000020056b8840100051        PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255        EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255        IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0        ProductID:AC szVersion:Huawei AC6605-26-PWR        SecurityStr:
[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]:Receive authentication request message from AAA module.
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:      Send a authentication request packet to radius server( server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Protocol: Standard
Code    : 1      Len     : 468      ID      : 12      
[User-Name                          ] [14] [84c9b27247e0]      [User-Password                      ] [18] [aa c3 ee 42 f6 dc cd dd 75 df 5d ea f4 5a b6 33 ]      
[NAS-Port                           ] [6 ] [200]      
[Service-Type                       ] [6 ] [2]      
[Framed-Protocol                    ] [6 ] [1]      
[Calling-Station-Id                 ] [16] [84c9-b272-47e0]      [NAS-Identifier                     ] [13] 
[AC6605_8_76]      
[NAS-Port-Type                      ] [6 ] [19]      
[NAS-Port-Id                        ] [36] [slot=0;subslot=0;port=0;vlanid=200]      
[Called-Station-Id                  ] [29] [18-DE-D7-77-C1-20:portal_76]      
[NAS-IP-Address                     ] [6 ] [172.168.10.76]      [Acct-Session-Id                    ] [36] [AC6605_00000000000200580fd60100050]      
[WLAN-Pairwise-Cipher               ] [6 ] [0]    
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:      [WLAN-Group-Cipher                  ] [6 ] [0]      
[WLAN-AKM-Suite                     ] [6 ] [0]      
[WLAN-Group-Mgmt-Cipher             ] [6 ] [0]      
[HW-NAS-Startup-Time-Stamp          ] [6 ] [1604918038]      [HW-IP-Host-Address                 ] [35] [255.255.255.255 84:c9:b2:72:47:e0]      
[HW-Connect-ID                      ] [6 ] [16464]      
[HW-Version                         ] [22] [Huawei AC6605-26-PWR]      
[HW-Product-ID                      ] [4 ] [AC]      
[HW-AP-Information                  ] [16] [18DE-D777-C120]      [HW-Access-Type                     ] [6 ] [2]      
[HW-User-Extend-Info                ] [38] [AP-Device-Code=19220382118ded777c120]      
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-X=0]      [HW-User-Extend-Info                ] [18] [TERMINAL-POS-Y=0]      [HW-User-Extend-Info                ] [18] [Wifi-Density=-53]      [HW-User-Extend-Info                ] [27] [HW-Access-Time=1605337092]      
[HW-Domain-Name                     ] [12] [domaintest]
[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive authentication ACK from UCM (Ret Code:0, Reason Code:0).
[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive authentication ACK from UCM (Ret Code:0, Reason Code:0).
[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process associate authentication STA up sucessfully. StaupType = 1.
[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive authentication ACK from UCM (Code:0, Reason Code:0, Current SN:370, Response SN:370).
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
Received a authentication reject packet from radius server(server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Server Port : 1812
Protocol: Standard
Code    : 3
Len     : 82
ID      : 12
[Reply-Message                      ] [62] [ErrorReason is No authorization rule is matched.ErrCode:4153]
[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:Send authentication reject message to AAA.
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:
AAA receive AAA_RD_MSG_AUTHENREJECT message(51) from RADIUS module(235).
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:
CID:101  TemplateNo:4  SerialNo:4294967295
SrcMsg:AAA_RD_MSG_AUTHENREQ
PriyServer::: Vrf:0
SendServer:172.168.10.6 Vrf:0
SessionTimeout:0 IdleTimeout:0
AcctInterimInterval:0 RemanentVolume:0
InputPeakRate:0 InputAverageRate:0
OutputPeakRate:0 OutputAverageRate:0
InputBasicRate:0 OutputBasicRate:0
InputPBS:0 OutputPBS:0
Priority:[0,0] DNS:[0.0.0.0, 0.0.0.0]
ServiceType:0 LoginService:0 AdminLevel:0 FramedProtocol:0
LoginIpHost:0 NextHop:0
EapLength:0 ReplyMessage:ErrorReason is No authorization rule is matched.ErrCode:4153
TunnelType:0 MediumType:0 PrivateGroupID:
WlanReasonCode:0
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:Radius authentication is rejected.
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:
[AAA ERROR]authen finish,the authen fail code is:6,reason is:Radius authentication is rejected.
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:
AAA send AAA_SRV_MSG_AUTHEN_ACK message(36) to UCM module(232).
[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:
DestIndex:80 SrcIndex:80 Slot:4294967295
Result:1 DomainIndex:2 ServiceScheme:65535        AuthedPalace:3  VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0        IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0        SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295        EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295        RTAcctInterval:4294967295 Priority:[255,255]        AdminLevel:255 NextHop:4294967295 Role:0 LiAdmin:0        EapSize:0 ReplyMessage:ErrorReason is No authorization rule is matched.ErrCode:4153        TunnelType:0 MediumType:0 PrivateGroupID:        SerialNo:4294967295 WlanReasonCode:0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive AAA_SRV_MSG_AUTHEN_ACK from AAA module (msg code: 36 CID:80).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Get Local Authorize]Authen ACL str len.(len=0)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_CIB_S] enter in CMNACFillAAAAckInfo.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_CIB_S] enter in CM_NAC_ProAckInfo.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_ACCTDATA_S]Come in CMFillAcctInfo.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_ACCTDATA_S]Cib acct data is null in CMFillAcctInfo.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:User authentication fail (CID:80).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM NAC State Auth Entity, CurrAccessType:23, DownReason:130, WlanReasonCode:4294967295
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC ISOFFLINE](Down Reason:130)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Begin to get local authorization, NewAuthorizeType = 3.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Judge local authorization(Radius server down), NewAuthorizeType = 3.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CFGMGR GetEventAuthorzation] HttpToCpuFlag:1, Dot1xUrlFlag:0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Judge local authorization, NewAuthorizeType = 1.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CFGMGR GetEventAuthorzation] HttpToCpuFlag:1, Dot1xUrlFlag:0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Get local authorization over, NewAuthorizeType = 1.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
CM Make OffLine Record, OnlineFail:1, IsOver:0, AccessType:0.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CFGMGR GetEventAuthorzation] HttpToCpuFlag:1, Dot1xUrlFlag:0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=81, CM EVENT START NEXT AUTH=58)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:State from AUTH(substate:BUTT) to GLOCTRL(substate:PREAUTHEN). (cib=80, event=CM_EVENT_GC_USER_ACCESS_REQ)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:State from GLOCTRL(substate:PREAUTHEN) to ADDUSER(substate:BUTT). (cib=80, event=NAC_PRE_AUTHEN)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[CM NAC Proc Port Vlan]Vlan change.(IfIndex=2466349056, IsPortBased=0, newVlan=0, VlanType=3, IsPortbasedGuestAuthened=0)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[CM_NAC_CheckIfClearVlan] clear authorised vlan, set modify flag.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC CheckIfSupportAuthor](PreAuthFlag 1 RemarkInGroupFlag 0 CarFlag 0 authormap 0x 00000000 00000000 accesstype 0 ulRet 1).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[CM Get MCIB Info] Cid:80, FixedCid:16464
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535]
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 1, OldPreAuthFlag = 0,Cib AccessType = 0.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM UserGroup = 65535, UclGroup = 65535, UserGroupPriority = 255.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:RemarkDscp = 255 Remark8021p = 255 DnRemark8021p = 255 DnRemarkDscp = 255.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Get QosInfo From Nac] CM send QoS to TM. UserName=,Valid=0,Cir=0,Pir=0,FlowMappingProfileIndex=0,FlowQueueProfileIndex=0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac ucUserGroupChanged = 0, HttpsToCpuFlag:0, Dot1xUrlFlag:0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[CM Get MCIB Info]DetectVlanId=0, Cib GateWay=0xffffffff.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
CM_SendSetTableMsg: CID:80, Command:0,UserGroup:65535 UclGroupId:65535, aclNum:65535,usAclID[65535,65535,65535,65535],ucHttpFwdFlg=0    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:    CM_SendSetTableMsg: OldDestSlotFlag:0x 00000000 00000000 00000000 00000000, NewDestSlotFlag: 0x 00000000 00000000 00000000 00000001    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Proc Lpu](OpType=0, WlanFlag=1, WANFlag=0, vlan=0, Ret=0).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Open user access ability (CID:80).
[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:
[TM DBG]SrcNode = 7168, DstNode = 7168.
[TM DBG] Rev CM_SET(MsgCode=197) from UCM. Slot:7168 SourceIndex:80
Command:ADD_CIB Slot:0 .    
[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]Proc EventCall.Index:162    
[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]Proc EventCall.(OpType=0)    (mac=84c9-b272-47e0, IPV6=00000000:00000000:00000000:00000000, IPV4=0xffffffff, Slot=0, ISPVlan=0)    (AuthVlan=0, AuthVlanType=3, PvcVlan=200, PvcVlanType=3, UsrGroup=65535, UclGroup=65535, IsPortBased=0, IfIndex=2466349056)    (PreAuthFlag=1,OldPreAuthFlag=0, AuthModifyBmp=0x4, ArpDeny=0,ucHttpFwdFlg=0)    (UserGroupPriority=255)    
[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]    (WlanFlag=1, RemoteUser=0, UCRemoteUser=0)    [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:      [TM DBG]Proc EventCall.(ForwardInterface=0,ForwardPdtIndex=0, ISPVlan=0)
[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:
TM send authorization para info to Ap:    AclID = 65535,65535 UpRateLimitValue = -1 DownRateLimitValue = -1 Mac = 84c9-b272-47e0    Isolated = 0 InterIsolated = 0 VLAN = 200 UserGroup = 65535 UclGroup = 65535 Optype = 0 UserUpFlag = 1 PushFlag = 0 AccessType = 0    IsPortBased = 0 UserVlanType = 3 AuthenUserAddCIB = 1 IfIndex = -1828618240 IpAddr = 255.255.255.255 VrfIndex = 0 Cid = -1 PortalLayer3Flag = 0    AckIndex = 162 preauthfalg = 1 httpflag = 1 denyallflag = 1 UpFlowstatistics = 0 DownFlowstatistics = 0    Redirect AclId = 65535, RedirectURL = , IPSecFlag = 2, ArpDeny = 0,fwdflg=0
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Send static user ap tunnel info oper event return (Type:5, ap:0, vlan:200)
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Oper config fwd user elb (Type:1, Ap:0, radio:0, wlan:3, vlan:200)
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Update fwd elb tunnlel port (Type:1, ap:0, radio:0, wlan:3, vlan:200, access mode:0, direct:0, tunnel:1, vap:1, code:0)
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Process user auth update elb table (ap:0, radio:0, wlan:3, vlan:200, Code:0)
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Qos remark info new (In:255, out:255, in1p:255, out1p:255, inDscp:255, outDscp:255).Url len:0, send len:173
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]User auth update elb table (ap:0, radio:0, wlan:3, vlan:200, ap fork:2048, old ap fork:4294967295)
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] UpDateStaAccessVlan Same Vlan Return
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Update sta user name 84c9b27247e0
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]
[WADP] Send User Authorization Info to Ap.
(ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:0,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295
UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:1,BeforeAuth_En:1,DenyAll:1,ServiceVlan:200
AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0)
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:0, Code:0, Id:162.    [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)
[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:TM send ack message to CM module, result: Add CIB OK
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_CIB_SET_ACK from TM module (msg code: 198 CID:80).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
In ADD USER recevie CM_EVENT_ADD_SUCCESS clear authorize modify bitmap.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM Add Aging Dll] wlan user, no need to proc.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Send Auth Ack](DownModule=0, NewAuthorizeType=1, AckModuleId=187, ExpResult=8, CMAAAAuth=0x2055e54c).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=0, NacCib ReauthTimeLen=1800).
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer]set ReauthTimeLen 0.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[AfterUp]No Start Acct: (IPValid 0,StartAcctWithIP 1)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:State from ADDUSER(substate:BUTT) to UP(substate:BUTT). (cib=80, event=ADD_OK)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=58, CM EVENT START NEXT AUTH=58)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](AAASuccFlag=0, AuthSeqIndex=1)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](currentAccessType=23, AuthSeqIndex=1, MaxFailTimes=1, FailTimes=1, AuthorizeType=1)    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](NewAccessType=24)    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=0, NacCib ReauthTimeLen=0).    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer]set ReauthTimeLen 0.
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3024 Vcpu:7 Ret:0 Len:72.
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3034 Vcpu:7 Ret:0 Len:64.
[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3036 Vcpu:7 Ret:0 Len:88.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::.
[AC] display access-user
------------------------------------------------------------------------------------------------------
UserID  Username               IP address                               MAC            Status
------------------------------------------------------------------------------------------------------
16464   84c9b27247e0           200.1.1.231                              84c9-b272-47e0 Pre-authen
------------------------------------------------------------------------------------------------------
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
In UP set UPDATE_IP to modify trigger bitmap.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535]
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 1, OldPreAuthFlag = 0,Cib AccessType = 0.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM UserGroup = 65535, UclGroup = 65535, UserGroupPriority = 255.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:RemarkDscp = 255 Remark8021p = 255 DnRemark8021p = 255 DnRemarkDscp = 255.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Get QosInfo From Nac] CM send QoS to TM. UserName=,Valid=0,Cir=0,Pir=0,FlowMappingProfileIndex=0,FlowQueueProfileIndex=0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac ucUserGroupChanged = 0, HttpsToCpuFlag:0, Dot1xUrlFlag:0
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[CM Get MCIB Info]DetectVlanId=0, Cib GateWay=0xffffffff.
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
CM_SendSetTableMsg: CID:80, Command:2,UserGroup:65535 UclGroupId:65535, aclNum:65535,usAclID[65535,65535,65535,65535],ucHttpFwdFlg=0    [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:    CM_SendSetTableMsg: OldDestSlotFlag:0x 00000000 00000000 00000000 00000001, NewDestSlotFlag: 0x 00000000 00000000 00000000 00000001
[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send dhcp option info to UCM(num:3, code:0)
[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_ACCTDATA_S]Come in CMSendRealTimeAcctRequest.
[BTRACE][2020/11/14 14:58:14][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] ap process syn elb table same return.
[BTRACE][2020/11/14 14:58:14][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process send elb syn message (ap:0,radio:3,wlan:3,code:0)
[BTRACE][2020/11/14 14:58:14][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging.
[BTRACE][2020/11/14 14:58:15][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSS] Ap report probe message flow process (number:17, ap:0, radio:0, event:1, RSSI:-54).
[BTRACE][2020/11/14 14:58:15][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3134 Vcpu7dis
[BTRACE][2020/11/14 14:58:19][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process recv elb aging message.
[BTRACE][2020/11/14 14:58:19][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] Ap process send elb aging message (ap:0, radio:3, wlan:3)
[AC6605_8_76]
[BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet Delay:4
[BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet access time:150
[BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3115 Vcpu7
[BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3066 Vcpu7
[BTRACE][2020/11/14 14:58:24][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging.
[BTRACE][2020/11/14 14:58:33][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_ACCTDATA_S]Come in CMSendRealTimeAcctRequest.
[BTRACE][2020/11/14 14:58:34][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process send elb syn message (ap:0,radio:3,wlan:3,code:0)
[BTRACE][2020/11/14 14:58:34][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging.
[BTRACE][2020/11/14 14:58:34][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] ap process syn elb table same return.
[BTRACE][2020/11/14 14:58:39][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process recv elb aging message.
[BTRACE][2020/11/14 14:58:39][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] Ap process send elb aging message (ap:0, radio:3, wlan:3)
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0):
Version         : 2
Type            : authentication request    Method          : pap    SerialNo        : 58879    RequestID       : 0    UserIP          : 200.1.1.231    ErrorCode       : 0    AttributeNumber : 2        [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully.     02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02     bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f     01 07 74 65 73 74 31 02 07 74 65 73 74 31        [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive authentication request packet from portal srever.
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Send packet to NodeID(7168).(UserIP=3355509223)
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0):
Version         : 2
Type            : authentication requestMethod          : pap    SerialNo        : 58879    RequestID       : 0    UserIP          : 200.1.1.231    ErrorCode       : 0    AttributeNumber : 2        [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB receive packet from portal server successfully.     02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02     bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f     01 07 74 65 73 74 31 02 07 74 65 73 74 31    [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:[WEB Proc PS Msg] Server IP = 172.168.10.6, Server Vrf = 0
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal srever.
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal server.(ReqID=15)
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Start a new authentication.
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send auth-req msg:
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:CID   : 80
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ReqID : 15
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:AuthType : 0
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:UserName : test1    [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ChapId   : 0    [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEBIP    : 202116102    [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Version  : 2    [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send authentication request message to cm successfully(userid=80,requestid=15)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC State Up Entity]Received auth request.(cid=80, AccessType=24, Reason=0)    [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Check ReAuth Req]NEW ACCESS TYPE IS 24,OLD ACCESS TYPE IS 0    [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:     [CM NAC_CheckReAuthReq] User has V4 address 3355509223.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[CM NAC Refresh IpHash By Vrf]NewVrf=0, oldVrf=0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Fill ReAuth Info](AckModId=0x48, AccessType=24, AuthModIndex=15, PortalLayerFlag:1
<AC> display domain
--------------------------
index    DomainName
--------------------------
0        default
1        default_admin
2        radius
3        ad
4        ldap
---------------------------
Total: 5
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM send authentication request message to AAA module (CID:80).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from UP(substate:BUTT) to AUTH(substate:BUTT). (cib=80, event=BUTT)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:HSB event: CIB UserMac is 84c9-b272-47e0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[UCM_BAK] End to encap fix .
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:HSB event: CIB msg send fail!
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA receive AAA_SRV_MSG_AUTHEN_REQ message(31) from UCM module(232).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
DestIndex:80 SrcIndex:80 Slot:7168
User:test1 Password:*** MAC:84c9-b272-47e0        Slot:0 SubSlot:0 Port:0 VLAN:200        IP:200.1.1.231 AccessType:web AuthenType:PAP        AdminLevel:0 EapSize:0 AuthenCode:WEB        ulInterface:2466349056 ChallengeLen:16 ChapID:0        LineType:0 LineIndex:0 PortType:19        AcctSessionId:AC6605_000000000002002cad1b0100050
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA_MAIN initiate NormalAuthenReq event to AAA_AUTHEN module.
CID:0 Result:0 Info:542338972
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
CID:102  TemplateNo:4  SerialNo:4294967295
PriyServer::: Vrf:0
SendServer::: Vrf:0
AccessType:web AuthenMethod:PAP        UserName:test1  Password:***        Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056         CID:16464 AcctSessionId:AC6605_000000000002002cad1b0100050        PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:200.1.1.231        EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255        IPHostAddr:200.1.1.231 84:c9:b2:72:47:e0        ProductID:AC szVersion:Huawei AC6605-26-PWR        SecurityStr:
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:Receive authentication request message from AAA module.
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Send a authentication request packet to radius server( server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Protocol: Standard
Code    : 1
Len     : 710
ID      : 13      
[User-Name                          ] [7 ] [test1]      
[User-Password                      ] [18] [57 4d 2a 93 10 d9 b5 fb c4 5a 3d d1 92 a2 5a 53 ]      
[NAS-Port                           ] [6 ] [200]      
[Service-Type                       ] [6 ] [2]      
[Framed-Protocol                    ] [6 ] [1]      
[Framed-IP-Address                  ] [6 ] [200.1.1.231]      [Calling-Station-Id                 ] [16] [84c9-b272-47e0]      [NAS-Identifier                     ] [13] [AC6605_8_76]      [NAS-Port-Type                      ] [6 ] [19]      
[NAS-Port-Id                        ] [36] [slot=0;subslot=0;port=0;vlanid=200]      
[Called-Station-Id                  ] [29] [18-DE-D7-77-C1-20:portal_76]      
[NAS-IP-Address                     ] [6 ] [172.168.10.76]      [Acct-Session-Id                    ] [36] [AC6605_000000000002002cad1b0100050]    
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:      [HW-HTTP-UA                         ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)]      
[HW-Access-Type                     ] [6 ] [3]      
[HW-User-Extend-Info                ] [38] [AP-Device-Code=19220382118ded777c120]      
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-X=0]
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-Y=0]
[HW-User-Extend-Info                ] [18] [Wifi-Density=-53]
[HW-User-Extend-Info                ] [27] [HW-Access-Time=1605337122]      
[HW-Domain-Name                     ] [12] [domaintest]
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Received a authentication accept packet from radius server(server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Server Port : 1812
Protocol: Standard
Code    : 2
Len     : 20
ID      : 13
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:Send authentication reply message to AAA.
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA receive AAA_RD_MSG_AUTHENACCEPT message(50) from RADIUS module(235).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
CID:102  TemplateNo:4  SerialNo:4294967295
SrcMsg:AAA_RD_MSG_AUTHENREQ
PriyServer::: Vrf:0
SendServer:172.168.10.6 Vrf:0
SessionTimeout:0 IdleTimeout:0
AcctInterimInterval:0 RemanentVolume:0
InputPeakRate:0 InputAverageRate:0
OutputPeakRate:0 OutputAverageRate:0
InputBasicRate:0 OutputBasicRate:0
InputPBS:0 OutputPBS:0
Priority:[0,0] DNS:[0.0.0.0, 0.0.0.0]
ServiceType:0 LoginService:0 AdminLevel:0 FramedProtocol:0
LoginIpHost:0 NextHop:0
EapLength:0 ReplyMessage:
TunnelType:0 MediumType:0 PrivateGroupID:
WlanReasonCode:0
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA send AAA_SRV_MSG_AUTHEN_ACK message(36) to UCM module(232).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
DestIndex:80 SrcIndex:80 Slot:4294967295
Result:0 DomainIndex:2 ServiceScheme:65535        AuthedPalace:3  VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0        IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0        SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295        EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295        RTAcctInterval:4294967295 Priority:[255,255]        AdminLevel:255 NextHop:4294967295 Role:0 LiAdmin:0        EapSize:0 ReplyMessage:        TunnelType:0 MediumType:0 PrivateGroupID:        SerialNo:4294967295 WlanReasonCode:0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM receive AAA_SRV_MSG_AUTHEN_ACK from AAA module (msg code: 36 CID:80).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Get Local Authorize]Authen ACL str len.(len=0)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_CIB_S] enter in CMNACFillAAAAckInfo.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_CIB_S] enter in CM_NAC_ProAckInfo.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_ACCTDATA_S]Come in CMFillAcctInfo.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM_NAC_ChangeWlanUserServiceVlan] Wlan user service-vlan=200, author dynamic vlan: 65535, original dynamic vlan: 0, type: 3, local author bitmap: 0xffffffff.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Set Parse Ok Acl](oldUserGroup=65535, newGroupId=65535, newAclId[65535,65535,65535,65535], newAclV6Id[65535,65535,65535,65535], newUclGroupId=65535)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:UserGroupChanged:0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Set Parse Ok Acl]: default GroupID=65535
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Set Parse Ok Acl]:AclIdCache[65535,65535,65535,65535]
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[Get Authorize Info From AAA](inCarFlag=0, outCarFlag=0, GroupID=65535, VLAN=0, voiceVlanflag=0,InDscpValue=255, In8021pValue=255, ServiceSchemeName=, IdleCutFlowDirection=4, IdleCutTime=0, IdleCutSecond=0, IdleCutFlow=0,redirect acl id:65535, EapSessionTimeout=4294967295, SessionTimeout=4294967295, Priority =255,ucDownPriority =255,VlanSource:0, AccountingSep:0)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM fill user authorization information (CID:80).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=81, CM EVENT START NEXT AUTH=58)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from AUTH(substate:BUTT) to GLOCTRL(substate:BUTT). (cib=80, event=CM_EVENT_GC_USER_ACCESS_REQ)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=6, CM EVENT START NEXT AUTH=58)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from GLOCTRL(substate:BUTT) to AUTH(substate:BUTT). (cib=80, event=AUTH_GC_PASS)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM NAC State Auth Entity, OpenUser:0,FailType:46
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:User authentication success (CID:80).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from AUTH(substate:BUTT) to ADDUSER(substate:BUTT). (cib=80, event=AUTH_GC_PASS)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[CM NAC Proc Port Vlan]Vlan change.(IfIndex=2466349056, IsPortBased=0, newVlan=0, VlanType=3, IsPortbasedGuestAuthened=0)
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC CheckIfSupportAuthor](PreAuthFlag 0 RemarkInGroupFlag 0 CarFlag 0 authormap 0x 00000000 00000000 accesstype 24 ulRet 1).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
In AUTH set PREAUTH_TO_AUTHED to modify trigger bitmap.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[CM Get MCIB Info] Cid:80, FixedCid:16464
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535]
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 0, OldPreAuthFlag = 1,Cib AccessType = 0.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:NotifyTM UserGroup = 65535, UclGroup = 65535, UserGroupPriority = 255.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:RemarkDscp = 255 Remark8021p = 255 DnRemark8021p = 255 DnRemarkDscp = 255.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Get QosInfo From Nac] CM send QoS to TM. UserName=,Valid=0,Cir=0,Pir=0,FlowMappingProfileIndex=0,FlowQueueProfileIndex=0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac ucUserGroupChanged = 0, HttpsToCpuFlag:0, Dot1xUrlFlag:0
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[CM Get MCIB Info]DetectVlanId=0, Cib GateWay=0xc8010101.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
CM_SendSetTableMsg: CID:80, Command:2,UserGroup:65535 UclGroupId:65535, aclNum:65535,usAclID[65535,65535,65535,65535],ucHttpFwdFlg=0    [BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Update elb table same return.    [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:    CM_SendSetTableMsg: OldDestSlotFlag:0x 00000000 00000000 00000000 00000001, NewDestSlotFlag: 0x 00000000 00000000 00000000 00000001    [BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Process user auth update elb table (ap:0, radio:0, wlan:3, vlan:200, Code:0)    [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Proc Lpu](OpType=2, WlanFlag=1, WANFlag=0, vlan=0, Ret=0).    [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:Open user access ability (CID:80).
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:
[TM DBG]SrcNode = 7168, DstNode = 7168.
[TM DBG] Rev CM_SET(MsgCode=197) from UCM. Slot:7168 SourceIndex:80
Command:MODIFY_CIB  Slot:0 .
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:
[TM DBG]Proc EventCall.Index:163
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:
[TM DBG]Proc EventCall.(OpType=2)
(mac=84c9-b272-47e0, IPV6=00000000:00000000:00000000:00000000, IPV4=0xc80101e7, Slot=0, ISPVlan=0)
(AuthVlan=0, AuthVlanType=3, PvcVlan=200, PvcVlanType=3, UsrGroup=65535, UclGroup=65535, IsPortBased=0, IfIndex=2466349056)
(PreAuthFlag=0,OldPreAuthFlag=1, AuthModifyBmp=0x0, ArpDeny=0,ucHttpFwdFlg=0)
(UserGroupPriority=255)
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:
[TM DBG]
(WlanFlag=1, RemoteUser=0, UCRemoteUser=0)
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:
[TM DBG]Proc EventCall.(ForwardInterface=0,ForwardPdtIndex=0, ISPVlan=0)
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:
TM send authorization para info to Ap:    AclID = 65535,65535 UpRateLimitValue = -1 DownRateLimitValue = -1 Mac = 84c9-b272-47e0    Isolated = 0 InterIsolated = 0 VLAN = 200 UserGroup = 65535 UclGroup = 65535 Optype = 2 UserUpFlag = 1 PushFlag = 0 AccessType = 24    IsPortBased = 0 UserVlanType = 3 AuthenUserAddCIB = 1 IfIndex = -1828618240 IpAddr = 200.1.1.231 VrfIndex = 0 Cid = -1 PortalLayer3Flag = 0    AckIndex = 163 preauthfalg = 0 httpflag = 0 denyallflag = 0 UpFlowstatistics = 0 DownFlowstatistics = 0    Redirect AclId = 65535, RedirectURL = , IPSecFlag = 2, ArpDeny = 0,fwdflg=0
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Qos remark info new (In:255, out:255, in1p:255, out1p:255, inDscp:255, outDscp:255).Url len:0, send len:173
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]User auth update elb table (ap:0, radio:0, wlan:3, vlan:200, ap fork:2048, old ap fork:2048)
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] UpDateStaAccessVlan Same Vlan Return
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Update sta user name test1
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]
[WADP] Send User Authorization Info to Ap.
(ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:1,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295
UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:0,BeforeAuth_En:0,DenyAll:0,ServiceVlan:200
AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)
[BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0)
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:2, Code:0, Id:163.
[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)
[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:TM send ack message to CM module, result: Modify CIB OK
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_CIB_SET_ACK from TM module (msg code: 198 CID:80).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
In ADD USER recevie CM_EVENT_MODIFY_SUCCESS clear modify trigger bitmap.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Send Auth Ack](DownModule=0, NewAuthorizeType=6, AckModuleId=72, ExpResult=8, CMAAAAuth=0x20547cf4).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=1, NacCib ReauthTimeLen=0).
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[AfterUp]CM login request, make start accounting request.(CID=80)    
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 18DE-D777-C120.    [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM fill data flow info.(TariffLevel=0)    
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[0] UpLBytes 0 UpLPackets 0 DownLBytes 0 DownLPackets 0    
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM send accounting request message to AAA module (CID:80).    
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM make accounting request.(acctType = 1, CID=80)    
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:     [Cib is optimized for struct CM_ACCTDATA_S]Come in CMSetAcctWaitFlag.
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from ADDUSER(substate:BUTT) to UP(substate:BUTT). (cib=80, event=MODIFY_OK)
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authen ack message from authentication server(result:AUTH_PASS).
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send packet to socket (length = 40 Vrf = 0):
Version         : 2
Type            : authentication ack
Method          : pap
SerialNo        : 58879
RequestID       : 2063
UserIP          : 200.1.1.231
ErrorCode       : 0
AttributeNumber : 1
[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB send packet to portal server successfully.
02 04 01 00 e5 ff 08 0f c8 01 01 e7 00 00 00 01
86 74 29 a9 60 ab 5e d1 e2 ba 83 37 09 06 f8 74
0b 08 84 c9 b2 72 47 e0
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA receive AAA_SRV_MSG_ACCT_REQ message(32) from UCM module(232).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
DestIndex:80 SrcIndex:80 Slot:7168
AcctType:Start AcctMethod:RADIUS AcctSessionID:AC6605_000000000002002cad1b0100050
ucIfTwoLevelAcct:255 RTAcctInterval:65535 AuthedPlace:3
RdsGroup:4 TacTempletID:128 CopyRdsGroup:65535
UpBytes:[0,0] DnBytes:[0,0]
UpPkts:[0,0] DnPkts:[0,0]
AcctStartTime:1605337122 UTCAcctStartTime:4294967295 UTCAcctStopTime:4294967295
AcctStartSeconds:4294967295 AcctStopSeconds:4294967295 SessionLength:0
UserName:test1 MAC:84c9-b272-47e0 Domain:2
AccessType:web  AuthenCode:WEB
IP:200.1.1.231 Priority:[0,0]
Slot:0 SubSlot:0 Port:0 Interface:2466349056
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA send AAA_RD_MSG_ACCTSTARTREQ message(53) to RADIUS module(235).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
CID:103  TemplateNo:4  SerialNo:0
SrcMsg:AAA_RD_MSG_ACCTSTARTREQ        PriyServer:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF Vrf:4294967295        SendServer:172.168.10.6 Vrf:4294967295        CID:16464 AcctType:1 UserName:test1        AcctSessionID:AC6605_000000000002002cad1b0100050        Interface:2466349056 SessionLength:0 TerminateCause:0 Authentic:1        UpBytes:[0,0] DnBytes:[0,0]        UpPkts:0 DnPkts:0 FramedIP:3355509223        NASPortType:19 Phy:0/0/0 Vlan:200        Priority:0/0 Timestamp:1605337122 FramedProtocol:1        Domain:domaintest IPHostAddr:200.1.1.231 84:c9:b2:72:47:e0        UpCIR:0 UpPIR:0 DnCIR:0 DnPIR:0
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:Receive accounting start request message from AAA module.
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Send a accounting request packet to radius server( server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Protocol: Standard
Code    : 4      Len     : 660      ID      : 14      
[User-Name                          ] [7 ] [test1]      
[NAS-IP-Address                     ] [6 ] [172.168.10.76]      [NAS-Port                           ] [6 ] [200]      
[Framed-IP-Address                  ] [6 ] [200.1.1.231]
[NAS-Identifier                     ] [13] [AC6605_8_76]
[Acct-Status-Type                   ] [6 ] [1]      
[Acct-Delay-Time                    ] [6 ] [0]      
[Acct-Session-Id                    ] [36] [AC6605_000000000002002cad1b0100050]      
[Acct-Authentic                     ] [6 ] [1]      
[Event-Timestamp                    ] [6 ] [1605337122]      [NAS-Port-Type                      ] [6 ] [19]      
[Calling-Station-Id                 ] [16] [84c9-b272-47e0]
[NAS-Port-Id                        ] [36] [slot=0;subslot=0;port=0;vlanid=200]      
[Called-Station-Id                  ] [29] [18-DE-D7-77-C1-20:portal_76]    
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
[Framed-Protocol                    ] [6 ] [1]      
[Service-Type                       ] [6 ] [2]      
[HW-IP-Host-Address                 ] [31] [200.1.1.231 84:c9:b2:72:47:e0]      
[HW-Connect-ID                      ] [6 ] [16464]      
[HW-AP-Information                  ] [16] [18DE-D777-C120]
[HW-Terminal-Type                   ] [12] [windows-pc]      
[HW-DHCP-Option                     ] [13] [00 0c 08 4c 4d 54 2d 50 43 2d 38 ]      
[HW-DHCP-Option                     ] [17] [00 37 0c 01 0f 03 06 2c 2e 2f 1f 21 79 f9 2b ]      
[HW-DHCP-Option                     ] [13] [00 3c 08 4d 53 46 54 20 35 2e 30 ]      
[HW-HTTP-UA                         ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)]      
[HW-Access-Type                     ] [6 ] [3]      
[HW-User-Extend-Info                ] [38] [AP-Device-Code=19220382118ded777c120]    
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-X=0]
[HW-User-Extend-Info                ] [18] [TERMINAL-POS-Y=0]
[HW-User-Extend-Info                ] [18] [Wifi-Density=-53]
[HW-User-Extend-Info                ] [27] [HW-Access-Time=1605337122]
[HW-Domain-Name                     ] [12] [domaintest]
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Received a accounting response packet from radius server(server ip = 172.168.10.6).
[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:
Server Template: 4
Server IP   : 172.168.10.6
Server Port : 1813
Protocol: Standard
Code    : 5
Len     : 20
ID      : 14
[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:
[Cib is optimized for struct CM_ACCTDATA_S]Come in CMGetUserInfo.
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
AAA receive AAA_RD_MSG_ACCTSTART_ACK message(56) from RADIUS module(235).
[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:
CID:103  TemplateNo:4  SerialNo:0
SrcMsg:AAA_RD_MSG_ACCTSTARTREQ
PriyServer::: Vrf:0
SendServer::: Vrf:0
SessionTimeout:0 RemanentVolume:0
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 32 Vrf = 0):
Version         : 2
Type            : ack of authentication ack
Method          : chap
SerialNo        : 58879
RequestID       : 2063
UserIP          : 200.1.1.231
ErrorCode       : 0
AttributeNumber : 0
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully.
02 07 00 00 e5 ff 08 0f c8 01 01 e7 00 00 00 00
5a 89 66 95 4d a0 3e 60 8f 7f d6 d4 1d 29 13 72
[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive ack of authentication ack packet from portal server.
[BTRACE][2020/11/14 14:58:44][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging.
[BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet Delay:1
[BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet access time:150
[BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3115 Vcpu7
[BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3066 Vcpu7

No.	Trace Information	Description
1	[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3093 Vcpu:7 Ret:0 Len:292.	Messages are copied between CPUs, and you can ignore this trace information. Process:2 indicates the core that is processing packets (messages). [AC-diagnose] display process-list *********************************************** Accumulate total process number :10 Forward mode: centralized ---------------------------------------------- ProcessID ProcessName PID ---------------------------------------------- 0 vos.o 195 1 wmc 196 2 wmi 197 3 wmi 198 4 dhcp 200 5 dhcp 201 6 nac 202 7 nac 203 8 ucm_gc 204 9 web_fc 205 *************************************************
2	[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Send STA associate Response message and add sta request (ap:0, radio:0, wlan:0, len:0, response :0, code:0).	The WLAN module sends an association response packet to the STA. The response packet is sent after the request packet is received. However, the request and response packets are processed by different CPUs, and the printing time sequence cannot be controlled. Therefore, the response packet may be printed earlier than the request packet.
3	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WSTA] Receive STA (Re)associate request message. Assoc local:1, AP ID:0, Radio ID:0, Wlan ID:3, Type(1:assoc, 2:reassoc):1, Pmk:0, Wapi IE:0, Bk ID Num:0, SFN Flag:0, Ability:40, 2.4G CHs:0, 5G CHs:0. FT Roam:0, FT Access:0, Rssi:-53, Old Ap Mac:0000-0000-0000, Auth Type:8 UniCipher:6 MultiCipher:6. Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000, ProcessId:2048. Message len:112, Element len:100, Total len:109, Fix len:88, Ext num:0, Ext Len:0, AGV:0, Assoc duration time:37457	The WLAN module receives an association request packet from the STA. Old Ap Mac:0000-0000-0000 indicates that the STA is not roaming. Auth Type:8 indicates the authentication type. 1: WAPI-certificate 2: WAPI-PSK 3: WAP1-802.1X 4: WAP1-PSK 5: WAP2-802.1X 6: WPA2-PSK 7: SHARE-KEY 8: Open 9: WPA1-WPA2-PSK 10: WPA1-WPA2-802.1X 11: WEP-NO-AUTH 12: WEP-802.1X 13: WAP1-PPSK 14: WPA2-PPSK 15: WAP1-WPA2-PPSK 16: WPA3-SAE 17: WPA2-PSK-WPA3-SAE 18: WPA3-802.1X
4	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Get sta cfg info VapProfileID:4, VlanId:200, IsBoundVlanPool:0, HacServiceVlanInPool:0, MaxUserNumber:64, VlanMobilityGroupId:1, HomeAgent:0, Fordward:0 Bssid:18de-d777-c122, ssid:portal_76, Ap mac:18de-d777-c120, Ap name:AP-10, AC IP:100.1.1.1, IsDot1xOrWapi:0, Is Ppsk:0, l3 switch:0	The VAP configuration (VapProfileID:4) is obtained. You can run the display vap-profile all command to query VapProfile corresponding to the index (the index starts from 0 with Name of default) in ascending order. [AC] display vap-profile all FMode : Forward mode STA U/D : Rate limit client up/down VAP U/D : Rate limit VAP up/down BR2G/5G : Beacon 2.4G/5G rate -------------------------------------------------------------------------------------------------------------------------------------- Name FMode Type VLAN AuthType STA U/D(Kbps) VAP U/D(Kbps) BR2G/5G(Mbps) Reference SSID -------------------------------------------------------------------------------------------------------------------------------------- default direct service VLAN 1 Open -/- -/- 1/6 0 HUAWEI-WLAN vapdot1x tunnel service VLAN 200 WPA2+802.1X -/- -/- 1/6 3 dot1x_test vap_localportal tunnel service VLAN 200 Open+Portal -/- -/- 1/6 3 localportal_test test tunnel service VLAN 200 Open+Portal/MAC -/- -/- 1/6 3 portal_76 -------------------------------------------------------------------------------------------------------------------------------------- Total: 4
5	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process STA associate request message:(ApId:0 RadioId:0 WlanId:3 EssId:4 Assoc Type(1:Assoc,2:Reassoc):1 Vlan:200, Type:3093, Seq Num:238, Max num:64).	The WLAN module processes the association request packet of the STA, searches for the AP group bound to the AP ID, and searches for the VAP bound to the AP group. RadioId:0 indicates 2.4 GHz and RadioId:1 indicates 5 GHz.
6	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Check vap ap reach max proc(Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000. [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Add sta data roam info 0:MgIP: 0.0.0.0, IpVer:2, StaDataIp:0, Ret:1 [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Add sta data roam info 1:MgIP: 0.0.0.0, Ap2AcIP:100.1.1.1 [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send STA associate response message. (FT access:0, FT roam:0, Flag:1, loacl:1, Type:8) [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send STA associate response message. (Ap:0, Radio:0, WlanId:3, Type:1, Code:0, Len:326, OpType:0, Flag:0, Detect:1) [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Begin Add STA Skip request message (AP:0, Radio:0,WlanId:3). [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process add STA response message (Radio:0, Wlan:3, OpType:0, TryTimes:1 Code:0). [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process STA authentication done request(Auth Code:0, State:2, Assoc flag:0, Cache Flag:0, Ft Flag:0).	The WLAN module processes the association request packet from the STA.
7	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WADP] Send authentication request message to UCM. srcChannelId = 187, dstChannelId = 232, WmiForkId = 7168, EsapForkId = 7168 Interface: 93018000, Vlan:200, AuthMethod:32, User DownReason:0, Roam Flag:0, FwdDirect:0, UserAclNum:4294967295. AP ID:0, Fwd Mode:0, Service Vlan:200, Access Type:32, Radio ID:0, AP State:9, Phy IfIndex:0, Roam flag:0. Ap Mac:18de-d777-c120, Ap Name:AP-10, SSID:portal_76, AP IP:100.1.1.114, AC IP:100.1.1.1, Ret code:0. Rssi[42], TerminalPosX[0], TerminalPosY[0], OpenFlag[0], UsrGrp[0], serVlan[200], UsrVlan[0], UserName[], Sn[369]	The WLAN module sends an authentication request packet to the UCM module. Service Vlan:200 indicates service VLAN 200. Access Type:32 indicates the encryption type in a security profile. 26 wapi psk 27 wpa1 802.1x 28 wpa1 psk 29 wpa2 802.1x 30 wpa2 psk 32 open
8	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WLAN_STA_INFO_AP_ASSOCIATE]ACMAC:84-5b-12-69-22-e8;ACNAME:AC6605_8_76;APMAC:18-de-d7-77-c1-20;APNAME:AP-10;APIP:100.1.1.114;RADIO:0;BAND:2.4G;SSID:portal_76;ACCESS TYPE:Open+Portal/MAC;USER:84c9b27247e0;MAC:84-c9-b2-72-47-e0;ASSOCDURATION:37457us;TIME:1605337092;ZONE:UTC+0800;DAYLIGHT:false;ERRCODE:0;RESULT:Success;	The STA is successfully associated with the SSID, and the SSID and authentication mode are displayed.
9	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSEC] WEP (Open or Share-Key) authentication is in AP. It will return OK in AC (Code:0). [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process associate authentication successfully(State:2, Pre AP:4294967295). [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] End Add STA Skip request message (AP:0, Radio:0,WlanId:3, Type:0, Same VAP:0). [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] STA (Re)associate request first assoc request response (Type:3093, Code:0). [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] End to process STA first associate add request (Code:0).	The WLAN module successfully processes the association request packet and sends an association response packet to the STA.
10	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_AUTH_REQ from WLAN module (msg code: 184 CID:80).	The UCM module receives an authentication request packet from the WLAN module.
11	[BTRACE][2020/11/14 14:58:12][7168][EAPoL][84c9-b272-47e0]:Get domain by global config.(domain=default)	The EAP module searches for the MAC authentication domain and finds the global default domain default because the authentication domain is not specified using the domain mac-authen force and domain xxx commands in the system view.
12	[BTRACE][2020/11/14 14:58:12][7168][EAPoL][84c9-b272-47e0]:Get mac-authen user name successfully.(username=84c9b27247e0)	The EAP module obtains the user name for MAC address authentication.
13	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Get user name successfully.(username=84c9b27247e0)	The UCM module uses the MAC address as the user name.
14	[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]: [CM NAC Get User Domain Index].(ForceDomain=(null), DomainIndex=0, IsForceDomainCfg=0)	The global default domain default is found because the forcible authentication domain is not specified using the access-domain xxx force command in the authentication profile. <AC> display domain ------------------------------------------------------------------------- index DomainName ------------------------------------------------------------------------- 0 default 1 default_admin 2 radius 3 ad 4 ldap ------------------------------------------------------------------------- Total: 5
15	[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:cib is optimized for struct CM NAC WLAN[CM NAC Fill ExtendCib]:ulApId = 0,ucRadioId = 0,ucWirelessAccessType = 32.	The UCM module fills WLAN information in the user table.
16	[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]: [CM NAC Find Access Type Auth Seq](AccessType=27, seqIndex=4) [BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]: [Auth Req AAA Proc Check]Change to MAC.(AccessType=23, seqIndex=1)	The UCM module sets the user authentication sequence. AccessType=27 indicates that the authentication is initiated by the WLAN module, and AccessType=23 indicates that the authentication mode is MAC address authentication.
17	[BTRACE][2020/11/14 14:59:20][7168][EAPoL][84c9-b272-47e0]:Get domain by global config.(domain=default)	The global default domain default is found because permit-domain is not configured in the authentication profile.
18	BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]: [CM NAC Get Mac User Domain](ForceDomain=, ForceDomainIndex=2)	The UCM module obtains the authentication domain based on the authentication domain configuration in the authentication profile.
19	[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 18DE-D777-C120.	The UCM fills in the AP information in the message to be sent.
20	[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:CM send authentication request message to AAA module (CID:81).	The UCM module sends an authentication request packet to the AAA module.
21	[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]: CM Send Auth Ack Msg to TID IPC WLAN. (result=0, isWlanMacAuth=1) [BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:CM send authentication ack message to WLAN module (CID:81).	The UCM module sends an authentication response packet to the WLAN module. result=0 indicates that the UCM module properly processes the WLAN authentication request packet.
22	[BTRACE][2020/11/14 14:59:20][7168][CM][84c9-b272-47e0]:State from IDLE(substate:BUTT) to AUTH(substate:BUTT). (cib=81, event=AUTH_REQ)	The UCM authentication status changes from IDLE to AUTH.
23	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]: AAA receive AAA_SRV_MSG_AUTHEN_REQ message(31) from UCM module(232).	The AAA module receives an authentication request packet from the UCM module.
24	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]: DestIndex:81 SrcIndex:81 Slot:7168 User:84c9b27247e0 Password:*** MAC:84c9-b272-47e0 Slot:0 SubSlot:0 Port:0 VLAN:200 IP:255.255.255.255 AccessType:mac AuthenType:PAP AdminLevel:0 EapSize:0 AuthenCode:Invalid ulInterface:2466349056 ChallengeLen:16 ChapID:0 LineType:0 LineIndex:0 PortType:19 AcctSessionId:AC6605_0000000000020056b8840100051	Content of the authentication request packet received by the AAA module is displayed.
25	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]: AAA_MAIN initiate NormalAuthenReq event to AAA_AUTHEN module. CID:0 Result:0 Info:542417012	The AAA module processes the authentication packet.
26	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest	The authentication domain domaintest carried in the authentication request is obtained.
27	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.	The authentication policy is obtained based on the authentication profile (priority: authentication policy bound to the authentication profile > authentication policy bound to the authentication domain), and then the authentication mode (RADIUS) is obtained based on the authentication policy.
28	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]: AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235).	The AAA module sends an authentication request packet to the RADIUS module.
29	[BTRACE][2020/11/14 14:59:20][7168][AAA][84c9-b272-47e0]: CID:105 TemplateNo:4 SerialNo:4294967295 PriyServer::: Vrf:0 SendServer::: Vrf:0 AccessType:mac AuthenMethod:PAP UserName:84c9b27247e0 Password:*** Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056 CID:16465 AcctSessionId:AC6605_0000000000020056b8840100051 PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255 EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255 IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0 ProductID:AC szVersion:Huawei AC6605-26-PWR SecurityStr:	Content of the packet sent by the AAA module to the RADIUS module is displayed.
30	[BTRACE][2020/11/14 14:59:20][7168][RADIUS][84c9-b272-47e0]:Receive authentication request message from AAA module.	The RADIUS module receives a packet from the AAA module.
31	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Send a authentication request packet to radius server( server ip = 172.168.10.6).	The RADIUS module sends an authentication request packet to the RADIUS server.
32	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Protocol: Standard Code : 1 Len : 468 ID : 12 [User-Name ] [14] [84c9b27247e0] [User-Password ] [18] [aa c3 ee 42 f6 dc cd dd 75 df 5d ea f4 5a b6 33 ] [NAS-Port ] [6 ] [200] [Service-Type ] [6 ] [2] [Framed-Protocol ] [6 ] [1] [Calling-Station-Id ] [16] [84c9-b272-47e0] [NAS-Identifier ] [13] [AC6605_8_76] [NAS-Port-Type ] [6 ] [19] [NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200] [Called-Station-Id ] [29] [18-DE-D7-77-C1-20:portal_76] [NAS-IP-Address ] [6 ] [172.168.10.76] [Acct-Session-Id ] [36] [AC6605_00000000000200580fd60100050] [WLAN-Pairwise-Cipher ] [6 ] [0] [BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: [WLAN-Group-Cipher ] [6 ] [0] [WLAN-AKM-Suite ] [6 ] [0] [WLAN-Group-Mgmt-Cipher ] [6 ] [0] [HW-NAS-Startup-Time-Stamp ] [6 ] [1604918038] [HW-IP-Host-Address ] [35] [255.255.255.255 84:c9:b2:72:47:e0] [HW-Connect-ID ] [6 ] [16464] [HW-Version ] [22] [Huawei AC6605-26-PWR] [HW-Product-ID ] [4 ] [AC] [HW-AP-Information ] [16] [18DE-D777-C120] [HW-Access-Type ] [6 ] [2] [HW-User-Extend-Info ] [38] [AP-Device-Code=19220382118ded777c120] [HW-User-Extend-Info ] [18] [TERMINAL-POS-X=0] [HW-User-Extend-Info ] [18] [TERMINAL-POS-Y=0] [HW-User-Extend-Info ] [18] [Wifi-Density=-53] [HW-User-Extend-Info ] [27] [HW-Access-Time=1605337092] [HW-Domain-Name ] [12] [domaintest]	Content of the packet sent to the RADIUS server is displayed. Code description: 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response 43: COA request 44: COA ACK 45: COA NAK User-Name: 84c9b27247e0 indicates the user name. NAS-IP-Address: 172.168.10.76 indicates the IP address of the access device.
33	[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive authentication ACK from UCM (Ret Code:0, Reason Code:0). [BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive authentication ACK from UCM (Ret Code:0, Reason Code:0). [BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process associate authentication STA up sucessfully. StaupType = 1.	The WLAN module receives an authentication response packet from the UCM module (not displayed in the locally collected trace information).
34	[BTRACE][2020/11/14 14:59:20][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive authentication ACK from UCM (Code:0, Reason Code:0, Current SN:370, Response SN:370).	An authentication response packet is received from the UCM module. Code:0 indicates that the authentication is successful.
35	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Received a authentication reject packet from radius server(server ip = 172.168.10.6).	After receiving a RADIUS reject packet from the RADIUS server, MAC address authentication fails. (MAC address-prioritized Portal authentication fails for the first time. After Portal authentication succeeds, the RADIUS server adds user information so that the next MAC address authentication can succeed.)
36	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Server Port : 1812 Protocol: Standard Code : 3 Len : 82 ID : 12 [Reply-Message ] [62] [ErrorReason is No authorization rule is matched.ErrCode:4153]	The RADIUS server at 172.168.10.6 sends a response packet. The source UDP port number is 1812 and the packet ID is 12. Code description: 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response 43: COA request 44: COA ACK 45: COA NAK
37	[BTRACE][2020/11/14 14:58:12][7168][RADIUS][84c9-b272-47e0]:Send authentication reject message to AAA.	The RADIUS module sends an authentication response packet to the AAA module.
38	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]: AAA receive AAA_RD_MSG_AUTHENREJECT message(51) from RADIUS module(235).	The AAA module receives an authentication success packet from the RADIUS module.
39	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]: CID:101 TemplateNo:4 SerialNo:4294967295 SrcMsg:AAA_RD_MSG_AUTHENREQ PriyServer::: Vrf:0 SendServer:172.168.10.6 Vrf:0 SessionTimeout:0 IdleTimeout:0 AcctInterimInterval:0 RemanentVolume:0 InputPeakRate:0 InputAverageRate:0 OutputPeakRate:0 OutputAverageRate:0 InputBasicRate:0 OutputBasicRate:0 InputPBS:0 OutputPBS:0 Priority:[0,0] DNS:[0.0.0.0, 0.0.0.0] ServiceType:0 LoginService:0 AdminLevel:0 FramedProtocol:0 LoginIpHost:0 NextHop:0 EapLength:0 ReplyMessage:ErrorReason is No authorization rule is matched.ErrCode:4153 TunnelType:0 MediumType:0 PrivateGroupID: WlanReasonCode:0	Content of the packet that the AAA module receives from the RADIUS module is displayed.
40	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]:Radius authentication is rejected.	The AAA module displays the authentication failure cause.
41	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]: [AAA ERROR]authen finish,the authen fail code is:6,reason is:Radius authentication is rejected.	The AAA module displays the error code and cause of the authentication failure. Error code 6 indicates that the RADIUS server rejects the authentication request.
42	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]: AAA send AAA_SRV_MSG_AUTHEN_ACK message(36) to UCM module(232).	The AAA module sends an authentication response packet to the UCM module.
43	[BTRACE][2020/11/14 14:58:12][7168][AAA][84c9-b272-47e0]: DestIndex:80 SrcIndex:80 Slot:4294967295 Result:1 DomainIndex:2 ServiceScheme:65535 AuthedPalace:3 VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0 IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0 SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295 EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295 RTAcctInterval:4294967295 Priority:[255,255] AdminLevel:255 NextHop:4294967295 Role:0 LiAdmin:0 EapSize:0 ReplyMessage:ErrorReason is No authorization rule is matched.ErrCode:4153 TunnelType:0 MediumType:0 PrivateGroupID: SerialNo:4294967295 WlanReasonCode:0	The AAA module prints the content of the authentication response packet. Result: 0: successful authentication 1: authentication failure 2: authentication challenge 3: CUT (offline) DomainIndex: Run the display domain command to query the index of the authentication domain. AuthedPalace: 1: non-authentication 2: local authentication 3: RADIUS authentication 4: TACACS authentication 5: LDAP authentication 6: AD authentication 7: HACA authentication
44	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive AAA_SRV_MSG_AUTHEN_ACK from AAA module (msg code: 36 CID:80).	The UCM module receives an authentication response packet.
45	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Get Local Authorize]Authen ACL str len.(len=0) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_CIB_S] enter in CMNACFillAAAAckInfo. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_CIB_S] enter in CM_NAC_ProAckInfo. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Come in CMFillAcctInfo. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Cib acct data is null in CMFillAcctInfo.	The UCM module records the authentication response packet from the AAA module in the CIB table.
46	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:User authentication fail (CID:80).	The UCM module receives an authentication failure packet.
47	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM NAC State Auth Entity, CurrAccessType:23, DownReason:130, WlanReasonCode:4294967295	The UCM module controls the switching of the hybrid authentication type. The current authentication type is MAC address authentication. CurrAccessType: authentication type. 1: Telnet 2: Console port 3: SSH 13: 802.1X 23: MAC 24: Portal 27: WLAN 30: Pre-connection DownReason:130 indicates that the RADIUS server rejects the request.
48	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC ISOFFLINE](Down Reason:130) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Begin to get local authorization, NewAuthorizeType = 3.	The UCM module performs local authorization for the user. NewAuthorizeType: authorization type. 1: The user is in pre-connection state. 2: The 802.1X client does not respond. 3: The authentication fails. 4: The Portal server is Down. 5: The RADIUS server is Down.
49	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Judge local authorization(Radius server down), NewAuthorizeType = 3.	Whether authorization upon an authentication failure exists is queried.
50	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CFGMGR GetEventAuthorzation] HttpToCpuFlag:1, Dot1xUrlFlag:0	Authorization content is queried based on the authorization type.
51	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Judge local authorization, NewAuthorizeType = 1.	Whether pre-connection authorization exists is queried.
52	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CFGMGR GetEventAuthorzation] HttpToCpuFlag:1, Dot1xUrlFlag:0	Authorization content is queried based on the authorization type.
53	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Get local authorization over, NewAuthorizeType = 1.	Obtaining authorization content ends. The authorization type is described as follows: 1: The user is in pre-connection state. 2: The 802.1X client does not respond. 3: The authentication fails. 4: The Portal server is Down. 5: The RADIUS server is Down.
54	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM Make OffLine Record, OnlineFail:1, IsOver:0, AccessType:0.	The UCM module adds user going-online failure records, which can be queried using the display aaa online-fail-record mac-address 84c9-b272-47e0 command.
55	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CFGMGR GetEventAuthorzation] HttpToCpuFlag:1, Dot1xUrlFlag:0	Authorization content is queried based on the authorization type.
56	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=81, CM EVENT START NEXT AUTH=58) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:State from AUTH(substate:BUTT) to GLOCTRL(substate:PREAUTHEN). (cib=80, event=CM_EVENT_GC_USER_ACCESS_REQ) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:State from GLOCTRL(substate:PREAUTHEN) to ADDUSER(substate:BUTT). (cib=80, event=NAC_PRE_AUTHEN)	The UCM authentication status changes from AUTH to GLOCTRL. The UCM authentication status is changed from GLOCTRL to ADDUSR.
57	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM NAC Proc Port Vlan]Vlan change.(IfIndex=2466349056, IsPortBased=0, newVlan=0, VlanType=3, IsPortbasedGuestAuthened=0)	The UCM module processes authorization VLAN information. newVlan=0 indicates that no authorization VLAN exists. VlanType: authorization VLAN type. 0: dynamical authorization VLAN 1: guest VLAN 2: voice VLAN 3: unauthorized VLAN
58	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM_NAC_CheckIfClearVlan] clear authorised vlan, set modify flag.	The UCM module clears ISP VLAN information, which is redundant and can be ignored.
59	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC CheckIfSupportAuthor](PreAuthFlag 1 RemarkInGroupFlag 0 CarFlag 0 authormap 0x 00000000 00000000 accesstype 0 ulRet 1).	The UCM module checks whether user authorization is supported. ulRet 1 indicates that authorization is supported.
60	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM Get MCIB Info] Cid:80, FixedCid:16464	The UCM module prepares the authorization information to be delivered. Cid indicates the user ID of the core where the user resides in the multi-core scenario, and FixedCid indicates the globally unique user ID in the multi-core scenario.
61	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535]	The UCM module prints authorization information. UserGroupID: indicates the authorized user group. 65535 is an invalid value. UclGroupID: indicates the authorized UCL group. 65535 is an invalid value. usAclID: indicates the authorization ACL. 65535 is an invalid value. v6AclID: indicates the authorization IPv6 ACL. 65535 is an invalid value.
62	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 1, OldPreAuthFlag = 0,Cib AccessType = 0.	The UCM module prints authorization information. PreAuthFlag = 1 indicates that the current authorization mode is pre-connection authorization.
63	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM UserGroup = 65535, UclGroup = 65535, UserGroupPriority = 255.	The UCM module prints authorization information. UserGroup: indicates the authorized user group. 65535 is an invalid value. UclGroup: indicates the authorized UCL group. 65535 is an invalid value. UserGroupPriority: indicates the authorized user priority. 65535 is an invalid value.
64	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:RemarkDscp = 255 Remark8021p = 255 DnRemark8021p = 255 DnRemarkDscp = 255. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Get QosInfo From Nac] CM send QoS to TM. UserName=,Valid=0,Cir=0,Pir=0,FlowMappingProfileIndex=0,FlowQueueProfileIndex=0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac ucUserGroupChanged = 0, HttpsToCpuFlag:0, Dot1xUrlFlag:0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM Get MCIB Info]DetectVlanId=0, Cib GateWay=0xffffffff.	The UCM module prints authorization information.
65	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_SendSetTableMsg: CID:80, Command:0,UserGroup:65535 UclGroupId:65535, aclNum:65535,usAclID[65535,65535,65535,65535],ucHttpFwdFlg=0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_SendSetTableMsg: OldDestSlotFlag:0x 00000000 00000000 00000000 00000000, NewDestSlotFlag: 0x 00000000 00000000 00000000 00000001 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Proc Lpu](OpType=0, WlanFlag=1, WANFlag=0, vlan=0, Ret=0).	The UCM module prints authorization information. Both Command:0 and OpType=0 indicate the authorization type. 0: add 1: delete 2: modify 3: synchronously delete Ret=0 indicates that the authorization packet is sent successfully.
66	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:Open user access ability (CID:80).	The UCM module clears the count of going-online failures of 802.1X users. This trace information is redundant and can be ignored.
67	[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]SrcNode = 7168, DstNode = 7168. [TM DBG] Rev CM_SET(MsgCode=197) from UCM. Slot:7168 SourceIndex:80 Command:ADD_CIB Slot:0 . [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.Index:162 [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.(OpType=0) (mac=84c9-b272-47e0, IPV6=00000000:00000000:00000000:00000000, IPV4=0xffffffff, Slot=0, ISPVlan=0) (AuthVlan=0, AuthVlanType=3, PvcVlan=200, PvcVlanType=3, UsrGroup=65535, UclGroup=65535, IsPortBased=0, IfIndex=2466349056) (PreAuthFlag=1,OldPreAuthFlag=0, AuthModifyBmp=0x4, ArpDeny=0,ucHttpFwdFlg=0) (UserGroupPriority=255) [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG] (WlanFlag=1, RemoteUser=0, UCRemoteUser=0) [BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.(ForwardInterface=0,ForwardPdtIndex=0, ISPVlan=0)	The TM module processes the authorization packet sent by the UCM module.
68	[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]: TM send authorization para info to Ap: AclID = 65535,65535 UpRateLimitValue = -1 DownRateLimitValue = -1 Mac = 84c9-b272-47e0 Isolated = 0 InterIsolated = 0 VLAN = 200 UserGroup = 65535 UclGroup = 65535 Optype = 0 UserUpFlag = 1 PushFlag = 0 AccessType = 0 IsPortBased = 0 UserVlanType = 3 AuthenUserAddCIB = 1 IfIndex = -1828618240 IpAddr = 255.255.255.255 VrfIndex = 0 Cid = -1 PortalLayer3Flag = 0 AckIndex = 162 preauthfalg = 1 httpflag = 1 denyallflag = 1 UpFlowstatistics = 0 DownFlowstatistics = 0 Redirect AclId = 65535, RedirectURL = , IPSecFlag = 2, ArpDeny = 0,fwdflg=0	The TM module sends an authorization packet to the AP.
69	[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Send static user ap tunnel info oper event return (Type:5, ap:0, vlan:200) [BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Oper config fwd user elb (Type:1, Ap:0, radio:0, wlan:3, vlan:200) [BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Update fwd elb tunnlel port (Type:1, ap:0, radio:0, wlan:3, vlan:200, access mode:0, direct:0, tunnel:1, vap:1, code:0) [BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Process user auth update elb table (ap:0, radio:0, wlan:3, vlan:200, Code:0) [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Qos remark info new (In:255, out:255, in1p:255, out1p:255, inDscp:255, outDscp:255).Url len:0, send len:173 [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]User auth update elb table (ap:0, radio:0, wlan:3, vlan:200, ap fork:2048, old ap fork:4294967295) [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] UpDateStaAccessVlan Same Vlan Return [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Update sta user name 84c9b27247e0	The WLAN module processes user authorization information.
70	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WADP] Send User Authorization Info to Ap. (ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:0,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295 UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:1,BeforeAuth_En:1,DenyAll:1,ServiceVlan:200 AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)	The WLAN module forwards AP authorization information to the AP.
71	[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0) [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:0, Code:0, Id:162. [BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)	The WLAN module sends the AP authorization result to the TM module.
72	[BTRACE][2020/11/14 14:58:12][7168][TM][84c9-b272-47e0]:TM send ack message to CM module, result: Add CIB OK	The TM module sends an authorization response packet to the UCM module.
73	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_CIB_SET_ACK from TM module (msg code: 198 CID:80). [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: In ADD USER recevie CM_EVENT_ADD_SUCCESS clear authorize modify bitmap.	The UCM module receives an authorization response packet.
74	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM Add Aging Dll] wlan user, no need to proc. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Send Auth Ack](DownModule=0, NewAuthorizeType=1, AckModuleId=187, ExpResult=8, CMAAAAuth=0x2055e54c). [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=0, NacCib ReauthTimeLen=1800). [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer]set ReauthTimeLen 0. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[AfterUp]No Start Acct: (IPValid 0,StartAcctWithIP 1)	Performs processing before the user table status of the UCM module goes Up. If "[CM NAC Start Reauth Timer].(TimeLen=xx)" is displayed, re-authentication is enabled. If no information is displayed, re-authentication is disabled.
75	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:State from ADDUSER(substate:BUTT) to UP(substate:BUTT). (cib=80, event=ADD_OK) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=58, CM EVENT START NEXT AUTH=58)	The user table status of the UCM module is changed from ADDUSER to UP.
76	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](AAASuccFlag=0, AuthSeqIndex=1) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](currentAccessType=23, AuthSeqIndex=1, MaxFailTimes=1, FailTimes=1, AuthorizeType=1) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Restart New Auth](NewAccessType=24) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=0, NacCib ReauthTimeLen=0). [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer]set ReauthTimeLen 0.	After the user table status of the UCM module goes Up, the authentication mode is switched from MAC address authentication to Portal authentication. AccessType: 1: Telnet 2: Console port 3: SSH 13: 802.1X 23: MAC 24: Portal 27: WLAN 30: Pre-connection DownReason: 130: The authentication request is rejected by the RADIUS server.
77	[BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3024 Vcpu:7 Ret:0 Len:72. [BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3034 Vcpu:7 Ret:0 Len:64. [BTRACE][2020/11/14 14:58:12][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3036 Vcpu:7 Ret:0 Len:88.	STA traffic distribution information is displayed.
78	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_NAC_TransWlanUpdateIpMsg: Recieve update ip message from Wlan,CID = 80, OpeType = 0, IpVersion =0 ip v4=200.1.1.231, Ipv6=C801:1E7::.	When the UCM module receives an IP address change event from the WLAN module, it prints the event twice. The second printing is redundant. OpeType = 0 indicates the operation of changing the IP address. 0: add 1: delete IpVersion =0 indicates the IP version. 0: IPv4 1: IPv6
79	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM NAC Update Ip Process (mac:84c9-b272-47e0 ip:200.1.1.231 ipv6::: vrf:0) [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM SetCibUserIP: ucIsUpdateV6 = 0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM SetCibUserIP: Update ipv4 = 0xc80101e7 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM SetCibUserIP:add hash ip, ulNewIpv4Addr = 0xc80101e7 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM NAC Update Ip Process]: pstCib->ucUserType = 1 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Update Ip], new IP=0xc80101e7 new IPV6=:: vrf = 0	The UCM module updates IP information in the user table. (pstCib->ucUserType = 1: 1 - IPv4 address; 2 - IPv6 address) Check the IP address in the user table. [AC] display access-user ------------------------------------------------------------------------------------------------------ UserID Username IP address MAC Status ------------------------------------------------------------------------------------------------------ 16464 84c9b27247e0 200.1.1.231 84c9-b272-47e0 Pre-authen ------------------------------------------------------------------------------------------------------
80	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: In UP set UPDATE_IP to modify trigger bitmap.	The IP address update event triggers UCM re-authorization.
81	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535] [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 1, OldPreAuthFlag = 0,Cib AccessType = 0. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:NotifyTM UserGroup = 65535, UclGroup = 65535, UserGroupPriority = 255. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:RemarkDscp = 255 Remark8021p = 255 DnRemark8021p = 255 DnRemarkDscp = 255. [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:[CM NAC Get QosInfo From Nac] CM send QoS to TM. UserName=,Valid=0,Cir=0,Pir=0,FlowMappingProfileIndex=0,FlowQueueProfileIndex=0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac ucUserGroupChanged = 0, HttpsToCpuFlag:0, Dot1xUrlFlag:0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [CM Get MCIB Info]DetectVlanId=0, Cib GateWay=0xffffffff.	The UCM module authorizes information.
82	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_SendSetTableMsg: CID:80, Command:2,UserGroup:65535 UclGroupId:65535, aclNum:65535,usAclID[65535,65535,65535,65535],ucHttpFwdFlg=0 [BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: CM_SendSetTableMsg: OldDestSlotFlag:0x 00000000 00000000 00000000 00000001, NewDestSlotFlag: 0x 00000000 00000000 00000000 00000001	The UCM module sends an authorization packet to the TM module. Command:2 indicates the authorization action. 0: add 1: delete 2: modify
83	[BTRACE][2020/11/14 14:58:12][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send dhcp option info to UCM(num:3, code:0)	The WLAN module notifies the UCM module of DHCP options learned by the AP.
84	[BTRACE][2020/11/14 14:58:12][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Come in CMSendRealTimeAcctRequest.	The UCM module receives a DHCP option packet from the STA and triggers real-time accounting.
85	[BTRACE][2020/11/14 14:58:14][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] ap process syn elb table same return. [BTRACE][2020/11/14 14:58:14][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process send elb syn message (ap:0,radio:3,wlan:3,code:0) [BTRACE][2020/11/14 14:58:14][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging. [BTRACE][2020/11/14 14:58:15][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSS] Ap report probe message flow process (number:17, ap:0, radio:0, event:1, RSSI:-54). [BTRACE][2020/11/14 14:58:15][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3134 Vcpu7dis [BTRACE][2020/11/14 14:58:19][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process recv elb aging message. [BTRACE][2020/11/14 14:58:19][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] Ap process send elb aging message (ap:0, radio:3, wlan:3) [AC6605_8_76] [BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet Delay:4 [BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet access time:150 [BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3115 Vcpu7 [BTRACE][2020/11/14 14:58:22][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3066 Vcpu7 [BTRACE][2020/11/14 14:58:24][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging. [BTRACE][2020/11/14 14:58:33][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Come in CMSendRealTimeAcctRequest. [BTRACE][2020/11/14 14:58:34][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process send elb syn message (ap:0,radio:3,wlan:3,code:0) [BTRACE][2020/11/14 14:58:34][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging. [BTRACE][2020/11/14 14:58:34][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] ap process syn elb table same return. [BTRACE][2020/11/14 14:58:39][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][ELB-SYN] Sta process recv elb aging message. [BTRACE][2020/11/14 14:58:39][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][ELB-SYN] Ap process send elb aging message (ap:0, radio:3, wlan:3)	The WLAN module generates redundant information, which can be ignored.
86	[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0): Version : 2 Type : authentication request Method : pap SerialNo : 58879 RequestID : 0 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 2 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully. 02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02 bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f 01 07 74 65 73 74 31 02 07 74 65 73 74 31 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive authentication request packet from portal srever.	The WEB_FC module receives an authentication request packet from the Portal server. To display information exchanged between the device and Portal server, run the trace object ip-address x.x.x.x command.
87	[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Send packet to NodeID(7168).(UserIP=3355509223)	The WEB_FC module forwards the authentication request packet to the WEB module.
88	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Received packet from socket (length = 46 Vrf = 0): Version : 2 Type : authentication requestMethod : pap SerialNo : 58879 RequestID : 0 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 2 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB receive packet from portal server successfully. 02 03 01 00 e5 ff 00 00 c8 01 01 e7 00 00 00 02 bb ef 05 67 ce 69 d5 13 d9 82 28 9c 6f cc d9 7f 01 07 74 65 73 74 31 02 07 74 65 73 74 31 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:[WEB Proc PS Msg] Server IP = 172.168.10.6, Server Vrf = 0	The WEB module receives an authentication request packet from the Portal server forwarded by the WEB_FC module. The authentication mode is PAP, and the IP address of the Portal server is 172.168.10.6.
89	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal srever. [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authentication request packet from portal server.(ReqID=15) [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Start a new authentication. [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send auth-req msg: [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:CID : 80 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ReqID : 15 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:AuthType : 0 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:UserName : test1 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:ChapId : 0 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEBIP : 202116102 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Version : 2 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send authentication request message to cm successfully(userid=80,requestid=15)	The WEB module processes the Portal authentication request packet and sends the authentication request packet to the UCM module.
90	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC State Up Entity]Received auth request.(cid=80, AccessType=24, Reason=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Check ReAuth Req]NEW ACCESS TYPE IS 24,OLD ACCESS TYPE IS 0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [CM NAC_CheckReAuthReq] User has V4 address 3355509223.	When receiving a Portal authentication request packet from the WEB module, the UCM module switches the authentication mode to Portal authentication. AccessType: 1: Telnet 2: Console port 3: SSH 13: 802.1X 23: MAC 24: Portal 27: WLAN 30: Pre-connection
91	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [CM NAC Refresh IpHash By Vrf]NewVrf=0, oldVrf=0	The UCM module updates the VPN index in the authentication entry.
92	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Fill ReAuth Info](AckModId=0x48, AccessType=24, AuthModIndex=15, PortalLayerFlag:1	Re-authentication information of the UCM module is displayed. AccessType=24 indicates Portal authentication. PortalLayerFlag:1 0: invalid 1: Layer 2 Portal 2: direct mode 3: Layer 3 Portal 4: user with a static IP address
93	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [CM NAC Get User Domain Index].(ForceDomain=(null), DomainIndex=2, IsForceDomainCfg=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Fill ReAuth Info]Auth Req Eap Size = 0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC ReAuth Start](AccessType=24, oldAccessTyep=0, WlanFlag=1, DetectTimeLen=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 18DE-D777-C120.	Re-authentication information of the UCM module: DomainIndex=2. <AC> display domain -------------------------- index DomainName -------------------------- 0 default 1 default_admin 2 radius 3 ad 4 ldap --------------------------- Total: 5
94	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM send authentication request message to AAA module (CID:80).	The UCM module sends an authentication request packet to the AAA module.
95	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from UP(substate:BUTT) to AUTH(substate:BUTT). (cib=80, event=BUTT)	The status of authentication entries on the UCM module is changed from UP to AUTH.
96	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:HSB event: CIB UserMac is 84c9-b272-47e0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[UCM_BAK] End to encap fix . [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:HSB event: CIB msg send fail!	When HSB is disabled on a device, the device fails to send HSB backup messages.
97	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA receive AAA_SRV_MSG_AUTHEN_REQ message(31) from UCM module(232).	The AAA module receives an authentication request packet from the UCM module.
98	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: DestIndex:80 SrcIndex:80 Slot:7168 User:test1 Password:*** MAC:84c9-b272-47e0 Slot:0 SubSlot:0 Port:0 VLAN:200 IP:200.1.1.231 AccessType:web AuthenType:PAP AdminLevel:0 EapSize:0 AuthenCode:WEB ulInterface:2466349056 ChallengeLen:16 ChapID:0 LineType:0 LineIndex:0 PortType:19 AcctSessionId:AC6605_000000000002002cad1b0100050	Content of the authentication request message received by the AAA module is displayed. User:test1 indicates that the user name is test1. AccessType:web indicates that the authentication mode is Portal authentication.
99	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA_MAIN initiate NormalAuthenReq event to AAA_AUTHEN module. CID:0 Result:0 Info:542338972	The AAA module initializes the authentication request packet.
100	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:User authentication domain name is domaintest	The AAA module records the authentication domain sent by the UCM module.
101	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.	The AAA module records the current authentication mode.
102	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235).	The AAA sends an authentication request packet to the RADIUS module based on the authentication mode.
103	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: CID:102 TemplateNo:4 SerialNo:4294967295 PriyServer::: Vrf:0 SendServer::: Vrf:0 AccessType:web AuthenMethod:PAP UserName:test1 Password:*** Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466349056 CID:16464 AcctSessionId:AC6605_000000000002002cad1b0100050 PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:200.1.1.231 EapLength:0 StartupTimeStamp:1604918038 LoginIP:255.255.255.255 IPHostAddr:200.1.1.231 84:c9:b2:72:47:e0 ProductID:AC szVersion:Huawei AC6605-26-PWR SecurityStr:	Content of the packet sent by the AAA module to the RADIUS module is displayed.
104	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:Receive authentication request message from AAA module.	The RADIUS module receives an authentication request packet from the AAA module.
105	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Send a authentication request packet to radius server( server ip = 172.168.10.6).	The RADIUS module sends an authentication request packet to the RADIUS server.
106	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Protocol: Standard Code : 1 Len : 710 ID : 13 [User-Name ] [7 ] [test1] [User-Password ] [18] [57 4d 2a 93 10 d9 b5 fb c4 5a 3d d1 92 a2 5a 53 ] [NAS-Port ] [6 ] [200] [Service-Type ] [6 ] [2] [Framed-Protocol ] [6 ] [1] [Framed-IP-Address ] [6 ] [200.1.1.231] [Calling-Station-Id ] [16] [84c9-b272-47e0] [NAS-Identifier ] [13] [AC6605_8_76] [NAS-Port-Type ] [6 ] [19] [NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200] [Called-Station-Id ] [29] [18-DE-D7-77-C1-20:portal_76] [NAS-IP-Address ] [6 ] [172.168.10.76] [Acct-Session-Id ] [36] [AC6605_000000000002002cad1b0100050] [BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: [HW-HTTP-UA ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)] [HW-Access-Type ] [6 ] [3] [HW-User-Extend-Info ] [38] [AP-Device-Code=19220382118ded777c120] [HW-User-Extend-Info ] [18] [TERMINAL-POS-X=0] [HW-User-Extend-Info ] [18] [TERMINAL-POS-Y=0] [HW-User-Extend-Info ] [18] [Wifi-Density=-53] [HW-User-Extend-Info ] [27] [HW-Access-Time=1605337122] [HW-Domain-Name ] [12] [domaintest]	Content of the authentication request packet sent by the RADIUS module is displayed.
107	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Received a authentication accept packet from radius server(server ip = 172.168.10.6).	The RADIUS module receives an authentication success response packet from the RADIUS server.
108	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Server Port : 1812 Protocol: Standard Code : 2 Len : 20 ID : 13	Content of the authentication response packet of the RADIUS server is displayed (the IDs of the request packet and response packet are the same).
109	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:Send authentication reply message to AAA.	The RADIUS module sends an authentication response packet to the AAA module.
110	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA receive AAA_RD_MSG_AUTHENACCEPT message(50) from RADIUS module(235).	The AAA module receives an authentication response packet from the RADIUS module.
111	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: CID:102 TemplateNo:4 SerialNo:4294967295 SrcMsg:AAA_RD_MSG_AUTHENREQ PriyServer::: Vrf:0 SendServer:172.168.10.6 Vrf:0 SessionTimeout:0 IdleTimeout:0 AcctInterimInterval:0 RemanentVolume:0 InputPeakRate:0 InputAverageRate:0 OutputPeakRate:0 OutputAverageRate:0 InputBasicRate:0 OutputBasicRate:0 InputPBS:0 OutputPBS:0 Priority:[0,0] DNS:[0.0.0.0, 0.0.0.0] ServiceType:0 LoginService:0 AdminLevel:0 FramedProtocol:0 LoginIpHost:0 NextHop:0 EapLength:0 ReplyMessage: TunnelType:0 MediumType:0 PrivateGroupID: WlanReasonCode:0	Content of the packet received by the AAA module is displayed.
112	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA send AAA_SRV_MSG_AUTHEN_ACK message(36) to UCM module(232).	The AAA module sends an authentication response packet to the UCM module.
113	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: DestIndex:80 SrcIndex:80 Slot:4294967295 Result:0 DomainIndex:2 ServiceScheme:65535 AuthedPalace:3 VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0 IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0 SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295 EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295 RTAcctInterval:4294967295 Priority:[255,255] AdminLevel:255 NextHop:4294967295 Role:0 LiAdmin:0 EapSize:0 ReplyMessage: TunnelType:0 MediumType:0 PrivateGroupID: SerialNo:4294967295 WlanReasonCode:0	Content of the authentication response message sent by the AAA server is displayed. Result: 0: successful authentication 1: authentication failure 2: authentication challenge 3: CUT (offline) DomainIndex: Run the display domain command to query the index of the authentication domain. AuthedPalace: 1: non-authentication 2: local authentication 3: RADIUS authentication 4: TACACS authentication 5: LDAP authentication 6: AD authentication 7: HACA certification
114	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM receive AAA_SRV_MSG_AUTHEN_ACK from AAA module (msg code: 36 CID:80).	The UCM module receives an authentication response packet from the AAA module.
115	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Get Local Authorize]Authen ACL str len.(len=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_CIB_S] enter in CMNACFillAAAAckInfo. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_CIB_S] enter in CM_NAC_ProAckInfo. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Come in CMFillAcctInfo. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM_NAC_ChangeWlanUserServiceVlan] Wlan user service-vlan=200, author dynamic vlan: 65535, original dynamic vlan: 0, type: 3, local author bitmap: 0xffffffff. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Set Parse Ok Acl](oldUserGroup=65535, newGroupId=65535, newAclId[65535,65535,65535,65535], newAclV6Id[65535,65535,65535,65535], newUclGroupId=65535) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:UserGroupChanged:0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Set Parse Ok Acl]: default GroupID=65535 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Set Parse Ok Acl]:AclIdCache[65535,65535,65535,65535] [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[Get Authorize Info From AAA](inCarFlag=0, outCarFlag=0, GroupID=65535, VLAN=0, voiceVlanflag=0,InDscpValue=255, In8021pValue=255, ServiceSchemeName=, IdleCutFlowDirection=4, IdleCutTime=0, IdleCutSecond=0, IdleCutFlow=0,redirect acl id:65535, EapSessionTimeout=4294967295, SessionTimeout=4294967295, Priority =255,ucDownPriority =255,VlanSource:0, AccountingSep:0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM fill user authorization information (CID:80).	Authentication and authorization information is displayed.
116	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=81, CM EVENT START NEXT AUTH=58) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from AUTH(substate:BUTT) to GLOCTRL(substate:BUTT). (cib=80, event=CM_EVENT_GC_USER_ACCESS_REQ)	When the UCM entry status changes from AUTH to GLOCTRL, the number of users is increased.
117	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Goto Next State](CID=80, Event=6, CM EVENT START NEXT AUTH=58) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from GLOCTRL(substate:BUTT) to AUTH(substate:BUTT). (cib=80, event=AUTH_GC_PASS)	The UCM entry status changes from GLOCTRL to AUTH, and authentication continues.
118	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM NAC State Auth Entity, OpenUser:0,FailType:46	The UCM module processes authentication. FailType:46 indicates that the authentication is successful.
119	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:User authentication success (CID:80).	The UCM module authentication is successful.
120	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from AUTH(substate:BUTT) to ADDUSER(substate:BUTT). (cib=80, event=AUTH_GC_PASS)	The UCM entry status changes from AUTH to ADDUSER for authorization.
121	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [CM NAC Proc Port Vlan]Vlan change.(IfIndex=2466349056, IsPortBased=0, newVlan=0, VlanType=3, IsPortbasedGuestAuthened=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC CheckIfSupportAuthor](PreAuthFlag 0 RemarkInGroupFlag 0 CarFlag 0 authormap 0x 00000000 00000000 accesstype 24 ulRet 1). [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: In AUTH set PREAUTH_TO_AUTHED to modify trigger bitmap. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [CM Get MCIB Info] Cid:80, FixedCid:16464 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac:UserGroupID=65535,UclGroupID=65535,usAclID[65535,65535,65535,65535],v6AclID[65535,65535,65535,65535] [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:NotifyTM PreAuthFlag = 0, OldPreAuthFlag = 1,Cib AccessType = 0. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:NotifyTM UserGroup = 65535, UclGroup = 65535, UserGroupPriority = 255. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:RemarkDscp = 255 Remark8021p = 255 DnRemark8021p = 255 DnRemarkDscp = 255. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Get QosInfo From Nac] CM send QoS to TM. UserName=,Valid=0,Cir=0,Pir=0,FlowMappingProfileIndex=0,FlowQueueProfileIndex=0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM_NAC_GetMCIBInfoFromNac ucUserGroupChanged = 0, HttpsToCpuFlag:0, Dot1xUrlFlag:0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [CM Get MCIB Info]DetectVlanId=0, Cib GateWay=0xc8010101. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: CM_SendSetTableMsg: CID:80, Command:2,UserGroup:65535 UclGroupId:65535, aclNum:65535,usAclID[65535,65535,65535,65535],ucHttpFwdFlg=0 [BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Update elb table same return. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: CM_SendSetTableMsg: OldDestSlotFlag:0x 00000000 00000000 00000000 00000001, NewDestSlotFlag: 0x 00000000 00000000 00000000 00000001 [BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Process user auth update elb table (ap:0, radio:0, wlan:3, vlan:200, Code:0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Proc Lpu](OpType=2, WlanFlag=1, WANFlag=0, vlan=0, Ret=0). [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:Open user access ability (CID:80).	The UCM module fills in authorization information and sends an authorization request packet to the TM module. The options are as follows: 0: add 1: delete 2: modify
122	[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]: [TM DBG]SrcNode = 7168, DstNode = 7168. [TM DBG] Rev CM_SET(MsgCode=197) from UCM. Slot:7168 SourceIndex:80 Command:MODIFY_CIB Slot:0 .	The TM module receives an authorization request packet from the UCM module.
123	[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.Index:163 [BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.(OpType=2) (mac=84c9-b272-47e0, IPV6=00000000:00000000:00000000:00000000, IPV4=0xc80101e7, Slot=0, ISPVlan=0) (AuthVlan=0, AuthVlanType=3, PvcVlan=200, PvcVlanType=3, UsrGroup=65535, UclGroup=65535, IsPortBased=0, IfIndex=2466349056) (PreAuthFlag=0,OldPreAuthFlag=1, AuthModifyBmp=0x0, ArpDeny=0,ucHttpFwdFlg=0) (UserGroupPriority=255) [BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]: [TM DBG] (WlanFlag=1, RemoteUser=0, UCRemoteUser=0) [BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]: [TM DBG]Proc EventCall.(ForwardInterface=0,ForwardPdtIndex=0, ISPVlan=0)	The TM module fills in the information to be authorized.
124	[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]: TM send authorization para info to Ap: AclID = 65535,65535 UpRateLimitValue = -1 DownRateLimitValue = -1 Mac = 84c9-b272-47e0 Isolated = 0 InterIsolated = 0 VLAN = 200 UserGroup = 65535 UclGroup = 65535 Optype = 2 UserUpFlag = 1 PushFlag = 0 AccessType = 24 IsPortBased = 0 UserVlanType = 3 AuthenUserAddCIB = 1 IfIndex = -1828618240 IpAddr = 200.1.1.231 VrfIndex = 0 Cid = -1 PortalLayer3Flag = 0 AckIndex = 163 preauthfalg = 0 httpflag = 0 denyallflag = 0 UpFlowstatistics = 0 DownFlowstatistics = 0 Redirect AclId = 65535, RedirectURL = , IPSecFlag = 2, ArpDeny = 0,fwdflg=0	The TM module sends an authorization request packet to the WLAN module, carrying authorization information such as ACL and UserGroup. AclID = 65535 indicates that no authorization ACL exists. UserVlanType = 3: 0: dynamic authorization VLAN 1: guest VLAN 2: voice VLAN 3: unauthorized VLAN UsrGroup=65535 indicates that no UsrGroup information exists. UclGroup=65535 indicates that no UclGroup information exists.
125	[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Qos remark info new (In:255, out:255, in1p:255, out1p:255, inDscp:255, outDscp:255).Url len:0, send len:173 [BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7]User auth update elb table (ap:0, radio:0, wlan:3, vlan:200, ap fork:2048, old ap fork:2048) [BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] UpDateStaAccessVlan Same Vlan Return [BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Update sta user name test1	The WLAN module processes user authorization information.
126	[BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WADP] Send User Authorization Info to Ap. (ApID:0,InterIsolated:0,Isolated:0,ArpDeny:0,Optype:1,DownRateLimitValue:4294967295,UpRateLimitValue:4294967295 UserGroup:65535,VLAN:200,PortalPushFlag:0,HttpSendTol4:0,BeforeAuth_En:0,DenyAll:0,ServiceVlan:200 AclID:65535,65535,65535,65535,65535,65535,65535,65535,ReportIP:0,RetCode:0,IdleCutTime:0,IdleCutFlow:0,IdleCutSecond:0)	The WLAN module forwards an authorization request packet to the AP.
127	[BTRACE][2020/11/14 14:58:43][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Sta auth response deliver to sta process (Type:514822, prim:0, len:236, fork:7168, code:0) [BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send User Authorization Result to Esap(src TID:187, dst TID:204, src fork ID:7168, dst fork ID:7168, Command:2, Code:0, Id:163. [BTRACE][2020/11/14 14:58:43][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive Sending User Authorization Info from Ap Response(module:0, prim type:0, data type:2533, code:0, RetCode:0)	The WLAN module forwards the AP authorization result to the TM module. RetCode:0 indicates that the authorization is successful.
128	[BTRACE][2020/11/14 14:58:43][7168][TM][84c9-b272-47e0]:TM send ack message to CM module, result: Modify CIB OK	The TM module sends an authorization response packet to the UCM module, indicating that the authorization is successful.
129	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_CIB_SET_ACK from TM module (msg code: 198 CID:80).	The UCM module receives an authorization response packet from the TM module.
130	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: In ADD USER recevie CM_EVENT_MODIFY_SUCCESS clear modify trigger bitmap. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM Clean ReAuthorize Info] Finished [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Send Auth Ack](DownModule=0, NewAuthorizeType=6, AckModuleId=72, ExpResult=8, CMAAAAuth=0x20547cf4).	NewAuthorizeType: authorization type. 0: no authorization 1: The user is in pre-connection state. 2: The 802.1X client does not respond. 3: The authentication fails. 4: The Portal server is Down. 5: The RADIUS server is Down. 6: Authentication succeeds. 7: open 8: The RADIUS server does not respond.
131	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[CM NAC Start Reauth Timer](Cib AuthData AAASuccFlag=1, NacCib ReauthTimeLen=0).	Re-authentication is not enabled. When re-authentication is enabled, "[CM NAC Start Reauth Timer].(TimeLen=xxx)" is displayed.
132	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[AfterUp]CM login request, make start accounting request.(CID=80) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 18DE-D777-C120. [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM fill data flow info.(TariffLevel=0) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:[0] UpLBytes 0 UpLPackets 0 DownLBytes 0 DownLPackets 0 [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM send accounting request message to AAA module (CID:80). [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:CM make accounting request.(acctType = 1, CID=80) [BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Come in CMSetAcctWaitFlag.	The UCM module sends an accounting request packet to the AAA module.
133	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]:State from ADDUSER(substate:BUTT) to UP(substate:BUTT). (cib=80, event=MODIFY_OK)	The UCM entry status changes from ADDUSER to UP.
134	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Receive authen ack message from authentication server(result:AUTH_PASS).	The Portal module receives an authentication response packet from the UCM module, indicating that the authentication is successful.
135	[BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:Send packet to socket (length = 40 Vrf = 0): Version : 2 Type : authentication ack Method : pap SerialNo : 58879 RequestID : 2063 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 1 [BTRACE][2020/11/14 14:58:43][7168][WEB][200.1.1.231]:WEB send packet to portal server successfully. 02 04 01 00 e5 ff 08 0f c8 01 01 e7 00 00 00 01 86 74 29 a9 60 ab 5e d1 e2 ba 83 37 09 06 f8 74 0b 08 84 c9 b2 72 47 e0	The Portal module sends the authentication result to the Portal server.
136	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA receive AAA_SRV_MSG_ACCT_REQ message(32) from UCM module(232).	The AAA module receives an accounting request packet from the UCM module.
137	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: DestIndex:80 SrcIndex:80 Slot:7168 AcctType:Start AcctMethod:RADIUS AcctSessionID:AC6605_000000000002002cad1b0100050 ucIfTwoLevelAcct:255 RTAcctInterval:65535 AuthedPlace:3 RdsGroup:4 TacTempletID:128 CopyRdsGroup:65535 UpBytes:[0,0] DnBytes:[0,0] UpPkts:[0,0] DnPkts:[0,0] AcctStartTime:1605337122 UTCAcctStartTime:4294967295 UTCAcctStopTime:4294967295 AcctStartSeconds:4294967295 AcctStopSeconds:4294967295 SessionLength:0 UserName:test1 MAC:84c9-b272-47e0 Domain:2 AccessType:web AuthenCode:WEB IP:200.1.1.231 Priority:[0,0] Slot:0 SubSlot:0 Port:0 Interface:2466349056	Content of the accounting request packet received by the AAA module from the UCM module is displayed.
138	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA send AAA_RD_MSG_ACCTSTARTREQ message(53) to RADIUS module(235).	The AAA module sends an accounting start packet to the RADIUS module.
139	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: CID:103 TemplateNo:4 SerialNo:0 SrcMsg:AAA_RD_MSG_ACCTSTARTREQ PriyServer:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF Vrf:4294967295 SendServer:172.168.10.6 Vrf:4294967295 CID:16464 AcctType:1 UserName:test1 AcctSessionID:AC6605_000000000002002cad1b0100050 Interface:2466349056 SessionLength:0 TerminateCause:0 Authentic:1 UpBytes:[0,0] DnBytes:[0,0] UpPkts:0 DnPkts:0 FramedIP:3355509223 NASPortType:19 Phy:0/0/0 Vlan:200 Priority:0/0 Timestamp:1605337122 FramedProtocol:1 Domain:domaintest IPHostAddr:200.1.1.231 84:c9:b2:72:47:e0 UpCIR:0 UpPIR:0 DnCIR:0 DnPIR:0	Content of the accounting start packet sent by the AAA module is displayed. AcctType: accounting type. 1: Accounting-Start packet 2: Accounting-Stop packet 3: Real-time Accounting packet
140	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]:Receive accounting start request message from AAA module.	The RADIUS module receives an accounting start packet from the AAA module.
141	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Send a accounting request packet to radius server( server ip = 172.168.10.6).	The RADIUS module sends an accounting request packet to the RADIUS server.
142	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Protocol: Standard Code : 4 Len : 660 ID : 14 [User-Name ] [7 ] [test1] [NAS-IP-Address ] [6 ] [172.168.10.76] [NAS-Port ] [6 ] [200] [Framed-IP-Address ] [6 ] [200.1.1.231] [NAS-Identifier ] [13] [AC6605_8_76] [Acct-Status-Type ] [6 ] [1] [Acct-Delay-Time ] [6 ] [0] [Acct-Session-Id ] [36] [AC6605_000000000002002cad1b0100050] [Acct-Authentic ] [6 ] [1] [Event-Timestamp ] [6 ] [1605337122] [NAS-Port-Type ] [6 ] [19] [Calling-Station-Id ] [16] [84c9-b272-47e0] [NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200] [Called-Station-Id ] [29] [18-DE-D7-77-C1-20:portal_76] [BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: [Framed-Protocol ] [6 ] [1] [Service-Type ] [6 ] [2] [HW-IP-Host-Address ] [31] [200.1.1.231 84:c9:b2:72:47:e0] [HW-Connect-ID ] [6 ] [16464] [HW-AP-Information ] [16] [18DE-D777-C120] [HW-Terminal-Type ] [12] [windows-pc] [HW-DHCP-Option ] [13] [00 0c 08 4c 4d 54 2d 50 43 2d 38 ] [HW-DHCP-Option ] [17] [00 37 0c 01 0f 03 06 2c 2e 2f 1f 21 79 f9 2b ] [HW-DHCP-Option ] [13] [00 3c 08 4d 53 46 54 20 35 2e 30 ] [HW-HTTP-UA ] [180] [Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)] [HW-Access-Type ] [6 ] [3] [HW-User-Extend-Info ] [38] [AP-Device-Code=19220382118ded777c120] [BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: [HW-User-Extend-Info ] [18] [TERMINAL-POS-X=0] [HW-User-Extend-Info ] [18] [TERMINAL-POS-Y=0] [HW-User-Extend-Info ] [18] [Wifi-Density=-53] [HW-User-Extend-Info ] [27] [HW-Access-Time=1605337122] [HW-Domain-Name ] [12] [domaintest]	Content of the packet sent by the RADIUS module is displayed. Code: Packet type. 1: authentication request 2: authentication accept response 3: authentication rejection response 4: accounting request 5: accounting response ID: 14 indicates the packet session ID. The request ID is the same as the response ID. [Framed-IP-Address] [6 ] [200.1.1.231]: IP address of a user device. [Acct-Status-Type] [6] [1]: accounting type. 1: accounting start 2: accounting stop 3: real-time accounting
143	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Received a accounting response packet from radius server(server ip = 172.168.10.6).	The RADIUS module receives an accounting response packet from the RADIUS server.
144	[BTRACE][2020/11/14 14:58:43][7168][RADIUS][84c9-b272-47e0]: Server Template: 4 Server IP : 172.168.10.6 Server Port : 1813 Protocol: Standard Code : 5 Len : 20 ID : 14	Content of the accounting response packet sent by the RADIUS server is displayed. The packet ID is the same as that of the request packet.
145	[BTRACE][2020/11/14 14:58:43][7168][CM][84c9-b272-47e0]: [Cib is optimized for struct CM_ACCTDATA_S]Come in CMGetUserInfo.	The RADIUS module queries authentication entries on the UCM module to send accounting response packets to the AAA module.
146	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: AAA receive AAA_RD_MSG_ACCTSTART_ACK message(56) from RADIUS module(235).	The AAA module receives an accounting response packet from the RADIUS module.
147	[BTRACE][2020/11/14 14:58:43][7168][AAA][84c9-b272-47e0]: CID:103 TemplateNo:4 SerialNo:0 SrcMsg:AAA_RD_MSG_ACCTSTARTREQ PriyServer::: Vrf:0 SendServer::: Vrf:0 SessionTimeout:0 RemanentVolume:0	Content of the accounting response packet received by the AAA module is displayed.
148	[BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Received packet from socket (length = 32 Vrf = 0): Version : 2 Type : ack of authentication ack Method : chap SerialNo : 58879 RequestID : 2063 UserIP : 200.1.1.231 ErrorCode : 0 AttributeNumber : 0 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:WEB_FC receive packet from portal server successfully. 02 07 00 00 e5 ff 08 0f c8 01 01 e7 00 00 00 00 5a 89 66 95 4d a0 3e 60 8f 7f d6 d4 1d 29 13 72 [BTRACE][2020/11/14 14:58:43][9216][WEB_FC][200.1.1.231]:Receive ack of authentication ack packet from portal server.	The Portal module receives a response packet from the Portal server.
149	[BTRACE][2020/11/14 14:58:44][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Sta table aging. [BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet Delay:1 [BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2]Packet access time:150 [BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3115 Vcpu7 [BTRACE][2020/11/14 14:58:47][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork MultiSta MsgType3066 Vcpu7	No action is required.

Portal Authentication Process Using the Portal Protocol
Key Configuration Check
- VAP Profile Configuration
- Authentication Mode Configuration
Common Failures in External Portal Authentication Using the Portal Protocol
Collecting Information
Portal Authentication Trace Information

Translation

简体中文

Download

Updated: 2021-12-27

Document ID: EDOC1000060368

Downloads: 4271

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Portal Authentication Process Using the Portal Protocol

Key Configuration Check

VAP Profile Configuration

Authentication Mode Configuration

Common Failures in External Portal Authentication Using the Portal Protocol

An Authentication Failure Is Displayed on the Portal Authentication Page

The Device Does Not Receive Authentication Request Packets from the Portal Server

The Shared Key Configured in the Portal Server Template on the Device Is Different from That on the Portal Server

The Portal Version Supported by the Device Is Incompatible with the Server

The server-ip Configured in the Portal Server Template Is Different From the Source IP Address of Portal Packets Received by the Device

The Source IP Address of the Portal Packets Sent by the Device Is Different from the Device IP Address Added to the Portal Server

NAT Is Deployed Between the STA and the Portal Server

The RADIUS Server Returns an Access-Reject Packet

The RADIUS Server Does Not Respond

RADIUS Authorization Data Check Fails

The Portal Authentication Page Is Displayed Again When a User Accesses the Network After Successful Authentication

The Authentication Success Page and Pushed Page Are Repeatedly Displayed

After a PC Is Successfully Authenticated, the User Closes the Authentication Page. After a Period of Time, the Portal Authentication Page Is Displayed Again When the PC Accesses the Web Page

Collecting Information

User Status

trace and station-trace

Reasons for STAs Go Online and Offline

Protocol Trace

Logs

One-Click Diagnosis Information

Portal Authentication Trace Information

Portal Authentication Process

Module Overview

Portal authentication flowchart

Process of MAC address-prioritized Portal authentication

Portal Packet Exchange Information

Trace Information About Successful Portal Authentication

Description of Common Trace Information When Portal Authentication Fails

Other Common Trace Information About Portal Authentication

Related Version

Related Documents

Digital Signature File