Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Case Study: STA Authentication Fails Because the Source IP Address for Communication with the Portal Server Is Not Specified on the AC
Symptom
In a VRRP HSB scenario, when the AC connects to a third-party Portal server, STAs fail Portal authentication.
Relevant Alarms and Logs
None
Cause Analysis
The source IP address of Portal packets sent by the AC is different from the AC IP address specified on the Portal server.
Procedure
- Use the trace function to check the STA authentication process.
[AC] trace object mac-address sta-mac [AC] trace object ip-address sta-ip [AC] trace enable
Check the information. It is found that Portal authentication request information exists.
[BTRACE][2021/02/05 15:02:46][1792][WEB_FC][sta-ip]:Received packet from socket Version : 2 Type : authentication request Method : pap UserIP : sta-ip
A message indicating a RADIUS authentication success is displayed.
[BTRACE][2021/02/05 15:02:46][1280][RADIUS][sta-mac]: Received a authentication accept packet from radius server(server ip = z.z.z.z).
The AC responds to the authentication request from the Portal server.
[BTRACE][2021/02/05 15:02:46][1280][WEB][sta-ip]:Send packet to socket: Version : 2 Type : authentication ack Method : pap UserIP : sta-ip [BTRACE][2021/02/05 15:02:46][1280][WEB][sta-ip]:WEB send packet to portal server successfully. 02 04 01 00 5f 2a 08 18 0a 42 21 58 00 00 00 01 7f 24 60 30 37 ba 3c 7c cf 4f 5e 1f 54 9b 24 94 0b 08 06 b5 27 07 24 51
- Check the third-party Portal server. It is found that the source IP address of packets sent by the AC is different from that specified on the third-party Portal server.
- Check the Portal authentication configuration on the AC. It is found that the source IP address is empty, that is, the source IP address of packets is not specified.
<AC> display web-auth-server configuration Listening port : 2000 Portal : version 2 Include reply message : enabled Source-IP : - ......
- Change the source IP address used by the AC to communicate with the Portal server to the VRRP virtual IP address. The problem is resolved.
<AC> system-view [AC] web-auth-server source-ip source-ip