A WLAN network just be constructed a month . one monday morning a large of area network access exception. Terminal Tip remote computer is not responding.
this customers is a financial customer, so the terminal access using dot1x + WPA2 and the business access using protal protocol. Involving multiple security authentication and third party equipment.
According to the old experience most of the issues about large-scale WLAN access problems is authentication issue between the AC and the radius authentication server .
The customer give some import information that the customer just to upgrade the third-party radius server version at the last week.
It is determined that the radius server error caused the authentication exception.
On the AC, run the AAA test between the test and the radius service to test the authentication-feature . The test is successful, it indicates that the account is in the normal,AC-side authentication services are correctly configured.
We use the wireshark capture package between the AC and radius and we can see the authentication request package and reply package ,but we don't find the DHCP discover package .
So we think that the issue occurs after the terminal successful authentication.
We open the trace function and debug AAA on the AC .
We can find this information that account has been successfully certified but the authorization verification failed from the debug AAA.