No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Portal Authentication Fails When S5720-32P-EI-AC Running V200R010C00SPC600 Functions as the NAC Device

Publication Date:  2019-04-12 Views:  23 Downloads:  0
Issue Description

Portal authentication fails when S5720-32P-EI-AC running V200R010C00SPC600 functions as the NAC device.

authentication-profile name test
 portal-access-profile test
 authentication mode multi-authen max-user 1000
 access-domain test force
radius-server template test
 radius-server shared-key cipher %^%#]@KpP63Il(EH|V!\K<UBd=L=4ak\BCFf>e&S~v-S%^%#
 radius-server authentication 1812 weight 80
 radius-server accounting 1813 weight 80
 undo radius-server user-name domain-included
radius-server authorization shared-key cipher %^%#ELSQXc<\6<!_36BlbZxT>uA128s"\=n|;[6YgH+,%^%#
web-auth-server test
 port 50200
 shared-key cipher %^%#\G5f0v(l-.*]>MC`C*G-L0]_B!QMXFwGm%:08vZU%^%#
portal-access-profile name test
 web-auth-server test layer3
interface GigabitEthernet0/0/32
 undo negotiation auto
 undo portswitch
 ip address
 authentication-profile test

Handling Process

1. Collect debugging information. It is found that the NAC device does not display any packets exchanged between the terminal and Portal and RADIUS servers.

<renzheng>debug radius all
< renzheng>debugging portal all
< renzheng>terminal  debugging
< renzheng>terminal monitor

2. Capture packets on the Portal server. It is found that the terminal has sent the authentication user name and password to the Portal server, but the Portal server does not send a Portal challenge packet to the NAC device.

Root Cause

The Portal server of the third-party vendor does not send a Portal challenge packet to the NAC device. As a result, users fail to go online.


After the configuration of the third-party Portal server is modified, the authentication packet exchange is normal.