No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Portal Authentication Fails When S5720-32P-EI-AC Running V200R010C00SPC600 Functions as the NAC Device

Publication Date:  2019-04-12 Views:  23 Downloads:  0
Issue Description

Portal authentication fails when S5720-32P-EI-AC running V200R010C00SPC600 functions as the NAC device.

#
authentication-profile name test
 portal-access-profile test
 authentication mode multi-authen max-user 1000
 access-domain test force
#
radius-server template test
 radius-server shared-key cipher %^%#]@KpP63Il(EH|V!\K<UBd=L=4ak\BCFf>e&S~v-S%^%#
 radius-server authentication 10.2.2.2 1812 weight 80
 radius-server accounting 10.2.2.2 1813 weight 80
 undo radius-server user-name domain-included
radius-server authorization 10.2.2.2 shared-key cipher %^%#ELSQXc<\6<!_36BlbZxT>uA128s"\=n|;[6YgH+,%^%#
#
web-auth-server test
 server-ip 10.2.2.2
 port 50200
 shared-key cipher %^%#\G5f0v(l-.*]>MC`C*G-L0]_B!QMXFwGm%:08vZU%^%#
 url http://10.2.2.2/index_1.html
#
portal-access-profile name test
 web-auth-server test layer3
#                                        
interface GigabitEthernet0/0/32
 undo negotiation auto
 undo portswitch
 ip address 10.1.6.254 255.255.255.252
 authentication-profile test
#

Handling Process

1. Collect debugging information. It is found that the NAC device does not display any packets exchanged between the terminal and Portal and RADIUS servers.

<renzheng>debug radius all
< renzheng>debugging portal all
< renzheng>terminal  debugging
< renzheng>terminal monitor

2. Capture packets on the Portal server. It is found that the terminal has sent the authentication user name and password to the Portal server, but the Portal server does not send a Portal challenge packet to the NAC device.

Root Cause

The Portal server of the third-party vendor does not send a Portal challenge packet to the NAC device. As a result, users fail to go online.

Solution

After the configuration of the third-party Portal server is modified, the authentication packet exchange is normal.

END