Portal authentication fails when S5720-32P-EI-AC running V200R010C00SPC600 functions as the NAC device.
authentication-profile name test
authentication mode multi-authen max-user 1000
access-domain test force
radius-server template test
radius-server shared-key cipher %^%#]@KpP63Il(EH|V!\K<UBd=L=4ak\BCFf>e&S~v-S%^%#
radius-server authentication 10.2.2.2 1812 weight 80
radius-server accounting 10.2.2.2 1813 weight 80
undo radius-server user-name domain-included
radius-server authorization 10.2.2.2 shared-key cipher %^%#ELSQXc<\6<!_36BlbZxT>uA128s"\=n|;[6YgH+,%^%#
shared-key cipher %^%#\G5f0v(l-.*]>MC`C*G-L0]_B!QMXFwGm%:08vZU%^%#
portal-access-profile name test
web-auth-server test layer3
undo negotiation auto
ip address 10.1.6.254 255.255.255.252
1. Collect debugging information. It is found that the NAC device does not display any packets exchanged between the terminal and Portal and RADIUS servers.
< renzheng>debugging portal all
< renzheng>terminal debugging
< renzheng>terminal monitor
2. Capture packets on the Portal server. It is found that the terminal has sent the authentication user name and password to the Portal server, but the Portal server does not send a Portal challenge packet to the NAC device.
The Portal server of the third-party vendor does not send a Portal challenge packet to the NAC device. As a result, users fail to go online.
After the configuration of the third-party Portal server is modified, the authentication packet exchange is normal.