組網及說明
核心旁掛認證服務器,下聯protal認證終端
告警信息
配置完protal認證後終端無法彈出認證界麵
問題描述
配置完protal認證後終端無法彈出認證界麵
過程分析
查看portal服務器狀態正常
<1>dis portal server
Portal server: imc
Type : IMC
IP : 172.100.X.X
VPN instance : Not configured
Port : 50100
Server detection : Not configured
User synchronization : Not configured
Status : Up
debug portal查看有如下報錯
*Jan 9 23:31:33:219 2025 1 PORTAL/7/RULE: -Chassis=2-Slot=1;
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
L3 Interface = Vlan224, L2 Interface = BAGG9, VLAN = 224, SrcMac = 82b1-7406-XXXX,
SrcIP = 10.225.X.X, DstIP = 10.225.X.X
*Jan 9 23:31:39:206 2025 1 PORTAL/7/ERROR: -Chassis=2-Slot=1; Failed to get the host name for free rule.
查看配置發現現場隻放通了到portal服務器的地址,需要再放通DNS端口
portal free-rule 1 source ip any destination ip 172.100.X.X 255.255.255.255
添加如下命令測試正常
portal free-rule 1 destination ip any udp 53
portal free-rule 2 destination ip any tcp 53 //放通DNS查詢UDP OR TCP 53端口
portal free-rule 3 destination ip any tcp 5223 //ios iphone特殊情況查詢DNS方式
解決方法
添加如下命令測試正常
portal free-rule 1 destination ip any udp 53
portal free-rule 2 destination ip any tcp 53 //放通DNS查詢UDP OR TCP 53端口
portal free-rule 3 destination ip any tcp 5223 //ios iphone特殊情況查詢DNS方式
該案例暫時沒有網友評論
編輯評論
✖
案例意見反饋
親~登錄後才可以操作哦!
確定你的郵箱還未認證,請認證郵箱或綁定手機後進行當前操作