問

無線控製器WX2510H-F對接深信服AC，用戶登錄失敗

Portal

2021-08-05提問

0關注
1收藏，3822瀏覽

tj酥

tj酥四段

粉絲：0人關注：1人

問題描述：

AP已經上線，portal web-serve 是推送的深信服的認證頁麵，現在用戶已經獲取到認證界麵，但登錄賬號密碼顯示認證失敗，並且有線用戶賬號會被被擠下，具體配置和報錯界麵請看附件

組網及組網描述：

組網如下：AP--無線核心交換機--旁掛無線控製器--深信服AC（認證服務器）--互聯網

附件下載： 0bb21a02-e49e-4259-b2f0-b240a055c8d1.jpg

最佳答案

jaceyjc

jaceyjc 八段

粉絲：17人關注：1人

#
domain sangfor
authentication portal none
authorization portal none
accounting portal none

沒配radius方案啊，也沒配本地portal用戶

回複jaceyjc:

好的，謝謝了

tj酥發表時間：2021-08-05 更多>>

這個AC不認證的，由第三方認證，第三方要求我們這麼配置，其他區域都已經配置成功了

tj酥發表時間：2021-08-05

回複tj酥:

第三方認證也要指第三方服務器地址

jaceyjc 發表時間：2021-08-05

回複jaceyjc:

portal web-server sangfor url http://10.68.29.18/cid/8812/portal.html url-parameter mac source-mac url-parameter wlanuserip source-address # portal server sangfor ip 10.68.29.18 key cipher $c$3$/HMQ0wcGgj+XtIhmSvuC4nZgg5vzsDV0ElLn # 這指定了地址，用密鑰對接的

tj酥發表時間：2021-08-05

回複tj酥:

這指的隻有portal服務器的地址而已

jaceyjc 發表時間：2021-08-05

勞煩請指教了，這方麵知識有所欠缺

tj酥發表時間：2021-08-05

回複tj酥:

//www.yolosolive.com/cn/d_202107/1428452_30005_0.htm參考官網案例，配個radius方案，指一下認證服務器地址

jaceyjc 發表時間：2021-08-05

回複jaceyjc:

好的，謝謝了

tj酥發表時間：2021-08-05

5 個回答

按時間按讚數

網工零零七

網工零零七八段

粉絲：17人關注：2人

隻有一張截圖，分析不出來。

賬號密碼是存在本地還是radius服務器，如果是第三方服務器，就debug radius查詢哪認證錯誤

配置了wifi信號連接不上了

tj酥發表時間：2021-08-05 更多>>

配置文件如下，麻煩看一下了

tj酥發表時間：2021-08-05

賬號和密碼是域賬號，深信服的AC是跟另一個域控對接

tj酥發表時間：2021-08-05

本地都沒有配置portal賬號，需要配置network類型的賬號，如local-user shen_yi class network

網工零零七發表時間：2021-08-05

好的，我試下

tj酥發表時間：2021-08-05

配置了wifi信號連接不上了

tj酥發表時間：2021-08-05

tj酥

tj酥四段

粉絲：0人關注：1人

version 7.1.064, Release 5226

#
sysname LvZhou-2510H-F
#
clock timezone Beijing add 08:00:00
clock protocol ntp
#
telnet server enable
telnet server acl 3011
#
mac-authentication
#
dialer-group 1 rule ip permit
#
dhcp server forbidden-ip 10.69.88.254
dhcp server forbidden-ip 192.168.0.200
dhcp server forbidden-ip 192.168.35.201 192.168.35.254
#
dns proxy enable
dns server 10.191.16.12
dns server 192.168.12.3
#
password-recovery enable
#
vlan 1
description ap
#
vlan 121 to 123
#
vlan 2001
#
stp global enable
#
dhcp server ip-pool ap
gateway-list 10.69.121.1
network 10.69.121.0 mask 255.255.255.0
#
wlan service-template ctg
#
wlan service-template ctg-gust
ssid CTG-guest
vlan 123
portal enable method direct
portal domain sangfor
portal bas-ip 10.69.122.1
portal apply web-server sangfor
#
wlan service-template sanfor
ssid CTG-JX
vlan 122
portal enable method direct
portal domain sangfor
portal bas-ip 10.69.120.2
portal apply web-server sangfor
portal temp-pass enable
service-template enable
#
interface NULL0
#
interface LoopBack0
ip address 10.69.120.50 255.255.255.248
#
interface Vlan-interface121
ip address 10.69.121.1 255.255.255.0
#
interface Vlan-interface122
ip address 10.69.122.2 255.255.255.0
#
interface Vlan-interface123
#
interface Vlan-interface2001
shutdown
ip address 10.69.120.18 255.255.255.248
#
interface GigabitEthernet1/0/4
port link-mode route
#
interface GigabitEthernet1/0/5
port link-mode route
nat outbound 3001
undo dhcp select server
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 4094
#
interface GigabitEthernet1/0/2
port link-mode bridge
poe enable
#
interface GigabitEthernet1/0/3
port link-mode bridge
poe enable
#
scheduler logfile size 16
#
line class console
user-role network-admin
#
line class vty
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 4
authentication-mode scheme
user-role network-admin
user-role network-operator
protocol inbound telnet
#
line vty 5 31
authentication-mode scheme
user-role network-operator
#
ip route-static 0.0.0.0 0 10.69.122.1
#
ntp-service enable
ntp-service unicast-server ***.***
ntp-service unicast-server 202.112.29.82
#
domain sangfor
authentication portal none
authorization portal none
accounting portal none
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
local-user added class manage
password hash $h$6$/fnh8Vt20a3/T4+B$LKfF3Z06Q9E4y5rUM92RUJ3B35Tk7wWBVkHsvgVS5rCAqxkzdQTZwP9ie4BujZzPjKaQZIzB946U7JYvX3sNnQ==
service-type ftp
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
local-user addes class manage
authorization-attribute user-role network-operator
#
local-user ctadmin class manage
password hash $h$6$TRuz+TADKaoPLdjF$ORPWiawvsZvuWo6GLPYkab5KChYKb5e0qnEM4P3t98c80aP8V4mQw8PoSJELqv4yl1SxO6MlrKB1iaKYLnmc2Q==
service-type ssh telnet http https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user shen_yi class manage
password hash $h$6$7jTxENihDCg4uQUr$MYWAksPZkhZH3R+TQ8BWQ499O0bwhXUo3fRaq+wyRJBxigbFCIXdvSP7x8/Uq4asjjKAQhyPLhtshNPyuWiaug==
service-type telnet terminal http
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
ftp server enable
#
session statistics enable
#
portal host-check enable
portal user log enable
portal free-rule 1 destination ip 114.114.114.114 255.255.255.255
portal free-rule 2 destination ip any udp 53
portal free-rule 3 destination ip any tcp 53
portal free-rule 4 destination ***.***
portal free-rule 5 destination ***.***
portal free-rule 6 destination ***.***
portal free-rule 7 destination short.weixin.qq.com
portal free-rule 8 destination mp.weixin.qq.com
portal free-rule 9 destination long.weixin.qq.com
portal free-rule 10 destination dns.weixin.qq.com
portal free-rule 11 destination minorshort.weixin.qq.com
portal free-rule 12 destination extshort.weixin.qq.com
portal free-rule 13 destination szshort.weixin.qq.com
portal free-rule 14 destination szlong.weixin.qq.com
portal free-rule 15 destination szextshort.weixin.qq.com
portal free-rule 16 destination ***.***
portal free-rule 17 destination wifi.weixin.qq.com
portal free-rule 18 destination ***.***
portal free-rule 19 destination ***.***
portal free-rule 20 destination ***.***
portal free-rule 21 destination ecss***.***
portal free-rule 22 destination ***.***
portal free-rule 23 destination ***.***
portal free-rule 24 destination ***.***
portal free-rule 25 destination yzl.***.***
portal free-rule 26 destination *.***.***
portal free-rule 2346257225 destination ip any tcp 5223
portal free-rule 2346257239 destination isdspeed.qq.com
portal safe-redirect enable
portal safe-redirect user-agent Android
portal safe-redirect user-agent CaptiveNetworkSupport
portal safe-redirect user-agent MicroMessenger
portal safe-redirect user-agent Mozilla
portal safe-redirect user-agent WeChat
portal safe-redirect user-agent micromessenger
#
portal web-server sangfor
url http://10.68.29.18/cid/8812/portal.html
url-parameter mac source-mac
url-parameter wlanuserip source-address
#
portal server sangfor
ip 10.68.29.18 key cipher $c$3$/HMQ0wcGgj+XtIhmSvuC4nZgg5vzsDV0ElLn
#
portal local-web-server http
#
portal local-web-server https
#
ip http enable
ip https enable
#
portal mac-trigger-server cloud
binding-retry 2 interval 3
cloud-binding enable
#
wlan auto-ap enable
wlan auto-persistent enable
#
wlan global-configuration
#
wlan ap-group default-group
vlan 1
ap-model WA4320
radio 1
radio enable
service-template ctg-gust
service-template sanfor
radio 2
radio enable
service-template ctg-gust
service-template sanfor
gigabitethernet 1
#
wlan ap-group jxc-1
vlan 1
ap jxc-1-4-1
ap jxc-1-4-2
ap-model WA5530
radio 1
radio enable
service-template ctg-gust
service-template sanfor
radio 2
radio enable
service-template ctg-gust
service-template sanfor
radio 3
radio enable
service-template ctg-gust
service-template sanfor
module 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap 98f1-817b-2e40 model WA5530
serial-id 219801A0YF920CG001G8
vlan 1
radio 1
radio enable
service-template sanfor
radio 2
radio enable
service-template sanfor
radio 3
radio enable
service-template sanfor
module 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap jxc-1-4-1 model WA5530
serial-id 219801A0YF920CG001CX
vlan 1
radio 1
service-template sanfor
radio 2
service-template sanfor
radio 3
service-template sanfor
module 1
gigabitethernet 1
gigabitethernet 2
#
wlan ap jxc-1-4-2 model WA5530
serial-id 219801A0YF920CG001FM
vlan 1
radio 1
radio enable
service-template sanfor
radio 2
radio enable
service-template sanfor
radio 3
radio enable
service-template sanfor
module 1
gigabitethernet 1
gigabitethernet 2
#
traffic-policy
#
cloud-management server domain ***.***
#
return