下发神武连接服务器失败
神武连接服务器失败 时间:2021-04-14 阅读:()
知802.
1XRadius孔天娇2014-10-22发表S5120交换机与NPS服务器配合做802.
1x认证失败问题某客户使用我司交换机S5120结合NPS服务器做802.
1x认证,客户发现如果在NPS服务器上配置vlan下发,可以认证成功;取消vlan下发,则不能认证成功.
收集认证失败的debug信息Debugdot1xallDebugscallDebugradiuspacket分析认证报文交互过程*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]*Sep105:33:12:1822014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedMS-CHAP2-Success*Sep105:33:12:1832014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedradiuskey,DecryptuserAuthenticatoris:*Sep105:33:12:1842014H3C5120-G5/5F-A1RDS/7/DEBUG:2a190000590000005a75000058150000*Sep105:33:12:1852014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:DecryptMS-MPPE-Recv-Keywithradiusauthenauthenticatoris:*Sep105:33:12:1872014H3C5120-G5/5F-A1RDS/7/DEBUG:20750ec684dcee792040d06d0b7b70e3037d7e2b3c8303f93419468e32da9b541e000000000000000000000000000000*Sep105:33:12:1882014H3C5120-G5/5F-A1RDS/7/DEBUG:Reject,Message=[Vlanvaluethattheserverassignsisinvalid!
]*Sep105:33:12:1892014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,Msg:Authrequestackforfailure,ACM->1X.
*Sep105:33:12:1902014H3C5120-G5/5F-A18021X/7/EVENT:Port:GigabitEthernet1/0/26,Auth:481,ReceivedMsg:261,Currentstate:14*Sep105:33:12:1922014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,ProcessingnodeFAILURE.
.
.
从以上radius报文交互过程可以看到设备从NPS服务器侧收到认证响应报文,设备拒绝该报文,因为服务器分配的vlanid无效.
怀疑是服务器和设备的配合问题.
对比取消下发vlan和下发vlan服务器的响应报文:取消vlan下发:*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]Vlan下发:*Sep105:37:53:6352014H3C5120-G5/5F-A1RDS/7/DEBUG:[64Tunnel-Type][6][13][65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][1User-name][46][host/Laptop-G56.
resourcepro0.
resourcepro.
com][32NAS-Identifier][18][H3C5120-G5/5F-A1][5NAS-Port][6][16883727]*Sep105:37:53:6362014H3C5120-G5/5F-A1RDS/7/DEBUG:[61NAS-Port-Type][6][15][31Caller-ID][16][373834352D633463352D30366462][40Acct-Status-Type][6][1][45Acct-Authentic][6][1][44Acct-Session-Id][15][1140801053720][4NAS-IP-Address][6][10.
1.
5.
131]*Sep105:37:53:6372014H3C5120-G5/5F-A1RDS/7/DEBUG:[55Event-Timestamp][6][1409549873][25Class][46][693B072500000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF0000000000000057]查看服务器应答报文携带的属性发现虽然取消了vlan数值下发(81号属性),但在设备侧还是收到vlan下发属性(64、65号属性),但是这个值为空,导致设备无法识别.
报Vlanvaluethattheserverassignsisinvalid!
不下发vlan的情况下可以在服务器侧取消64、65、81属性下发.
[65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][64Tunnel-Type][6][13]取消64、65、81号属性下发.
1XRadius孔天娇2014-10-22发表S5120交换机与NPS服务器配合做802.
1x认证失败问题某客户使用我司交换机S5120结合NPS服务器做802.
1x认证,客户发现如果在NPS服务器上配置vlan下发,可以认证成功;取消vlan下发,则不能认证成功.
收集认证失败的debug信息Debugdot1xallDebugscallDebugradiuspacket分析认证报文交互过程*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]*Sep105:33:12:1822014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedMS-CHAP2-Success*Sep105:33:12:1832014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedradiuskey,DecryptuserAuthenticatoris:*Sep105:33:12:1842014H3C5120-G5/5F-A1RDS/7/DEBUG:2a190000590000005a75000058150000*Sep105:33:12:1852014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:DecryptMS-MPPE-Recv-Keywithradiusauthenauthenticatoris:*Sep105:33:12:1872014H3C5120-G5/5F-A1RDS/7/DEBUG:20750ec684dcee792040d06d0b7b70e3037d7e2b3c8303f93419468e32da9b541e000000000000000000000000000000*Sep105:33:12:1882014H3C5120-G5/5F-A1RDS/7/DEBUG:Reject,Message=[Vlanvaluethattheserverassignsisinvalid!
]*Sep105:33:12:1892014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,Msg:Authrequestackforfailure,ACM->1X.
*Sep105:33:12:1902014H3C5120-G5/5F-A18021X/7/EVENT:Port:GigabitEthernet1/0/26,Auth:481,ReceivedMsg:261,Currentstate:14*Sep105:33:12:1922014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,ProcessingnodeFAILURE.
.
.
从以上radius报文交互过程可以看到设备从NPS服务器侧收到认证响应报文,设备拒绝该报文,因为服务器分配的vlanid无效.
怀疑是服务器和设备的配合问题.
对比取消下发vlan和下发vlan服务器的响应报文:取消vlan下发:*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]Vlan下发:*Sep105:37:53:6352014H3C5120-G5/5F-A1RDS/7/DEBUG:[64Tunnel-Type][6][13][65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][1User-name][46][host/Laptop-G56.
resourcepro0.
resourcepro.
com][32NAS-Identifier][18][H3C5120-G5/5F-A1][5NAS-Port][6][16883727]*Sep105:37:53:6362014H3C5120-G5/5F-A1RDS/7/DEBUG:[61NAS-Port-Type][6][15][31Caller-ID][16][373834352D633463352D30366462][40Acct-Status-Type][6][1][45Acct-Authentic][6][1][44Acct-Session-Id][15][1140801053720][4NAS-IP-Address][6][10.
1.
5.
131]*Sep105:37:53:6372014H3C5120-G5/5F-A1RDS/7/DEBUG:[55Event-Timestamp][6][1409549873][25Class][46][693B072500000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF0000000000000057]查看服务器应答报文携带的属性发现虽然取消了vlan数值下发(81号属性),但在设备侧还是收到vlan下发属性(64、65号属性),但是这个值为空,导致设备无法识别.
报Vlanvaluethattheserverassignsisinvalid!
不下发vlan的情况下可以在服务器侧取消64、65、81属性下发.
[65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][64Tunnel-Type][6][13]取消64、65、81号属性下发.
- 下发神武连接服务器失败相关文档
- 托拉斯在移植IP电话失败的列表更新从CUCME到CUCM8.x
- 脚本神武连接服务器失败
- 硬盘神武连接服务器失败
- 认证神武连接服务器失败
- 安装神武连接服务器失败
- 第三方神武连接服务器失败
imidc:$88/月,e3-1230/16G内存/512gSSD/30M直连带宽/13个IPv4日本多IP
imidc对日本独立服务器在搞特别促销,原价159美元的机器现在只需要88美元,而且给13个独立IPv4,30Mbps直连带宽,不限制流量。注意,本次促销只有一个链接,有2个不同的优惠码,你用不同的优惠码就对应着不同的配置,价格也不一样。88美元的机器,下单后默认不管就给512G SSD,要指定用HDD那就发工单,如果需要多加一个/28(13个)IPv4,每个月32美元...官方网站:https:...
柚子互联(34元),湖北十堰高防, 香港 1核1G 5M
柚子互联官网商家介绍柚子互联(www.19vps.cn)本次给大家带来了盛夏促销活动,本次推出的活动是湖北十堰高防产品,这次老板也人狠话不多丢了一个6.5折优惠券而且还是续费同价,稳撸。喜欢的朋友可以看看下面的活动详情介绍,自从站长这么久以来柚子互联从19年开始算是老商家了。六五折优惠码:6kfUGl07活动截止时间:2021年9月30日客服QQ:207781983本次仅推荐部分套餐,更多套餐可进...
WebHorizon($10.56/年)256MB/5G SSD/200GB/日本VPS
WebHorizon是一家去年成立的国外VPS主机商,印度注册,提供虚拟主机和VPS产品,其中VPS包括OpenVZ和KVM架构,有独立IP也有共享IP,数据中心包括美国、波兰、日本、新加坡等(共享IP主机可选机房更多)。目前商家对日本VPS提供一个8折优惠码,优惠后最低款OpenVZ套餐年付10.56美元起。OpenVZCPU:1core内存:256MB硬盘:5G NVMe流量:200GB/1G...
神武连接服务器失败为你推荐
-
phpwindPHPWIND怎么和PHPWIND整合php计划任务php定时任务,只执行一次,不要死循环新iphone也将禁售iPhone8plus在2020年还会有货吗asp.net什么叫ASP.NET?企业信息查询系统官网我公司注册不久,如何在网上查询到支付宝账户是什么什么是企业支付宝账户ldapserverLDAP3是什么360arp防火墙在哪360ARP防火墙哪里下载?新团网美团网是谁创办的呀?银花珠树晓来看下雪喝酒的诗句