下发神武连接服务器失败
神武连接服务器失败 时间:2021-04-14 阅读:()
知802.
1XRadius孔天娇2014-10-22发表S5120交换机与NPS服务器配合做802.
1x认证失败问题某客户使用我司交换机S5120结合NPS服务器做802.
1x认证,客户发现如果在NPS服务器上配置vlan下发,可以认证成功;取消vlan下发,则不能认证成功.
收集认证失败的debug信息Debugdot1xallDebugscallDebugradiuspacket分析认证报文交互过程*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]*Sep105:33:12:1822014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedMS-CHAP2-Success*Sep105:33:12:1832014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedradiuskey,DecryptuserAuthenticatoris:*Sep105:33:12:1842014H3C5120-G5/5F-A1RDS/7/DEBUG:2a190000590000005a75000058150000*Sep105:33:12:1852014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:DecryptMS-MPPE-Recv-Keywithradiusauthenauthenticatoris:*Sep105:33:12:1872014H3C5120-G5/5F-A1RDS/7/DEBUG:20750ec684dcee792040d06d0b7b70e3037d7e2b3c8303f93419468e32da9b541e000000000000000000000000000000*Sep105:33:12:1882014H3C5120-G5/5F-A1RDS/7/DEBUG:Reject,Message=[Vlanvaluethattheserverassignsisinvalid!
]*Sep105:33:12:1892014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,Msg:Authrequestackforfailure,ACM->1X.
*Sep105:33:12:1902014H3C5120-G5/5F-A18021X/7/EVENT:Port:GigabitEthernet1/0/26,Auth:481,ReceivedMsg:261,Currentstate:14*Sep105:33:12:1922014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,ProcessingnodeFAILURE.
.
.
从以上radius报文交互过程可以看到设备从NPS服务器侧收到认证响应报文,设备拒绝该报文,因为服务器分配的vlanid无效.
怀疑是服务器和设备的配合问题.
对比取消下发vlan和下发vlan服务器的响应报文:取消vlan下发:*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]Vlan下发:*Sep105:37:53:6352014H3C5120-G5/5F-A1RDS/7/DEBUG:[64Tunnel-Type][6][13][65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][1User-name][46][host/Laptop-G56.
resourcepro0.
resourcepro.
com][32NAS-Identifier][18][H3C5120-G5/5F-A1][5NAS-Port][6][16883727]*Sep105:37:53:6362014H3C5120-G5/5F-A1RDS/7/DEBUG:[61NAS-Port-Type][6][15][31Caller-ID][16][373834352D633463352D30366462][40Acct-Status-Type][6][1][45Acct-Authentic][6][1][44Acct-Session-Id][15][1140801053720][4NAS-IP-Address][6][10.
1.
5.
131]*Sep105:37:53:6372014H3C5120-G5/5F-A1RDS/7/DEBUG:[55Event-Timestamp][6][1409549873][25Class][46][693B072500000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF0000000000000057]查看服务器应答报文携带的属性发现虽然取消了vlan数值下发(81号属性),但在设备侧还是收到vlan下发属性(64、65号属性),但是这个值为空,导致设备无法识别.
报Vlanvaluethattheserverassignsisinvalid!
不下发vlan的情况下可以在服务器侧取消64、65、81属性下发.
[65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][64Tunnel-Type][6][13]取消64、65、81号属性下发.
1XRadius孔天娇2014-10-22发表S5120交换机与NPS服务器配合做802.
1x认证失败问题某客户使用我司交换机S5120结合NPS服务器做802.
1x认证,客户发现如果在NPS服务器上配置vlan下发,可以认证成功;取消vlan下发,则不能认证成功.
收集认证失败的debug信息Debugdot1xallDebugscallDebugradiuspacket分析认证报文交互过程*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]*Sep105:33:12:1822014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedMS-CHAP2-Success*Sep105:33:12:1832014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:RDreceivedradiuskey,DecryptuserAuthenticatoris:*Sep105:33:12:1842014H3C5120-G5/5F-A1RDS/7/DEBUG:2a190000590000005a75000058150000*Sep105:33:12:1852014H3C5120-G5/5F-A1RDS/7/DEBUG:Info:DecryptMS-MPPE-Recv-Keywithradiusauthenauthenticatoris:*Sep105:33:12:1872014H3C5120-G5/5F-A1RDS/7/DEBUG:20750ec684dcee792040d06d0b7b70e3037d7e2b3c8303f93419468e32da9b541e000000000000000000000000000000*Sep105:33:12:1882014H3C5120-G5/5F-A1RDS/7/DEBUG:Reject,Message=[Vlanvaluethattheserverassignsisinvalid!
]*Sep105:33:12:1892014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,Msg:Authrequestackforfailure,ACM->1X.
*Sep105:33:12:1902014H3C5120-G5/5F-A18021X/7/EVENT:Port:GigabitEthernet1/0/26,Auth:481,ReceivedMsg:261,Currentstate:14*Sep105:33:12:1922014H3C5120-G5/5F-A18021X/7/EVENT:Auth:481,ProcessingnodeFAILURE.
.
.
从以上radius报文交互过程可以看到设备从NPS服务器侧收到认证响应报文,设备拒绝该报文,因为服务器分配的vlanid无效.
怀疑是服务器和设备的配合问题.
对比取消下发vlan和下发vlan服务器的响应报文:取消vlan下发:*Sep105:33:12:1772014H3C5120-G5/5F-A1RDS/7/DEBUG:Receive:IP=[10.
1.
5.
248],Code=[2],Length=[368]*Sep105:33:12:1792014H3C5120-G5/5F-A1RDS/7/DEBUG:[8Framed-Address][6][255.
255.
255.
255][7Framed-Protocol][6][1][6Service-Type][6][2][65Tunnel-Medium-Type][6][6][64Tunnel-Type][6][13][79EAP-Message][6][030C0004]*Sep105:33:12:1802014H3C5120-G5/5F-A1RDS/7/DEBUG:[25Class][46][691306FD00000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF000000000000002F][MS-26MS-CHAP2-Success][45][01533D32393933464535314235453744344139314432363539464143433641363039414636364631444142][MS-17MS-MPPE-Recv-Key][52][8008D75718C4F3EC4A03C74E2663928FFCF26C04AB299384AC5255C60D88CBF39F1EFAEE97D12AF784ADAD0CD3BFB084F407][80Message-Autheticator][18][431E003DC6A4239F561D6FB5E9F80669]Vlan下发:*Sep105:37:53:6352014H3C5120-G5/5F-A1RDS/7/DEBUG:[64Tunnel-Type][6][13][65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][1User-name][46][host/Laptop-G56.
resourcepro0.
resourcepro.
com][32NAS-Identifier][18][H3C5120-G5/5F-A1][5NAS-Port][6][16883727]*Sep105:37:53:6362014H3C5120-G5/5F-A1RDS/7/DEBUG:[61NAS-Port-Type][6][15][31Caller-ID][16][373834352D633463352D30366462][40Acct-Status-Type][6][1][45Acct-Authentic][6][1][44Acct-Session-Id][15][1140801053720][4NAS-IP-Address][6][10.
1.
5.
131]*Sep105:37:53:6372014H3C5120-G5/5F-A1RDS/7/DEBUG:[55Event-Timestamp][6][1409549873][25Class][46][693B072500000137000102000A0105F800000000000000000000000001CFC2F350F8FEBF0000000000000057]查看服务器应答报文携带的属性发现虽然取消了vlan数值下发(81号属性),但在设备侧还是收到vlan下发属性(64、65号属性),但是这个值为空,导致设备无法识别.
报Vlanvaluethattheserverassignsisinvalid!
不下发vlan的情况下可以在服务器侧取消64、65、81属性下发.
[65Tunnel-Medium-Type][6][6][81Tunnel_Private_Group_ID][4][3135][64Tunnel-Type][6][13]取消64、65、81号属性下发.
- 下发神武连接服务器失败相关文档
- 托拉斯在移植IP电话失败的列表更新从CUCME到CUCM8.x
- 脚本神武连接服务器失败
- 硬盘神武连接服务器失败
- 认证神武连接服务器失败
- 安装神武连接服务器失败
- 第三方神武连接服务器失败
数脉科技香港自营,10Mbps CN2物理机420元/月
数脉科技怎么样?数脉科技品牌创办于2019,由一家从2012年开始从事idc行业的商家创办,目前主营产品是香港服务器,线路有阿里云线路和自营CN2线路,均为中国大陆直连带宽,适合建站及运行各种负载较高的项目,同时支持人民币、台币、美元等结算,提供支付宝、微信、PayPal付款方式。本次数脉科技给发来了新的7月促销活动,CN2+BGP线路的香港服务器,带宽10m起,配置E3-16G-30M-3IP,...
Fiberia.io:$2.9/月KVM-4GB/50GB/2TB/荷兰机房
Fiberia.io是个新站,跟ViridWeb.com同一家公司的,主要提供基于KVM架构的VPS主机,数据中心在荷兰Dronten。商家的主机价格不算贵,比如4GB内存套餐每月2.9美元起,采用SSD硬盘,1Gbps网络端口,提供IPv4+IPv6,支持PayPal付款,有7天退款承诺,感兴趣的可以试一试,年付有优惠但建议月付为宜。下面列出几款主机配置信息。CPU:1core内存:4GB硬盘:...
Raksmart VPS主机如何设置取消自动续费
今天有看到Raksmart账户中有一台VPS主机即将到期,这台机器之前是用来测试评测使用的。这里有不打算续费,这不面对万一导致被自动续费忘记,所以我还是取消自动续费设置。如果我们也有类似的问题,这里就演示截图设置Raksmart取消自动续费。这里我们可以看到上图,在对应VPS主机的【其余操作】中可以看到默认已经是不自动续费,所以我们也不要担心被自动续费的。当然,如果有被自动续费,我们确实不想续费的...
神武连接服务器失败为你推荐
-
抢米网什么意思抢小米手机小型汽车网上自主编号申请网上选号自编号怎么选zhuo爱timi什么意思青岛网通测速网通,联通,长城这三个宽带哪个网速最快?我是青岛的什么是seo学习SEO的好处是什么?最土团购程序你好,请问你有团购网的程序吗discuz论坛Discuz论坛是什么啊?关闭评论怎样关闭评论?discuz教程Discuz! Database Error怎么解决啊?我的电脑打不开这个网啊很久了。其他电脑可以。discuzx2.5discuzx2.5 20121101版比上一版本 有了哪些改动?