Ruijie Community
Title: During the second generation web authentication. 1.The page cannot be redirected to the URL. 2. The Portal page cannot be opened.3. The user authentication fails.4. The user goes offline [Print this page]
Author: Levy Time: 2018-4-4 09:50
Title: During the second generation web authentication. 1.The page cannot be redirected to the URL. 2. The Portal page cannot be opened.3. The user authentication fails.4. The user goes offline
hello, guys
During the second generation web authentication, I have some problems. 1.The page cannot be redirected to the URL. 2. The Portal page cannot be opened.3. The user authentication fails.4. The user goes offline.
about these suitation, what can I do ?
what should I check?
and what is the root cause about thes problems ?
Author: admin Time: 2018-4-4 10:03
1.The page can not be redirected to the URL.If this problem occurs, check whether the HTTP packet sent by the terminal isintercepted, processed, and redirected by the AC.
The following are common causes:
(1) The terminal cannot obtain the correct IP address and learn the gateway ARP information.
(2) The terminal can not parse the domain name or whether the page can be redirected to the entered IP address.
If the entered domain name or IP address is in the direct communication address list of the AC or the user is a free-authenticated user,the AC certainly does not intercept the user packet when the packet reaches theAC.
(3) No user VLAN is configured for the AC and thus the packet is discarded by the AC after it is forwarded to the AC.
2.The Portal page cannot be opened.(1) After obtaining the URL redirected by the AC, the terminal directly uses the URL to access the Portal page. If the Portal page is not displayed, check the interconnectivity between the terminal and the Portal Server.
For example, ping the terminal to the Portal Server to check whether the communication is normal to see whether the HTTP packet is filtered out by intermediate device.
(2) The problem occurs when the parameter or format of the URL does not conform to the requirement of the Portal Server. Pay special attention during connection to a third-party server.
Some servers require checking the URL parameter or format, or specify the value of some parameter. Confirm whether the parameter or format is supported by the AC and the AC is configured accordingly.
3. Theuser authentication fails.(3) When the Type value is 4:
ErrCode = 0 indicates that the AC informs the Portal Server that the user authentication is successful.
ErrCode = 1 indicates that the AC informs the Portal Server that the user authentication is rejected.
ErrCode = 2 indicates that the AC informs the Portal Server that the link has been created.
ErrCode = 3indicates that the AC informs the Portal Server that the user authentication is being performed, and try later.
ErrCode = 4 indicates that the AC informs the Portal Server that the user authentication fails (an error occurs).
According to the captured packet, the AC response is ACK_AUTH ErrCode 1.
After capturing the packet, confirm whether the packet interaction in the whole Web authentication process is normal;otherwise, an error may occur.
4. Theuser goes offline.(1) The dhcp snooping entry shows that theterminal IP address conflicts.
In this case, authenticated users are forcedto go offline.
(2) Different terminals use the same username.
(3) The traffic keepalive time threshold reaches.
(4) When a user is disconnected from the wireless network for five minutes, the user's Web authentication entry is deleted by default.
(5) The accounting-update is not enabled orits configuration is different on the AC and the server.
(6) The user is forced by the server to go offline (due to the RADIUS extended attribute).
Collect the following information and contact our onlinesupport.
Collect the following debug information during the whole process:
show version
show version all
show running
show ap-config run
show ap-config sum
show logging
show ip dhcp snooping binding
show ip dhcp binding
show ac-con client client
View the following entries:
show dot1x su
show dot1x mab
show web-auth user all
Capture packet
Packet captured at the AC image port or RADIUS server
Welcome to Ruijie Community (https://community.ruijienetworks.com/) |
Powered by Discuz! X3.2 |