Country/Region

Wireless portal authentication failed

2023-09-27 17:12:17 Published
  • 0 Followed
  • 0Collected ,1896Browsed
Pengqirui

Network Topology

NULL

Problem Description

Portal authentication scenario, where a redirect page can pop up and authentication fails after entering a username and password.

Process Analysis

Collect debug information for the authentication process:

*Jan 19 16:16:57:263 2020 AC PORTAL/7/REDIRECT-EVENT: Get the original URL(http://www.qq.com/q.cgi).
*Jan 19 16:16:57:263 2020 AC PORTAL/7/REDIRECT-EVENT: The user ip is 172.21.16.4,user-agent is Mozilla/4.0(compatible;MSIE8.0;WindowsNT6.1;Trident/4.0)
*Jan 19 16:16:57:263 2020 AC PORTAL/7/REDIRECT-EVENT: The user ip is 172.21.16.4; the redirect url is http://222.193.95.42/eportal/index.jsp?wlanuserip=172.21.16.4
*Jan 19 16:16:57:263 2020 AC PORTAL/7/HTTP_REDIRECT-EVENT: Process the redirect packet(flag:0x18) successfully and reply. //Redirected successfully
*Jan 19 16:16:59:342 2020 AC PORTAL/7/PACKET:
Portal received 55 bytes of packet: Type=req_auth(3), ErrCode=0, IP=172.21.16.4 //The server sends an authentication request to the access device, carrying the user"s authentication information
*Jan 19 16:16:59:342 2020 AC PORTAL/7/ERROR: Failed to obtain user physical information when create user.UserIP=172.21.16.4
*Jan 19 16:16:59:342 2020 AC PORTAL/7/ERROR: Portal is disabled on the interface.
*Jan 19 16:16:59:343 2020 AC PORTAL/7/ERROR: User mac is invalid.
*Jan 19 16:16:59:343 2020 AC PORTAL/7/ERROR: Failed to get get ssid by user mac,UserMac is Zero.
*Jan 19 16:16:59:343 2020 AC PORTAL/7/PACKET:  //No terminal information was found in the ARP table entry of the device, and the terminal legality check failed
Portal sent 23 bytes of packet: Type=ack_auth(4), ErrCode=1, IP=172.21.16.4 //The authentication result returned by the access device is failed
*Jan 19 16:16:59:343 2020 AC PORTAL/7/PACKET:

Solution

Add the portal host-check enable configuration and enable the legality check function of the wireless portal client.

Reason: 

During portal authentication, the user"s MAC address needs to be carried. If there is no three-layer address for the business vlan on the AC, the user"s MAC cannot be read through ARP. The portal host check enable command needs to be configured to read the user"s MAC from the terminal table entry.

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted