Country/Region

⭐When local Portal+LDAP uses mac-trigger authentication cannot go online

2023-12-29 16:53:15 Published
  • 0 Followed
  • 0Collected ,4327Browsed
Naomi

Network Topology

Centralized forwarding, local Portal authentication + LDAP, using local mac-trigger authentication


Problem Description

The customer can successfully access the Internet through normal authentication for the first time. When the user goes online, both portal user session and local-binding sessions exist on the WLAN controller. After the client goes offline, it cannot access the wifi through mac-trigger authentication normally.



Process Analysis

  • When the client try to connect to wifi through mac-trigger authentication, run the debugging as following:
<H3C>debugging portal all
[H3C]dis portal user all*Dec  8 02:14:35:627 2023 H3C PORTAL/7/EVENT: Finished scanning traffic send work.
*Dec  8 02:14:35:628 2023 H3C PORTAL/7/EVENT: User-SM[192.168.210.xxx]: Receiving last traffic when user is logging off.
*Dec  8 02:14:35:628 2023 H3C PORTAL/7/FSM: User-SM[192.168.210.xxx]: Begin to run.
*Dec  8 02:14:35:628 2023 H3C PORTAL/7/FSM: User-SM [192.168.210.xxx]: State changed from Offline_Waiting_Traffic to Offline_Waiting_Acctoff.
*Dec  8 02:14:35:628 2023 H3C PORTAL/7/EVENT: User-SM[192.168.210.xxx]: Stopped User-SM timer.
*Dec  8 02:14:35:628 2023 H3C PORTAL/7/EVENT: User-SM[192.168.210.xxx]: AAA processed accounting-off request and returned.
*Dec  8 02:14:35:629 2023 H3C PORTAL/7/FSM: User-SM [192.168.210.xxx]: State changed from Offline_Waiting_Acctoff to Done.
*Dec  8 02:14:35:629 2023 H3C PORTAL/7/FSM: User-SM[192.168.210.xxx]: User was destroyed.
*Dec  8 02:14:35:629 2023 H3C PORTAL/7/ERROR: Failed to get ssid by user mac, user MAC:xx-xx-xx-xx-16-52.
*Dec  8 02:14:35:629 2023 H3C PORTAL/7/ERROR: Failed to get ssid by user mac, user MAC:xx-xx-xx-xx-16-52.
*Dec  8 02:14:35:629 2023 H3C PORTAL/7/EVENT: User-SM[192.168.210.105]: Notified User-Detect-SM to stop detection.
*Dec  8 02:14:35:629 2023 H3C PORTAL/7/ERROR: Failed to get ssid by user mac, user MAC:xx-xx-xx-xx-16-52.

  • Check that the local-binding session still exists at this time, but the client can't access.
[H3C]dis portal local-binding   mac-address   all  
Total mac-address number:        1
  Mac-address            Aging            User-name
  xxxx-xxxx-1652         23:59:03         administrator

  • The local-binding session is deleted after a period of time.

*Dec  8 02:15:40:609 2023 H3C PORTAL/7/ERROR: User mac is invalid.
*Dec  8 02:15:40:609 2023 H3C PORTAL/7/ERROR: Failed to get get ssid by user mac,UserMac is Zero.
*Dec  8 02:15:40:609 2023 H3C PORTAL/7/MAC-trigger Event: Delete mac-trigger local-binding entry, MAC=xxxx-xxxx-1652
  • The user mac cannot be obtained normally during the second authentication. It has been confirmed that the local Mac-trigger does not support combination with third-party servers (such as LDAP Server), and all servers must be on the AC for this scenario.



Solution

Use local mac-trigger with local user or place the mac-trigger server on the remote authentication server.


Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted