Network Topology
AC + Fit AP
Problem Description
Using Cloudnet one-click authentication, the following error message appears after the terminal is connected to WiFi, and the URL error reason is 90011.
Process Analysis
1. According to R&D, the reason for error 90011 is that after AC sent the authentication message to Cloudnet, it did not receive a response from Cloudnet and timed out.
2. During authentication, AC will send a code to Cloudnet to exchange for access_token.
3. When the fault occurred, the backend of Cloudnet found that no relevant messages sent by AC were received. Therefore, debug on the AC side and perform packet capture analysis on the uplink port of the AC.
Debugging on the AC side revealed that the AC also sent relevant messages normally, but the packet capture did not find any messages sent by the AC, and even the request to establish a TCP connection between the AC and Cloudnet was not found. After further confirmation, it was found that the on-site packet capture interface was wrong, resulting in the failure to capture the packets interacting between the AC and Cloudnet.
4. After deleting the service VLAN address on the AC and changing the portal client-gateway to the AP management VLAN, the authentication was successful. Therefore, it can be basically confirmed that the firewall between the AC and Cloudnet did not allow the service VLAN to pass, resulting in the authentication message sent by the AC to Cloudnet being intercepted, causing the authentication failure.
Solution
The firewall allows the AC's service VLAN address to communicate normally with Cloudnet.