微信认证服务器错误,某局点WX2510H做微信认证异常问题处理经验案例

1.查看配置,发现正常:#

version 7.1.064, Release 5221

#

#

dns server 114.114.114.114

#

vlan 800

description i-guangdong-wifi

#

vlan 810

description i-guangdong-wifi-user

#

wlan service-template 1

ssid i-Guangdong

vlan 810

user-isolation enable

client-rate-limit enable

client-rate-limit inbound mode static cir 512

client-rate-limit outbound mode static cir 6144

portal enable method direct

portal domain i-guangdong

portal bas-ip 10.65.4.163

portal apply web-server portal

service-template enable

#

wlan service-template 2

ssid cl-office

akm mode psk

preshared-key pass-phrase cipher $c$3$ojfOHtIQFJZNcmtndKhszuVO9iAVY0GXG0+lcw==

cipher-suite ccmp

security-ie rsn

client-rate-limit enable

client-rate-limit inbound mode static cir 512

client-rate-limit outbound mode static cir 12288

service-template enable

#

wlan service-template 3

ssid iGT

vlan 810

user-isolation enable

portal enable method direct

portal domain i-guangdong-portal3

portal bas-ip 10.65.4.163

portal apply web-server portal3

service-template enable

#

interface NULL0

#

interface Vlan-interface800

ip address 10.65.4.163 255.255.255.224

#

interface GigabitEthernet1/0/2

port link-mode bridge

port access vlan 800

#

interface GigabitEthernet1/0/3

port link-mode bridge

port access vlan 810

#

interface GigabitEthernet1/0/4

port link-mode bridge

port access vlan 810

#

interface GigabitEthernet1/0/5

port link-mode bridge

description link-to-route

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 800 810

#

ip route-static 0.0.0.0 0 10.65.4.161

#

radius session-control enable

#

radius scheme i-guangdong

primary authentication 10.64.1.201 key cipher $c$3$qXeFEBd8VF8Kk1ySRmVh9cQfUP8ka5PgbMlFgz0aCFQAEG8=

primary accounting 10.64.1.201 key cipher $c$3$tbG57h1SD566zp5SxXAHaO4WQhKJD5fqx+9rStxWqKhZY30=

key authentication cipher $c$3$4WE02rHwjgHV4jT4bh3nRIeakKkbCuw3nYV3MwCA97ndUP0=

key accounting cipher $c$3$/2jhhSOpqE5AoHJiOBLISYxtjPsI+8EuIMl4WjPyfS8pWrA=

user-name-format keep-original

nas-ip 10.65.4.163

#

radius scheme i-guangdong-portal3

primary authentication 10.64.2.104 key cipher $c$3$A7hfmQ1Il5PMT6Y2qt2qrt4DwkWmzGuTSIJRC/LCA++PxwI=

primary accounting 10.64.2.104 key cipher $c$3$/vq/m668j7ZoRMlVHFLlAQBenmFs5P4uH32aKmkqnjjwfqg=

key authentication cipher $c$3$DWsVsgeUUj7UYKF4FvfsOkJNSvtR9xHZOafIpup4dVLT8xs=

key accounting cipher $c$3$sUftC5uX84n8j59qJVER3BjQZsiv4unajDyBUtkMsHt1oig=

user-name-format keep-original

nas-ip 10.65.4.163

#

domain i-guangdong

authorization-attribute idle-cut 120 10240

session-time include-idle-time

authentication portal radius-scheme i-guangdong

authorization portal radius-scheme i-guangdong

accounting portal radius-scheme i-guangdong

#

domain i-guangdong-portal3

authorization-attribute idle-cut 120 10240

session-time include-idle-time

authentication portal radius-scheme i-guangdong-portal3

authorization portal radius-scheme i-guangdong-portal3

accounting portal radius-scheme i-guangdong-portal3

#

portal host-check enable

portal device-id IGD_H3C_CJRJYPX

portal auth-fail-record enable

portal auth-error-record enable

portal free-rule 1 source ip any destination ip 114.67.*.0 255.255.255.240

portal free-rule 2 source ip 114.67.*.0 255.255.255.240 destination ip any

portal free-rule 3 source ip any destination ip 202.96.*.86 255.255.255.255

portal free-rule 4 source ip any destination ip 202.96.*.166 255.255.255.255

portal free-rule 5 source ip any destination ip 10.64.1.0 255.255.255.0

portal free-rule 6 source ip 10.64.1.0 255.255.255.0 destination ip any

portal free-rule 7 source ip any destination ip 114.114.114.114 255.255.255.255

portal free-rule 8 source ip any destination ip 10.64.2.0 255.255.255.0

portal free-rule 9 source ip 10.64.2.0 255.255.255.0 destination ip any

portal free-rule 10 source interface GigabitEthernet1/0/5

#

portal web-server portal

url https://i-guangdong.windfindtech.com/portal/login

server-type cmcc

url-parameter apmac ap-mac

url-parameter nasid nas-id

url-parameter userip source-address

url-parameter usermac source-mac

url-parameter wlanacip value 10.65.4.163

url-parameter wlanacname value IGD_H3C_CJRJYPX

#

portal web-server portal3

url https://i-guangdong.windfindtech.com/portal2/login

server-type cmcc

url-parameter apmac ap-mac

url-parameter nasid nas-id

url-parameter userip source-address

url-parameter usermac source-mac

url-parameter wlanacip value 10.65.4.163

url-parameter wlanacname value IGD_H3C_CJRJYPX

#

portal server portal

ip 10.64.1.3

server-type cmcc

#

portal server portal2

ip 10.64.1.4

server-type cmcc

#

portal server portal3

ip 10.64.1.234

server-type cmcc

#

portal server portal4

ip 10.64.2.104

server-type cmcc

#

wlan global-configuration

control-address enable

nas-id 767017

#

wlan ap-group default-group

vlan 1

ap-model WA4320-ACN-SI

radio 1

radio enable

service-template 1 vlan 810

service-template 2 vlan 810

service-template 3 vlan 810

radio 2

radio enable

service-template 1 vlan 810

service-template 2 vlan 810

service-template 3 vlan 810

#

wlan ap 2f-01 model WA4320-ACN-SI

serial-id 219801A0T78171E08716

radio 1

radio enable

channel band-width 40

radio 2

radio enable

#

wlan ap 2f-02 model WA4320-ACN-SI

serial-id 219801A0T78171E05524

radio 1

radio enable

channel band-width 40

radio 2

radio enable

#

wlan ap 2f-03 model WA4320-ACN-SI

serial-id 219801A0T78171E08761

radio 1

channel band-width 40

radio 2

radio enable

#

wlan ap 3f-04 model WA4320-ACN-SI

serial-id 219801A0T78171E06080

radio 1

radio enable

channel band-width 40

radio 2

radio enable

#

wlan ap 3f-05 model WA4320-ACN-SI

serial-id 219801A0T78171E08346

radio 1

radio enable

channel band-width 40

radio 2

radio enable

#

wlan ap 3f-06 model WA4320-ACN-SI

serial-id 219801A0T78171E05550

radio 1

radio enable

channel band-width 40

radio 2

radio enable

#

cloud-management server domain oasis.h3c.com

#

2.看了一下故障的debug,如下:

*May 27 15:44:00:386 2019 IGD_H3C_CJRJYPX PORTAL/7/EVENT:

User-SM[172.18.0.107]: Notified Auth-SM to process the REQ_AUTH packet.

*May 27 15:44:00:386 2019 IGD_H3C_CJRJYPX PORTAL/7/FSM: Auth-SM:

Started to run.

*May 27 15:44:00:387 2019 IGD_H3C_CJRJYPX PORTAL/7/FSM: Auth-SM

[172.18.0.107]: Entered state Authenticating.

*May 27 15:44:00:387 2019 IGD_H3C_CJRJYPX PORTAL/7/EVENT:

User-SM[172.18.0.107]: AAA processed authentication request and returned

processing.

*May 27 15:44:00:387 2019 IGD_H3C_CJRJYPX PORTAL/7/FSM:

User-SM[172.18.0.107]: Begin to run.

*May 27 15:44:00:387 2019 IGD_H3C_CJRJYPX PORTAL/7/EVENT:

User-SM[172.18.0.107]: Received authentication response, RespCode=26.

*May 27 15:44:00:387 2019 IGD_H3C_CJRJYPX PORTAL/7/FSM: Auth-SM:

Started to run.

*May 27 15:44:00:387 2019 IGD_H3C_CJRJYPX PORTAL/7/PACKET:

Portal sent 16 bytes of packet: Type=ack_auth(4), ErrCode=1,

IP=172.18.0.107

正常portal过程,AC收到portal服务器发送的REQ-AUTH(type=3)的报文之后,应该会和AAA服务器交互认证报文,AAA服务器回复通过之后,AC才会回复ACK-AUTH(type=4),errorcode=0的报文给portal服务器。

而上面这个不正常的认证过程,可以发现AAA服务器回复的RespCode=26代表信息交互不正常,正常应该是:

*May 27 16:18:12:190 2019 IGD_H3C_CJRJYPX PORTAL/7/EVENT:

User-SM[172.18.0.107]: Received authentication response,RespCode=0.

即AAA服务器不通过这个认证,导致后续AC给portal服务器回复的ACK-AUTH(type=4)报文的errorcode=1,所以这就应该排查服务器为什么回复的是RespCode=26。

  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
ASP微信小程序授权登录和微信支付是两个常见的功能需求,下面我以一个案例demo来简单介绍它们的实现。 假设我们要开发一个在线商城的微信小程序。首先,用户需要授权登录才能使用小程序的功能。我们可以使用微信提供的API,在小程序的登录页面上调用wx.login()方法获取用户的临时登录凭证code。然后将code发送给后台服务器,通过调用微信的接口,如wx.login()、wx.getUserInfo()等,获取用户的openId和userInfo等信息,并保存在后台数据库中。这样,在小程序开发过程中就可以使用用户的openId来标识用户,实现个性化的功能。 接下来,我们需要实现微信支付功能。在用户下单购买商品时,可以调用微信支付接口来完成支付流程。用户确认订单并选择支付方式后,会生成一个支付订单,并将订单相关信息发送给后台服务器。后台服务器根据订单信息调用微信支付的接口,如wx.requestPayment(),生成一个支付参数,并将支付参数返回给小程序前端页面。小程序前端页面接收到支付参数后,可以调用wx.requestPayment()方法进行支付。支付成功后,后台服务器会收到微信向回调URL发送的支付通知,商户可以在回调接口中更新订单状态等操作。 当然,实现微信授权登录和微信支付功能还需要考虑其他方面,如登录态的维护、支付结果的处理等。这只是一个简单的示例,实际项目中还需要根据具体需求进行适当的调整和优化。 以上是关于ASP微信小程序授权登录和微信支付的案例demo的简要介绍,希望对您有所帮助。如有其他问题,请随时提问。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值