Ca recorder服务器维护,故障处理:802.1X认证失败

最新推荐文章于 2023-10-13 11:15:14 发布
最新推荐文章于 2023-10-13 11:15:14 发布
阅读量1.2k 收藏
点赞数
文章标签: Ca recorder服务器维护
这篇博客详细记录了Ca recorder服务器处理802.1X认证失败的过程。从无线用户关联请求开始,经过WLAN模块、EAP模块和RADIUS模块的交互,最终完成认证并进行实时计费。在过程中,服务器发送认证请求给用户,并收到用户的EAP Start报文,重新开始认证流程。最后,服务器上报用户IP给UCM模块,并发送实时计费消息给AAA模块,完成整个认证和计费过程。
摘要由CSDN通过智能技术生成

1

[BTRACE][2020/06/29 15:07:01][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Flow fork SingleSta MsgType3093 Vcpu:7 Ret:0 Len:318.

该行无需关注,消息在CPU之间复制。Process:2表示当前哪个核在处理报文(消息)。

[AC-diagnose] display process-list

*************************************************

Accumulate total process number :10

Forward mode: centralized

----------------------------------------------

ProcessID ProcessName PID

----------------------------------------------

0 vos.o 196

1 wmc 197

2 wmi 199

3 wmi 200

4 dhcp 201

5 dhcp 202

6 nac 203

7 nac 204

8 ucm_gc 205

9 web_fc 206

***************************************************

2

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7] [WSTA] Receive STA (Re)associate request message.

Assoc local:1, AP ID:0, Radio ID:0, Wlan ID:4, Type(1:assoc, 2:reassoc):1, Pmk:0, Wapi IE:22, Bk ID Num:0, SFN Flag:0, Ability:40, 2.4G CHs:0, 5G CHs:0. FT Roam:0, FT Access:0, Rssi:-54, Old Ap Mac:0000-0000-0000, Auth Type:5 UniCipher:5 MultiCipher:5. Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000, ProcessId:2048. Message len:138, Element len:126, Total len:135, Fix len:88, Ext num:1, Ext Len:26, AGV:0, Assoc duration time:5905

收到无线用户关联请求,Old Ap Mac:0000-0000-0000说明非漫游。

3

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Get sta cfg info VapProfileID:4, VlanId:200, IsBoundVlanPool:0, HacServiceVlanInPool:0, MaxUserNumber:64, VlanMobilityGroupId:1, HomeAgent:0, Fordward:0 Bssid:84a9-c48d-3ba3, ssid:dot1x_129.77, Ap mac:84a9-c48d-3ba0, Ap name:AP-8, AC IP:100.1.1.1, IsDot1xOrWapi:1, Is Ppsk:0, l3 switch:0

获取VAP配置信息,VapProfileID:4,通过display vap-profile all查询索引对应的VapProfile(索引从0(Name: default)开始依次递增)。

4

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process STA associate request message:(ApId:0RadioId:0WlanId:4EssId:4 Assoc Type(1:Assoc,2:Reassoc):1 Vlan:200, Type:3093, Seq Num:12, Max num:64).

处理无线用户关联请求,RadioId:0表示2.4G,1表示5G。

5

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Check vap ap reach max proc(Ap delay num:0, Vap delay num:0, Ap sta mac:0000-0000-0000, Vap sta Mac:0000-0000-0000.

[BTRACE][2020/06/29 15:07:01][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Send STA associate Response message and add sta request (ap:0, radio:0, wlan:0, len:0, response :0, code:0).

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Add sta data roam info 0:MgIP: 0.0.0.0, IpVer:2, StaDataIp:0, Ret:1

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Add sta data roam info 1:MgIP: 0.0.0.0, Ap2AcIP:100.1.1.1

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send STA associate response message. (FT access:0, FT roam:0, Flag:1, loacl:1, Type:5)

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send STA associate response message. (Ap:0, Radio:0, WlanId:4, Type:1, Code:0, Len:326, OpType:0, Flag:0, Detect:1)

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Roam send add STA and IP-MAC request message (Code:0).

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Send add STA and IP-MAC request message (Rt:0, Type:0, ablitity:1).

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] STA (Re)associate request first assoc request response (Type:3093, Code:0).

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] End to process STA first associate add request (Code:0).

[BTRACE][2020/06/29 15:07:01][2048][WLAN_AC][84c9-b272-47e0]:[Process:2][WSTA] Capwap deliver message to sta process (Type:26, prim:0, len:236, fork:7168, code:0)

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process add STA response message (Radio:0, Wlan:4, OpType:0, TryTimes:1 Code:0).

WLAN模块处理无线用户关联请求。

6

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Send EAP authentication request message to EAPOL(Ret Code:0).srcChId:187,dstChId:209,msg:232,SrcForkId:7168,EsapForkId:7168,IfIndex:2466381824,VlanId:200,SN:5

WLAN模块发送认证请求给EAP模块。

7

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSEC] Initiate eapol start message (Interface:2466381824, Vlan:200, Sn:5, Code:0).

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process associate authentication successfully(State:2, Pre AP:4294967295).

WLAN模块处理用户关联成功。

8

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:The serialNo carried in wlan request start pkt is 5.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:EAPOL receive dot1x user associate start msg from WLAN.(MAC=, Index=4294967295, CMIndex=4294967295, ulvACNodeId=7168, ulIfIndex=2466381824, vlan=200)

EAP模块收到WLAN模块的开始认证请求。

9

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Send a EAPoL request identity packet to user. [BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

EAPOL packet: OUT

84 c9 b2 72 47 e0 fc e3 3c 9e 6d 66 81 00 00 c8

88 8e 01 00 00 05 01 05 00 05 01

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]: 802.1x packet: Version:802.1X-2001(1); Type:Eap(0); Length:5 EAPOL packet: Code:Request(1); Id:5; Length:5;Type:Identity(1)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Send EAP_request packet to user successfully.(Index=5)

EAP模块发送EAP Request-Identity(ID:5)报文给用户。

10

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WSTA] Process eapol start message up sucessfully.

[BTRACE][2020/06/29 15:07:01][7168][WLAN_AC][84c9-b272-47e0]:[Process:7][WADP] Receive EAP authentication ack message from EAPOL(Value:0, Code:0, Current SN:5, Response SN:5).

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive EAP packet, get packet information.(L2Type=157409104, QinqVlan=0, Vlan=0,

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive an eap packet from user.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

EAPOL packet: IN

01 80 c2 00 00 03 84 c9 b2 72 47 e0 81 00 e0 c8

88 8e 01 01 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

802.1x packet:

Version:802.1X-2001(1); Type:Start(1); Length:0

EAPOL packet:

Code:Unknown(0); Id:0; Length:0; Type:Unknown(0)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive a EapoL start packet from user. [BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive start packet from user. [BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:User is exist status, receive a eap start packet. [BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Start a new authentication.

EAP模块收到用户发送的EAP Start报文,重新开始认证。

11

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Send a EAPoL request identity packet to user.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

EAPOL packet: OUT

84 c9 b2 72 47 e0 fc e3 3c 9e 6d 66 81 00 00 c8

88 8e 01 00 00 05 01 06 00 05 01

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]: 802.1x packet: Version:802.1X-2001(1); Type:Eap(0); Length:5 EAPOL packet: Code:Request(1); Id:6; Length:5; Type:Identity(1) [BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Send EAP_request packet to user successfully.(Index=6)

EAP模块发送EAP Request-Identity(ID:6)报文给用户。

12

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive EAP packet, get packet information.(L2Type=157409104, QinqVlan=0, Vlan=0,

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive an eap packet from user.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

EAPOL packet: IN

fc e3 3c 9e 6d 66 84 c9 b2 72 47 e0 81 00 e0 c8

88 8e 01 00 00 08 02 05 00 08 01 73 6b 6c 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

802.1x packet:

Version:802.1X-2001(1); Type:Eap(0); Length:8

EAPOL packet:

Code:Response(2); Id:5; Length:8;Type:Identity(1) [BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive a EAPoL response identity packet from user.

EAP模块收到用户发送的EAP Response-Identity(ID:5)报文。

说明:

如果报文ID已过期,则不处理。

13

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive EAP packet, get packet information.(L2Type=157409104, QinqVlan=0, Vlan=0,

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive an eap packet from user.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

EAPOL packet: IN

fc e3 3c 9e 6d 66 84 c9 b2 72 47 e0 81 00 e0 c8

88 8e 01 00 00 08 02 06 00 08 01 73 6b 6c 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

802.1x packet:

Version:802.1X-2001(1); Type:Eap(0); Length:8

EAPOL packet:

Code:Response(2); Id:6; Length:8; Type:Identity(1) [BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive a EAPoL response identity packet from user.

EAP模块收到用户发送的EAP Response-Identity(ID:6)报文,报文ID正确,从报文中获取用户名。

14

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:EAPoL Send authentication message to server.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Send authentication request message to user connection manager module successfully.(local index:6)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Eapol send authentication request to UCM module successfully.(local index:6)

EAP模块发送认证请求给UCM模块。

15

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_AUTH_REQ from EAPOL module (msg code: 184 CID:18).

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:cib is optimized for struct CM NAC WLAN[CM NAC Fill ExtendCib]:ulApId = 0,ucRadioId = 0,ucWirelessAccessType = 5.

UCM收到EAP模块发送的认证请求。

16

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:

[CM NAC Find Access Type Auth Seq](AccessType=13, seqIndex=1)

UCM模块通过配置获取认证类型EAP(13),常见的还有MAC(23)、Portal(24)。

17

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 84A9-C48D-3BA0.

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM send authentication request message to AAA module (CID:18).

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:State from IDLE(substate:BUTT) to AUTH(substate:BUTT). (cib=18, event=AUTH_REQ)

UCM模块发送认证请求给AAA模块。

18

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA receive AAA_SRV_MSG_AUTHEN_REQ message(31) from UCM module(232).

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

DestIndex:18 SrcIndex:18 Slot:7168

User:sklMAC:84c9-b272-47e0

Slot:0 SubSlot:0 Port:0 VLAN:200

IP:255.255.255.255 AccessType:eap AuthenType:EAPRELAY

AdminLevel:0 EapSize:8 AuthenCode:1X ulInterface:2466381824 ChallengeLen:16 ChapID:0 LineType:0 LineIndex:0 PortType:19 AcctSessionId:AC6605_00000000000200b19aa00200012

AAA模块收到UCM模块的认证请求:

用户名 User:skl

认证类型 AccessType:eap

19

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA_MAIN initiate EapRelayAuthenReq event to AAA_AUTHEN module.

CID:0 Result:0 Info:608579692

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:User authentication domain name is

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:The authentication place is RADIUS.

AAA模块查询认证方式为RADIUS。

认证模板下不绑定认证域,直接绑定认证策略、服务器模板时,不打印域名。

20

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235).

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

CID:22 TemplateNo:2 SerialNo:7

PriyServer::: Vrf:0

SendServer::: Vrf:0

AccessType:eap AuthenMethod:EAPRELAY

UserName:sklCallingStationId:84c9-b272-47e0

Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466381824

CID:32786 AcctSessionId:AC6605_00000000000200b19aa00200012

PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255

EapLength:8 StartupTimeStamp:1593441916 LoginIP:255.255.255.255

IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0

ProductID:AC szVersion:Huawei AC6605-26-PWR

SecurityStr:

AAA模块发送认证请求给RADIUS模块。

21

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:Receive authentication request message from AAA module.

RADIUS模块收到AAA模块的认证请求消息。

22

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

Send a authentication request packet to radius server( server ip = 172.168.10.7).

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

Server Template: 2

Server IP : 172.168.10.7

Protocol: Standard

Code : 1

Len : 349

ID : 18

[User-Name ] [5 ] [skl]

[NAS-Port ] [6 ] [200]

[Service-Type ] [6 ] [2]

[Framed-Protocol ] [6 ] [1]

[Calling-Station-Id ] [16] [84c9-b272-47e0]

[NAS-Identifier ] [15] [AC]

[NAS-Port-Type ] [6 ] [19]

[NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200]

[EAP-Message ] [10] [02 06 00 08 01 73 6b 6c ]

[Message-Authenticator ] [18] [a1 97 e1 26 3a a4 11 b7 23 1c a9 fd 84 a7 2d cf ]

[Called-Station-Id ] [32] [84-A9-C4-8D-3B-A0:dot1x_129.77]

[NAS-IP-Address ] [6 ] [172.168.10.77]

[Framed-Mtu ] [6 ] [1500]

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

[Acct-Session-Id ] [36] [AC6605_00000000000200b19aa00200012]

[WLAN-Pairwise-Cipher ] [6 ] [0]

[WLAN-Group-Cipher ] [6 ] [0]

[WLAN-AKM-Suite ] [6 ] [0]

[WLAN-Group-Mgmt-Cipher ] [6 ] [0]

[HW-NAS-Startup-Time-Stamp ] [6 ] [1593441916]

[HW-IP-Host-Address ] [35] [255.255.255.255 84:c9:b2:72:47:e0]

[HW-Connect-ID ] [6 ] [32786]

[HW-Version ] [22] [Huawei AC6605-26-PWR]

[HW-Product-ID ] [4 ] [AC]

[HW-AP-Information ] [16] [84A9-C48D-3BA0]

[HW-Access-Type ] [6 ] [1]

RADIUS模块发送Radius Access Request报文(备注:EAP报文封装在EAP-Message属性中)给RADIUS服务器。

23

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

Received a authentication challenge packet from radius server(server ip = 172.168.10.7).

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

Server Template: 2

Server IP : 172.168.10.7

Server Port : 1812

Protocol: Standard

Code : 11

Len : 62

ID : 18

[State ] [16] [\001r\376\345g0]

[EAP-Message ] [8 ] [01 0b 00 06 19 20 ]

[Message-Authenticator ] [18] [00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ]

RADIUS模块收到RADIUS服务器的Radius Access Challenge报文(备注:EAP报文封装在EAP-Message属性中)。

24

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:Send authentication challenge message to AAA.

RADIUS模块发送认证Challenge消息给AAA模块。

25

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA receive AAA_RD_MSG_AUTHENCHALLENGE message(52) from RADIUS module(235).

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

CID:22 TemplateNo:2 SerialNo:7

SrcMsg:AAA_RD_MSG_AUTHENREQ

PriyServer::: Vrf:0

SendServer:172.168.10.7 Vrf:0

EapSessionTime:4294967295 EapPasswordRetry:4294967295 TerminationAction:4294967295 EapLength:6

RDReplyMessage: State:0172fee5673000000172fee56730

AAA模块收到RADIUS模块的认证Challenge消息。

26

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA send AAA_SRV_MSG_AUTHEN_ACK message(36) to UCM module(232).

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

DestIndex:18 SrcIndex:18 Slot:4294967295

Result:2 DomainIndex:65535 ServiceScheme:65535 AuthedPalace:3 VLAN:65535 IsCallBackVerify:0 IsCallbackUser:0 IfSessionTimeout:0 IfRemanentVolume:0 IfIdleCut:0 SessionTimeout:4294967295 RemanentVolume:4294967295 IdleTimeout:4294967295 EAPSessionTimeout:4294967295 EAPPasswordRetry:4294967295 RTAcctInterval:4294967295 Priority:[255,255] AdminLevel:255 NextHop:4294967295 Role:0 LiAdmin:0 EapSize:6 ReplyMessage: TunnelType:0 MediumType:0 PrivateGroupID: SerialNo:7 WlanReasonCode:0

AAA模块透传认证Challenge消息给UCM模块 (Result: 0 认证成功,1 认证失败,2 认证挑战)。

27

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM receive AAA_SRV_MSG_AUTHEN_ACK from AAA module (msg code: 36 CID:18).

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:

[Cib is optimized for struct CM_CIB_S] enter in CMNACFillAAAAckInfo.

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:

[Cib is optimized for struct CM_CIB_S] enter in CM_NAC_ProAckInfo.

UCM模块收到AAA模块的认证Challenge消息。

28

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM send authentication ack message to AAA module (CID:18).

UCM模块发送认证Challenge消息给EAP模块。

29

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive authen ack message from UCM module.(Result=2,local index=6,MAC=84c9-b272-47e0,RadiusTemplateIndex=65535,Reason=255)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive authentication ack message from server.(result:SRV_AUTH_CHALLENGE)

EAP模块收到UCM模块的认证Challenge消息。

30

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Eapol send authentication request challenge packet to user.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

EAPOL packet: OUT

84 c9 b2 72 47 e0 fc e3 3c 9e 6d 66 81 00 00 c8

88 8e 01 00 00 06 01 0b 00 06 19 20

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

802.1x packet:

Version:802.1X-2001(1); Type:Eap(0); Length:6

EAPOL packet:

Code:Request(1); Id:11; Length:6; Type:PEAP(25)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Send EAP_request packet to user successfully.(Index=6)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Eapol send request/challenge packet to user successfully.enter request status.(local index:6)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive EAP packet, get packet information.(L2Type=157409104, QinqVlan=0, Vlan=0,

EAP模块发送EAP Challenge Request报文(即Radius Access Challenge报文中的EAP-Message属性值)给用户。

31

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive an eap packet from user.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

EAPOL packet: IN

fc e3 3c 9e 6d 66 84 c9 b2 72 47 e0 81 00 e0 c8

88 8e 01 00 00 69 02 0b 00 69 19 80 00 00 00 5f

16 03 01 00 5a 01 00 00 56 03 01 5e f9 92 c8 7c

dd 19 50 72 93 2b cd a3 94 e5 30 88 5a dd 34 fb

8a ae a3 55 cc 84 ea 83 1f 1e 4a 00 00 18 00 2f

00 35 00 05 00 0a c0 13 c0 14 c0 09 c0 0a 00 32

00 38 00 13 00 04 01 00 00 15 ff 01 00 01 00 00

0a 00 06 00 04 00 17 00 18 00 0b 00 02 01 00

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:

802.1x packet:

Version:802.1X-2001(1); Type:Eap(0); Length:105

EAPOL packet:

Code:Response(2); Id:11; Length:105;Type:PEAP(25)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Add a Eap Packet Node to EAPOL Ucib, MAC is 84c9-b272-47e0.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Receive a EAPoL response challenge packet from user.

EAP模块收到用户的EAP Challenge Response报文。

32

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:EAPoL Send authentication message to server.

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Send authentication request message to user connection manager module successfully.(local index:6)

[BTRACE][2020/06/29 15:07:01][7168][EAPoL][84c9-b272-47e0]:Eapol send authentication request to UCM module successfully.(local index:6)

EAP模块发送认证请求消息给UCM模块。

33

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM receive ESAP_SRV_MSG_AUTH_REQ from EAPOL module (msg code: 184 CID:18).

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM WLAN Get Ap Info. Ap Info is 84A9-C48D-3BA0.

UCM模块收到EAP模块的认证请求消息。

34

[BTRACE][2020/06/29 15:07:01][7168][CM][84c9-b272-47e0]:CM send authentication request message to AAA module (CID:18).

UCM模块发送认证请求消息给AAA模块。

35

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA receive AAA_SRV_MSG_AUTHEN_REQ message(31) from UCM module(232).

AAA模块收到UCM模块的认证请求消息。

36

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

DestIndex:18 SrcIndex:18 Slot:7168

User:skl MAC:84c9-b272-47e0

Slot:0 SubSlot:0 Port:0 VLAN:200

IP:255.255.255.255 AccessType:eap AuthenType:EAPRELAY

AdminLevel:0 EapSize:105 AuthenCode:1X

ulInterface:2466381824 ChallengeLen:16 ChapID:0

LineType:0 LineIndex:0 PortType:19

AcctSessionId:AC6605_00000000000200b19aa00200012

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA_MAIN initiate EapRelayAuthenReq event to AAA_AUTHEN module.

CID:0 Result:0 Info:542008332

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

AAA send AAA_RD_MSG_AUTHENREQ message(49) to RADIUS module(235).

[BTRACE][2020/06/29 15:07:01][7168][AAA][84c9-b272-47e0]:

CID:22 TemplateNo:2 SerialNo:7

PriyServer::: Vrf:0

SendServer::: Vrf:0

AccessType:eap AuthenMethod:EAPRELAY

UserName:skl CallingStationId:84c9-b272-47e0

Slot:0 SubSlot:0 Port:0 Vlan:200 Interface:2466381824

CID:32786 AcctSessionId:AC6605_00000000000200b19aa00200012

PortType:19 ServiceType:2 FramedProtocol:1 FramedIP:255.255.255.255

EapLength:105 StartupTimeStamp:1593441916 LoginIP:0.0.0.0

IPHostAddr:255.255.255.255 84:c9:b2:72:47:e0

ProductID:AC szVersion:Huawei AC6605-26-PWR

SecurityStr:

AAA模块发送认证请求消息给RADIUS模块。

37

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:Receive authentication request message from AAA module.

RADIUS模块收到AAA模块的认证请求消息。

38

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

Send a authentication request packet to radius server( server ip = 172.168.10.7).

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

Server Template: 2

Server IP : 172.168.10.7

Protocol: Standard

Code : 1

Len : 468

ID : 19

[User-Name ] [5 ] [skl]

[NAS-Port ] [6 ] [200]

[Service-Type ] [6 ] [2]

[Framed-Protocol ] [6 ] [1]

[Calling-Station-Id ] [16] [84c9-b272-47e0]

[NAS-Identifier ] [15] [AC]

[NAS-Port-Type ] [6 ] [19]

[NAS-Port-Id ] [36] [slot=0;subslot=0;port=0;vlanid=200]

[State ] [16] [\001r\376\345g0]

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

[EAP-Message ] [107] [02 0b 00 69 19 80 00 00 00 5f 16 03 01 00 5a 01 00 00 56 03 01 5e f9 92 c8 7c dd 19 50 72 93 2b cd a3 94 e5 30 88 5a dd 34 fb 8a ae a3 55 cc 84 ea 83 1f 1e 4a 00 00 18 00 2f 00 35 00 05 00 0a c0 13 c0 14 c0 09 c0 0a 00 32 00 38 00 13 00 04 01 00 00 15 ff 01 00 01 00 00 0a 00 06 00 04 00 17 00 18 00 0b 00 02 01 00 ]

[Message-Authenticator ] [18] [b1 13 20 a9 a3 66 8f e1 34 c7 e7 d4 16 28 0d b8 ]

[Called-Station-Id ] [32] [84-A9-C4-8D-3B-A0:dot1x_129.77]

[Login-IP-Host ] [6 ] [0.0.0.0]

[NAS-IP-Address ] [6 ] [172.168.10.77]

[Framed-Mtu ] [6 ] [1500]

[Acct-Session-Id ] [36] [AC6605_00000000000200b19aa00200012]

[WLAN-Pairwise-Cipher ] [6 ] [0]

[WLAN-Group-Cipher ] [6 ] [0]

[WLAN-AKM-Suite ] [6 ] [0]

[WLAN-Group-Mgmt-Cipher ] [6 ] [0]

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

[HW-NAS-Startup-Time-Stamp ] [6 ] [1593441916]

[HW-IP-Host-Address ] [35] [255.255.255.255 84:c9:b2:72:47:e0]

[HW-Connect-ID ] [6 ] [32786]

[HW-Version ] [22] [Huawei AC6605-26-PWR]

[HW-Product-ID ] [4 ] [AC]

[HW-AP-Information ] [16] [84A9-C48D-3BA0]

[HW-Access-Type ] [6 ] [1]

RADIUS模块发送Radius Access Request报文给RADIUS服务器。

39

[BTRACE][2020/06/29 15:07:01][7168][RADIUS][84c9-b272-47e0]:

Received a authentica

最低0.47元/天 解锁文章
安会怡
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
freeradius 802.1X EAP-PEAP 认证失败问题的解决
perddy的专栏
03-09 2万+
使用freeradius 2.1.12版本测试 EAP-PEAP认证过程中,总是无法认证成功,查看相关的LOG显示, EAP-TLS 和 TUNNEL都已经完成,但是在mschapv2过程中出现报错, 经过检查 default文件中eap和sql相关的配置都配置没有问题;进一步分析LOG,报错位置在 Executing group from file /usr/local/etc/raddb/s
由于切换jdk导致802.1x认证失败
chris的专栏
04-20 1385
问题:AAA下802.1x认证,协议为eap-peap协议时,jdk版本由1.6u27以前版本升级到jdk1.7版本,认证失败,客户端不回应报文。 原因:服务器使用jdk的jsse的模块进行tls协议处理,升级后,由于jsse模块代码变更导致,详细原因: 1.在协议协商时就失败,原因是jdk默认的安全策略导致,由于出口限制,限制了出口算法 解决办法:修改jdk\jre\lib\securit
802.1x认证失败配置(guest vlan)
夜邢的博客
07-23 2208
802.1x认证前域配置(guest vlan) 华三802.1x认证guest vlan 华为802.1x认证前域配置(guest vlan)
802.1X认证失败问题的解决方案
weixin_34221036的博客
03-15 4110
802.1X认证失败,很多情况是,网卡profile的内容与本公司采用认证方式的不匹配造成,在问题机器上重新导入一个符合本公司认证条件的新profile,方可解决此问题: netsh lan add profile c:\x.xml 转载于:https://blog.51cto.com/sukhoi/283897...
android 802.1x 认证失败,交换机802.1X认证不成功
weixin_35651612的博客
05-31 850
处理过程May 10 2013 13:50:08.420.15-05:13 HQ-CR-ACC-C11-C02 CM/7/DEBUG:[CM DBG]Interface is down.May 10 2013 13:50:08.430.1-05:13 HQ-CR-ACC-C11-C02 CM/7/DEBUG:[CM DBG]Interface is down ///////////////////...
recorder.mp3.min.js
01-16
录音Js beiyong 录音Js beiyong 录音Js beiyong 录音Js beiyong
three-example-recorder:Three.js 示例记录器转 mp4
07-06
Three.js是JavaScript的一个库,专门用于在浏览器中处理3D图形。这个库使得开发者无需深入理解WebGL的复杂性,也能创建出令人惊叹的三维视觉效果。 标题中的"three-example-recorder:Three.js 示例记录器转 mp4...
vue使用recorder.js实现录音功能
10-15
在Vue项目中实现录音功能,我们可以借助第三方库recorder.js。Recorder.js是一个轻量级的JavaScript库,用于在Web浏览器中录制音频。以下是如何在Vue中集成并使用recorder.js的详细步骤: 1. **引入外部JS文件**: ...
nightly.xam.audiorecorder:Xamarin Forms录音机库
03-19
recorder.SetOutputFilePath("path_to_save_recording"); // 开始录音 await recorder.StartRecordingAsync(); ``` 总的来说,"Nightly.xam.audiorecorder"是Xamarin.Forms开发者的一个强大工具,它减少了处理音频...
HTML5录音插件Recorder.js
06-01
6. **事件处理**:Recorder.js提供了`onaudioend`事件,当录音结束后触发,可以在事件处理函数中处理WAV文件。 在项目中使用Recorder.js时,通常会配合HTML5的`<audio>`元素来播放预览录音,或者使用FormData对象和...
802.1X认证的问题
kepa520的博客
07-23 1183
装不装AD,配置没多大区别,在交换机上主要配置有:开启3A认证 指定RADIUS服务器 配置交换机地址 让交换机指向RADIUS服务器 还有就是配置802.1X端口 开启端口  在服务器里 要在IAS里添加客户端 添加远程访问策略 请求连接策略 还有添加个允许访问的用户 c2950-1#show run Building configuration... Current confi
如何修复win无线服务器,win10 无线802 1X认证故障处理 以 升级后网络故障常规解决方法...
weixin_29341747的博客
08-04 640
本帖最后由 郭友友 于 2016-7-5 14:05 编辑【问题现象】当升级Windows10 后无法连接到的 WPA-2 企业网络(尤其是校园网),即使用证书进行服务器端或相互身份的验证 (EAP-TLS,PEAP TTLS)。【解决方案】联系对应的Radius 服务器供应商做TLS1.2的修复。★★ 对于锐捷厂商的客户,锐捷已经对TLS1.2进行了修复,可以拨打锐捷远程支持中心(4008111...
无线瘦AP部署——Capwap隧道原理及故障Capwap隧道常见问题-11.X版本
最新发布
君逍遥o
10-13 2428
ap 没有获取到ip地址 ap 没有获取到option 138字段 ap 无法ping通ac 建立隧道地址 capwap udp 5246、5247端口被中间设备丢弃或过滤
wifi 802.11 kvr 漫游
u012368552的博客
06-27 4542
wifi 802.11 kvr 漫游
征途linux编译错误,高分求助!征途LINUX架设出现的问题!会的来!
weixin_42680139的博客
05-02 172
启动第一个服务器的时候提示的这个,别人说修改config.xml 怎么修改啊!高人解答!100分奉上!sql connect will been closed...cd /home/ztgame-bash: syntax error near unexpected token `('[root@localhost ztgame]# ./1100807-16:27:55 SuperServer DE...
Win10 无线网络802.1X认证 PEAP问题
热门推荐
醉陌浮生,乱谜浊
09-28 2万+
无线网络802.1X认证故障问题现象: 当升级Windows10 后,无法连接到的 WPA-2 企业网络(尤其是校园网),即使用证书进行服务器端或相互身份的验证 (EAP-TLS,PEAP TTLS)。 解决方案: 联系对应的Radius 服务器供应商做TLS1.2的修复。 对于锐捷厂商的客户,锐捷已经对TLS1.2进行了修复,可以拨打锐捷远程支持中心(400811100)进行障碍处理。 针
EAPOL
printf_mylife的专栏
02-18 1万+
EAP(Extensible Authentication Protocol),可扩展认证协议,是一种普遍使用的支持多种认证方法的认证框架协议,主要用于网络接入认证。该协议一般运行在数据链路层上,即可以直接运行于PPP或者IEEE 802之上,不必依赖于IP。EAP可应用于无线、有线网络中。          EAP的架构非常灵活,在Authenticator(认证方)和Supplicant(客
获取MAC地址的两种方法,一种可以跨vlan取得MAC
王晶波的专栏
08-01 3581
只接上代码.大家都看得明白的,(VB.net),函数中的内容理解不了没关系,牛人多的是,咱们只要会用就行啦! Imports System.Diagnostics Partial Class Other_MAC Inherits System.Web.UI.Page Pr
06-07 14:44:13.772 611 780 I ActivityManager: Process com.android.deskclock (pid 5492) has died 06-07 14:44:13.772 611 780 D ActivityManager: cleanUpApplicationRecord -- 5492 06-07 14:44:14.411 611 21332 I ActivityManager: Low on memory: 06-07 14:44:14.411 611 21332 I ActivityManager: ntv N 908723: simple_recorder_03.00 (pid 1828) native
06-09
这是一些Android系统的日志信息,其中包含了一些应用程序的运行状态。第一条日志信息显示com.android.deskclock进程已经停止运行,第二条日志信息显示系统正在清理该应用程序的资源。第三条日志信息是关于内存不足的警告,显示simple_recorder_03.00这个应用程序正在使用大量的内存。这些日志信息通常用于开发和调试Android应用程序。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值