1-29
Troubleshooting Portal
Inconsistent Keys on the Access Device and the Portal Server
Symptom
When a user is forced to access the portal server, the portal server displays neither the portal
authentication page nor any error message. What the user sees is a blank web page.
Analysis
The keys configured on the access device and the portal server are inconsistent, causing CHAP
message exchange failure. As a result, the portal server does not display the authentication page.
Solution
z
Use the
display portal server
command to display the key for the portal server on the access
device and view the key for the access device on the portal server.
z
Use the
portal server
command to modify the key on the access device or modify the key for the
access device on the portal server to ensure that the keys are consistent.
Incorrect Server Port Number on the Access Device
Symptom
After a user passes the portal authentication, you cannot force the user to log out by executing the
portal delete-user
command on the access device, but the user can log out by using the
disconnect
attribute on the authentication client.
Analysis
When you execute the
portal delete-user
command on the access device to force the user to log out,
the access device actively sends a REQ_LOGOUT message to the portal server. The default listening
port of the portal server is 50100. However, if the listening port configured on the access device is not
50100, the destination port of the REQ_LOGOUT message is not the actual listening port on the server.
Thus, the portal server cannot receive the REQ_LOGOUT message. As a result, you cannot force the
user to log out the portal server.
When the user uses the
disconnect
attribute on the client to log out, the portal server actively sends a
REQ_LOGOUT message to the access device. The source port is 50100 and the destination port of the
ACK_LOGOUT message from the access device is the source port of the REQ_LOGOUT message so
that the portal server can receive the ACK_LOGOUT message correctly, no matter whether the listening
port is configured on the access device. Therefore, the user can log out the portal server.
Solution
Use the
display portal server
command to display the listening port of the portal server on the access
device and use the
portal server
command in the system view to modify it to ensure that it is the actual
listening port of the portal server.
Summary of Contents for S7902E
Page 82: ...1 4 DeviceA interface tunnel 1 DeviceA Tunnel1 service loopback group 1 ...
Page 200: ...1 11 DeviceB display vlan dynamic No dynamic vlans exist ...
Page 598: ...ii ...
Page 1757: ...4 9 ...
Page 1770: ...6 4 ...
Page 2017: ...2 11 Figure 2 3 SFTP client interface ...
Page 2238: ...1 16 DeviceA cfd linktrace service instance 1 mep 1001 target mep 4002 ...