| The root cause is that the SSID tpmpad that uses MAC address authentication is configured on the AC with local database. After the terminal is connected to this SSID, the terminal will remember it. After the terminal is locked and unlocked, the terminal connects to this SSID. But if the terminal does not have a local account, the authentication fails. After the authentication fails, the terminal will be silent for 60 seconds. In this case, the terminal cannot perform MAC address-prioritized Portal authentication. # interface Wlan-Ess100 port hybrid pvid vlan 100 port hybrid untagged vlan 100 mac-authen permit-domain name test force-domain name test mac-authen username macaddress format with-hyphen password cipher %@%@_MK_U"UQ|S{:|5#m4M-QSjmJ%@%@ # [AC6605]dis mac-authen MAC address authentication is Enabled. Username format: use MAC address without-hyphen as username Quiet period is 60s Authentication fail times before quiet is 1 Offline detect period is 300s Server response timeout value is 120s Reauthenticate period is 1800s Guest user reauthenticate period is 60s Maximum users: 10240 Current users: 0 Global domain is not configured [AC6605]display aaa online-fail-record mac-address xxxx-xxxx-xxxx ------------------------------------------------------------------------------ User name : xxxxxxxxxxxx Domain name : test User MAC : xxxx-xxxx-xxxx User access type : MAC User access interface : Wlan-Dbss192:189 Qinq vlan/User vlan : 0/192 User IP address : - User ID : 4462 User login time : 2018/10/10 10:48:10 User online fail reason : Authenticate fail Authen reply message : - ------------------------------------------------------------------------------ 【Solution】 1. Other device connect to SSID test is not allowed, hide this SSID, so other device cannot search and connect to it. [AC6605-wlan-service-set-test]dis this # forward-mode tunnel wlan-ess 100 ssid test traffic-profile id 1 security-profile id 3 service-vlan 100 ssid-hide # 2. For the devices have ever connected to it, delete the SSID on the device. Are you sure to display some information?(y/n)[y]:y ------------------------------------------------------------------------------ User name : 0cd7-465c-d661 Domain name : tpmpad User MAC : 0cd7-465c-d661 User access type : MAC User access interface : Wlan-Dbss221:190 Qinq vlan/User vlan : 0/221 User IP address : - User ID : 3191 User login time : 2018/10/10 10:48:09 User online fail reason : Authenticate fail Authen reply message : - |
After enable MAC address-prioritized Portal authentication, some user cannot reconnect after lock and unlock screen.
Created: Dec 29, 2018 02:56:24Latest reply: Dec 20, 2021 13:57:51
589
7
6
0
1
- x
- convention:
- Emotion(0)
|
|
|
|
|
|
|
|
|
Comment
Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
- Politically sensitive content
- Content concerning pornography, gambling, and drug abuse
- Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
