Portal Authentication Fails Between Agile Controller-Campus and the ME60

Portal authentication fails to be configured for the interconnection between Agile Controller-Campus running V100R002C10SPC403 and the ME60. A message indicating that the authentication fails is displayed on the Portal page.

1. Check RADIUS logs. According to the logs, the authentication succeeds.
2. Capture information on the ME60. It is found that the Agile Controller-Campus server replies with a logout request message. The authentication failure may be caused by a fault on the server.

3. Get data  on the server. It is found that ME60 does not return Portal packets to the server. This results in Portal authentication failure.

4. Check the configuration on the ME60. It is found that the source interface for communicating with the web authentication server is set globally to loopback0, which is bound to a VPN instance.

The source interface for communicating with the web authentication server is set globally to loopback0 on the ME60, and the loopback0 interface is bound to a VPN instance. As a result, the web authentication server resides in the VPN. However, Agile Controller-Campus is not in the VPN, and thereby the ME60 fails to return a response to the web authentication server.
Usage Guidelines
When a web server is deployed in a VPN and the ME60 sends a packet to the web server, the IP address of the source interface configured using the web-auth-server source command is preferentially selected. If no source interface is configured, select the outbound interface with reachable route based on the VPN ID and destination IP address as the source IP address. If the required route is not found, select the IP address of any interface within the VPN as the source IP address.

Change the source IP address of the web-auth-server source interface to ensure that the web authentication server can communicate with Agile Controller-Campus.