排除MSE和融合接入(5760/3850/3650/4500s8e)上的NMSP問題
簡介
網路行動服務通訊協定(NMSP)管理行動服務引擎(MSE)和無線區域網路控制器(WLC)之間的通訊。
NMSP是一種雙向協定,可以通過面向連線的傳輸或無連線的傳輸運行。情景感知交換機可以使用NMSP與一個或多個媒體服務平台進行通訊。NMSP基於MSE和訪問控制器之間的雙向請求和響應系統。現在讓我們看看如何啟用MSE和WLC之間的此通訊。
在此我們已經使用3850(基於IOS的WLC)和MSE執行此帖子。
問題:
在3850和MSE之間建立NMSP隧道的問題。
使用的裝置:
MSE:虛擬MSE 8.0.110(MR1)
WLC:3850 3.3.5SE
Prime基礎架構(PI):2.2.1
由於NMSP通過SSL(安全套接字層)工作,您必須在WLC上配置MSE憑據。MSE使用其MAC位址和金鑰雜湊,因此WLC應知道這兩個引數。您可以通過MSE CLI獲取此詳細資訊,如下所示
[root@robin ~]# cmdshell
cmd> show server-auth-info
invoke命令:com.aes.server.cli.CmdGetServerAuthInfo
AesLog隊列高標籤:50000
AesLog隊列低標籤:500
----------------
伺服器身份驗證資訊
----------------
MAC 地址:00:50:56:9c:34:89
SHA1金鑰雜湊:e0afbe2e2abeed5a2f9ffc75f059da6a1bf2bfa0
SHA2金鑰雜湊:6ab919e20afc103d025aaf210c2a9dda151af9403ef52e80a35ae1ecb6d3c177
證書型別:SSC
現在在融合接入(5760/3850/3650)平台上配置NMSP設定。
本例中使用的是3850。我們必須將MSE MAC地址配置為使用者名稱,將金鑰雜湊配置為密碼。附註:我的3850上運行的版本是3.3.5 SE & SHA2加密,用於IOS-XE。
使用的命令:
3850c(config)#username 0050569c3489 aaa屬性清單NMSP
3850c(config)#aaa屬性清單NMSP
3850c(config)#attribute type password 6ab919e20afc103d025aaf210c2a9dda151af9403ef52e80a35ae1ecb6d3c177
3850c(config)#aaa authorization credential-download wcm_loc_serv_cert local
在Prime基礎設施中,按一下:服務>移動服務>同步服務
選擇3850並按一下「更改MSE分配」按鈕。
接下來,您需要選擇要在WLC(3850)和MSE之間同步的適當MSE和服務。
驗證:
完成同步服務後,您可以從WLC、MSE或PI GUI進行驗證。
通過3850 CLI:
通過MSE GUI
對於MSE v8.0或更高版本,請訪問:(https://<MSE_IP>/mseui/)
疑難排解:
如果NMSP仍然處於非活動狀態:
1)檢查金鑰雜湊,如果不匹配,則手動輸入雜湊,如上所示
2)MSE和WLC之間應該存在NTP時間同步
調試:
故障場景:
雜湊金鑰驗證失敗:
3850c#set trace nmsp connection level debug
3850c#show trace messages nmsp
[06/03/15 22:28:10.762 UTC a27 10241]已分配的新NMSP連線0
[06/03/15 22:28:10.762 UTC a28 10241] sslConnectionInit:SSL_new()連線ssl b3f8a8d0
[06/03/15 22:28:10.762 UTC a29 10241] sslConnectionInit:SSL_do_handshake for conn ssl b3f8a8d0, conn state:INIT, SSL狀態:握手
[06/03/15 22:28:10.762 UTC a2a 10241] SSL狀態= 0x6000;其中= 0x10;ret = 0x1
[06/03/15 22:28:10.762 UTC a2b 10241] ret_type_string=未知
[06/03/15 22:28:10.762 UTC a2c 10241] ret_desc_string=未知
[06/03/15 22:28:10.762 UTC a2d 10241] SSL_state_string=before/accept初始化
[06/03/15 22:28:10.762 UTC a2e 10241] SSL狀態= 0x6000;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.762 UTC a2f 10241] ret_type_string=未知
[06/03/15 22:28:10.762 UTC a30 10241] ret_desc_string=未知
[06/03/15 22:28:10.762 UTC a31 10241] SSL_state_string=before/accept初始化
[06/03/15 22:28:10.762 UTC a32 10241] SSL狀態= 0x2111;其中= 0x2002;ret = 0xffffffff
[06/03/15 22:28:10.762 UTC a33 10241] ret_type_string=未知
[06/03/15 22:28:10.762 UTC a34 10241] ret_desc_string=未知
[06/03/15 22:28:10.762 UTC a35 10241] SSL_state_string=SSLv3讀取客戶端hello B
— 更多 — ??????????????????[06/03/15 22:28:10.762 UTC a36 10241] — 返回conn ssl b3f8a8d0的WANT_READ
[06/03/15 22:28:10.762 UTC a37 10241] sslConnectionInit()成功且連線狀態:INIT, SSL狀態:握手
[06/03/15 22:28:10.768 UTC a38 10241] doSSLRecvLoop:聯結器0的握手尚未完成
[06/03/15 22:28:10.768 UTC a39 10241] sslConnectionInit:SSL_do_handshake for conn ssl b3f8a8d0, conn state:INIT, SSL狀態:握手
[06/03/15 22:28:10.768 UTC a3a 10241] SSL狀態= 0x2111;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a3b 10241] ret_type_string=未知
[06/03/15 22:28:10.768 UTC a3c 10241] ret_desc_string=未知
[06/03/15 22:28:10.768 UTC a3d 10241] SSL_state_string=SSLv3讀取客戶端hello B
[06/03/15 22:28:10.768 UTC a3e 10241] SSL狀態= 0x2130;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a3f 10241] ret_type_string=未知
[06/03/15 22:28:10.768 UTC a40 10241] ret_desc_string=未知
[06/03/15 22:28:10.768 UTC a41 10241] SSL_state_string=SSLv3寫入伺服器hello A
[06/03/15 22:28:10.768 UTC a42 10241] SSL狀態= 0x2140;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a43 10241] ret_type_string=未知
[06/03/15 22:28:10.768 UTC a44 10241] ret_desc_string=未知
[06/03/15 22:28:10.768 UTC a45 10241] SSL_state_string=SSLv3寫入證書A
— 更多 — ??????????????????[06/03/15 22:28:10.768 UTC a46 10241] SSL狀態= 0x2160;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a47 10241] ret_type_string=未知
[06/03/15 22:28:10.768 UTC a48 10241] ret_desc_string=未知
[06/03/15 22:28:10.768 UTC a49 10241] SSL_state_string=SSLv3寫入證書請求A
[06/03/15 22:28:10.768 UTC a4a 10241] SSL狀態= 0x2100;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a4b 10241] ret_type_string=未知
[06/03/15 22:28:10.768 UTC a4c 10241] ret_desc_string=未知
[06/03/15 22:28:10.768 UTC a4d 10241] SSL_state_string=SSLv3刷新資料
[06/03/15 22:28:10.768 UTC a4e 10241] SSL狀態= 0x2180;其中= 0x2002;ret = 0xffffffff
[06/03/15 22:28:10.768 UTC a4f 10241] ret_type_string=未知
[06/03/15 22:28:10.768 UTC a50 10241] ret_desc_string=未知
[06/03/15 22:28:10.768 UTC a51 10241] SSL_state_string=SSLv3讀取客戶端證書A
[06/03/15 22:28:10.768 UTC a52 10241] — 返回conn ssl b3f8a8d0的WANT_READ
[06/03/15 22:28:11.068 UTC a53 10241] doSSLRecvLoop:聯結器0的握手尚未完成
[06/03/15 22:28:11.068 UTC a54 10241] sslConnectionInit:SSL_do_handshake for conn ssl b3f8a8d0, conn state:INIT, SSL狀態:握手
[06/03/15 22:28:11.069 UTC a55 10241]用於連線ssl b3f8a8d0、呼叫授權清單的對等證書驗證完成。
— 更多 — ??????????????????[06/03/15 22:28:11.070 UTC a56 10241] conn ssl b3f8a8d0的身份驗證失敗
[06/03/15 22:28:12.070 UTC a57 10241]對等點未通過身份驗證清單驗證
[06/03/15 22:28:12.070 UTC a58 10241] SSL狀態= 0x2182;其中= 0x4008;ret = 0x22e
[06/03/15 22:28:12.070 UTC a59 10241] ret_type_string=fatal
[06/03/15 22:28:12.070 UTC a5a 10241] ret_desc_string=證書未知
[06/03/15 22:28:12.070 UTC a5b 10241] SSL_state_string=SSLv3讀取客戶端證書C
[06/03/15 22:28:12.070 UTC a5c 10241] SSL狀態= 0x2182;其中= 0x2002;ret = 0xffffffff
[06/03/15 22:28:12.070 UTC a5d 10241] ret_type_string=未知
[06/03/15 22:28:12.070 UTC a5e 10241] ret_desc_string=未知
[06/03/15 22:28:12.070 UTC a5f 10241] SSL_state_string=SSLv3讀取客戶端證書C
[06/03/15 22:28:12.070 UTC a60 10241] — conn ssl b3f8a8d0握手失敗,ssl_err 1錯誤=錯誤:140890B2:SSL常式:SSL3_GET_CLIENT_CERTIFICATE:未返回證書
[06/03/15 22:28:12.070 UTC a61 10241]釋放Nmsp conn ssl b3f8a8d0,conn id 0
成功案例:
[06/06/15 17:47:53.600 UTC 4f2 10205]將NMSP_APP_MEAS_NOTIFY_MSG傳送到LocServer 0
[06/06/15 17:56:34.305 UTC 4f3 10205]已分配的新NMSP連線0
— 更多 — ??????????????????[06/06/15 17:56:34.306 UTC 4f4 10205] sslConnectionInit:SSL_new()連線ssl 590a6048
[06/06/15 17:56:34.306 UTC 4f5 10205] sslConnectionInit:SSL_do_handshake for conn ssl 590a6048, conn state:INIT, SSL狀態:握手
[06/06/15 17:56:34.306 UTC 4f6 10205] SSL狀態= 0x6000;其中= 0x10;ret = 0x1
[06/06/15 17:56:34.306 UTC 4f7 10205] ret_type_string=未知
[06/06/15 17:56:34.306 UTC 4f8 10205] ret_desc_string=未知
[06/06/15 17:56:34.307 UTC 4f9 10205] SSL_state_string=before/accept初始化
[06/06/15 17:56:34.307 UTC 4fa 10205] SSL狀態= 0x6000;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.307 UTC 4fb 10205] ret_type_string=未知
[06/06/15 17:56:34.307 UTC 4fc 10205] ret_desc_string=未知
[06/06/15 17:56:34.307 UTC 4fd 10205] SSL_state_string=before/accept初始化
[06/06/15 17:56:34.307 UTC 4fe 10205] SSL狀態= 0x2111;其中= 0x2002;ret = 0xffffffff
[06/06/15 17:56:34.307 UTC 4ff 10205] ret_type_string=未知
[06/06/15 17:56:34.307 UTC 500 10205] ret_desc_string=未知
[06/06/15 17:56:34.307 UTC 501 10205] SSL_state_string=SSLv3讀取客戶端hello B
[06/06/15 17:56:34.307 UTC 502 10205] — 返回conn ssl 590a6048的WANT_READ
[06/06/15 17:56:34.307 UTC 503 10205] sslConnectionInit()成功且連線狀態:INIT, SSL狀態:握手
— 更多 — ??????????????????[06/06/15 17:56:34.309 UTC 504 10205] doSSLRecvLoop:聯結器0的握手尚未完成
[06/06/15 17:56:34.309 UTC 505 10205] sslConnectionInit:SSL_do_handshake for conn ssl 590a6048, conn state:INIT, SSL狀態:握手
[06/06/15 17:56:34.309 UTC 506 10205] SSL狀態= 0x2111;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.309 UTC 507 10205] ret_type_string=未知
[06/06/15 17:56:34.309 UTC 508 10205] ret_desc_string=未知
[06/06/15 17:56:34.309 UTC 509 10205] SSL_state_string=SSLv3讀取客戶端hello B
[06/06/15 17:56:34.309 UTC 50a 10205] SSL狀態= 0x2130;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.309 UTC 50b 10205] ret_type_string=未知
[06/06/15 17:56:34.309 UTC 50c 10205] ret_desc_string=未知
[06/06/15 17:56:34.309 UTC 50d 10205] SSL_state_string=SSLv3寫入伺服器hello A
[06/06/15 17:56:34.310 UTC 50e 10205] SSL狀態= 0x2140;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.310 UTC 50f 10205] ret_type_string=未知
[06/06/15 17:56:34.310 UTC 510 10205] ret_desc_string=未知
[06/06/15 17:56:34.310 UTC 511 10205] SSL_state_string=SSLv3寫入證書A
[06/06/15 17:56:34.310 UTC 512 10205] SSL狀態= 0x2160;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.310 UTC 513 10205] ret_type_string=未知
— 更多 — ??????????????????[06/06/15 17:56:34.310 UTC 514 10205] ret_desc_string=未知
[06/06/15 17:56:34.310 UTC 515 10205] SSL_state_string=SSLv3寫入證書請求A
[06/06/15 17:56:34.310 UTC 516 10205] SSL狀態= 0x2100;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.310 UTC 517 10205] ret_type_string=未知
[06/06/15 17:56:34.310 UTC 518 10205] ret_desc_string=未知
[06/06/15 17:56:34.310 UTC 519 10205] SSL_state_string=SSLv3刷新資料
[06/06/15 17:56:34.310 UTC 51a 10205] SSL狀態= 0x2180;其中= 0x2002;ret = 0xffffffff
[06/06/15 17:56:34.310 UTC 51b 10205] ret_type_string=未知
[06/06/15 17:56:34.310 UTC 51c 10205] ret_desc_string=未知
[06/06/15 17:56:34.310 UTC 51d 10205] SSL_state_string=SSLv3讀取客戶端證書A
[06/06/15 17:56:34.310 UTC 51e 10205] — 返回conn ssl 590a6048的WANT_READ
[06/06/15 17:56:34.610 UTC 51f 10205] doSSLRecvLoop:聯結器0的握手尚未完成
[06/06/15 17:56:34.610 UTC 520 10205] sslConnectionInit:SSL_do_handshake for conn ssl 590a6048, conn state:INIT, SSL狀態:握手
[06/06/15 17:56:34.616 UTC 521 10205]對連線ssl 590a6048、呼叫授權清單的對等證書驗證完成。
[06/06/15 17:56:34.622 UTC 522 10205]針對連線ssl 590a6048的身份驗證成功
??????????????????[06/06/15 17:56:35.616 UTC 523 10205]對等體已根據身份驗證清單驗證
[06/06/15 17:56:35.616 UTC 524 10205] SSL狀態= 0x2180;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.616 UTC 525 10205] ret_type_string=未知
[06/06/15 17:56:35.616 UTC 526 10205] ret_desc_string=未知
[06/06/15 17:56:35.616 UTC 527 10205] SSL_state_string=SSLv3讀取客戶端證書A
[06/06/15 17:56:35.633 UTC 528 10205] SSL狀態= 0x2190;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.633 UTC 529 10205] ret_type_string=未知
[06/06/15 17:56:35.633 UTC 52a 10205] ret_desc_string=未知
[06/06/15 17:56:35.633 UTC 52b 10205] SSL_state_string=SSLv3讀取客戶端金鑰交換A
[06/06/15 17:56:35.635 UTC 52c 10205] SSL狀態= 0x21a0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 52d 10205] ret_type_string=未知
[06/06/15 17:56:35.636 UTC 52e 10205] ret_desc_string=未知
[06/06/15 17:56:35.636 UTC 52f 10205] SSL_state_string=SSLv3讀取證書驗證
[06/06/15 17:56:35.636 UTC 530 10205] SSL狀態= 0x21c0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 531 10205] ret_type_string=未知
[06/06/15 17:56:35.636 UTC 532 10205] ret_desc_string=未知
— 更多 — ??????????????????[06/06/15 17:56:35.636 UTC 533 10205] SSL_state_string=SSLv3 read completed A
[06/06/15 17:56:35.636 UTC 534 10205] SSL狀態= 0x21d0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 535 10205] ret_type_string=未知
[06/06/15 17:56:35.636 UTC 536 10205] ret_desc_string=未知
[06/06/15 17:56:35.636 UTC 537 10205] SSL_state_string=SSLv3寫更改密碼規範A
[06/06/15 17:56:35.636 UTC 538 10205] SSL狀態= 0x21e0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 539 10205] ret_type_string=未知
[06/06/15 17:56:35.636 UTC 53a 10205] ret_desc_string=未知
[06/06/15 17:56:35.636 UTC 53b 10205] SSL_state_string=SSLv3 write completed A
[06/06/15 17:56:35.637 UTC 53c 10205] SSL狀態= 0x2100;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.637 UTC 53d 10205] ret_type_string=未知
[06/06/15 17:56:35.637 UTC 53e 10205] ret_desc_string=未知
[06/06/15 17:56:35.637 UTC 53f 10205] SSL_state_string=SSLv3刷新資料
[06/06/15 17:56:35.637 UTC 540 10205] SSL狀態= 0x3;其中= 0x20;ret = 0x1
[06/06/15 17:56:35.637 UTC 541 10205] ret_type_string=未知
[06/06/15 17:56:35.637 UTC 542 10205] ret_desc_string=未知
[06/06/15 17:56:35.637 UTC 543 10205] SSL_state_string=SSL協商成功完成
[06/06/15 17:56:35.637 UTC 544 10205] SSL狀態= 0x3;其中= 0x2002;ret = 0x1
— 更多 — ??????????????????[06/06/15 17:56:35.637 UTC 545 10205] ret_type_string=unknown
[06/06/15 17:56:35.637 UTC 546 10205] ret_desc_string=未知
[06/06/15 17:56:35.637 UTC 547 10205] SSL_state_string=SSL協商成功完成
[06/06/15 17:56:35.637 UTC 548 10205] SSL_do_handshake()成功用於conn ssl 590a6048
[06/06/15 17:56:35.637 UTC 549 10205] NMSP連線成功!對於conn 0
意見