此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。
思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。
网络移动服务协议(NMSP)管理移动服务引擎(MSE)和无线局域网控制器(WLC)之间的通信。
NMSP是一种双向协议,可通过面向连接或无连接传输运行。情景感知交换机可以使用NMSP与一个或多个MSE通信。NMSP基于MSE和访问控制器之间的请求和响应的双向系统。现在,让我们看看如何启用MSE和WLC之间的此通信。
此处,我们已使用3850(基于IOS的WLC)和MSE进行此帖子。
在3850和MSE之间建立NMSP隧道时遇到的问题。
MSE:虚拟MSE 8.0.110(MR1)
WLC:3850 3.3.5SE
Prime基础设施(PI):2.2.1
由于NMSP在SSL(安全套接字层)上工作,因此您必须在WLC上配置MSE凭证。MSE使用其MAC地址和密钥哈希,因此WLC应了解这两个参数。您可以通过MSE CLI获取此详细信息,如下所示
[root@robin ~]# cmdshell
cmd> show server-auth-info
调用命令:com.aes.server.cli.CmdGetServerAuthInfo
AesLog队列高标记:50000
AesLog队列低标记:500
—
服务器身份验证信息
—
MAC 地址:00:50:56:9c:34:89
SHA1密钥哈希:e0ffbe2e2abeed5a2f975f059da6a1bf2bfa0
SHA2密钥哈希:6ab919e20afc103d025aaf210c2a9dda151af9403ef52e80a35ae1ecb6d3c177
证书类型:SSC
现在在融合接入(5760/3850/3650)平台上配置NMSP设置。
本例中我们使用了3850。我们必须将MSE MAC地址配置为用户名,将密钥哈希配置为密码。注意:在我的3850上运行的版本是3.3.5 SE,SHA2加密在IOS-XE中使用。
3850c(config)#username 0050569c3489 aaa属性列表NMSP
3850c(config)#aaa attribute list NMSP
3850c(config)#属性类型密码6ab919e20afc103d025aaf210c2a9dda151af9403ef52e80a35ae1ecb6d3c177
3850c(config)#aaa authorization credential-download wcm_loc_serv_cert local
在您的Prime基础设施中,点击:服务>移动服务>同步服务
选择3850并点击“更改MSE分配”按钮。
然后,您需要选择要在WLC(3850)和MSE之间同步的适当MSE和服务。
完成同步服务后,您可以从WLC、MSE或PI GUI验证它。
对于MSE v8.0或更高版本,请转至:(https://<MSE_IP>/mseui/)
如果NMSP仍处于非活动状态:
1)检查密钥哈希,如果不匹配,请手动输入哈希,如上所示
2)MSE和WLC之间应存在NTP时间同步
哈希密钥验证失败:
3850c#set trace nmsp connection level debug
3850c#show trace messages nmsp
[06/03/15 22:28:10.762 UTC a27 10241]已分配新的NMSP连接0
[06/03/15 22:28:10.762 UTC a28 10241] sslConnectionInit:SSL_new()conn ssl b3f8a8d0
[06/03/15 22:28:10.762 UTC a29 10241] sslConnectionInit:conn ssl b3f8a8d0的SSL_do_handshake, conn state:INIT,SSL状态:握手
[06/03/15 22:28:10.762 UTC a2a 10241] SSL状态= 0x6000;其中= 0x10;ret = 0x1
[06/03/15 22:28:10.762 UTC a2b 10241] ret_type_string=unknown
[06/03/15 22:28:10.762 UTC a2c 10241] ret_desc_string=unknown
[06/03/15 22:28:10.762 UTC a2d 10241] SSL_state_string=before/accept初始化
[06/03/15 22:28:10.762 UTC a2e 10241] SSL状态= 0x6000;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.762 UTC a2f 10241] ret_type_string=unknown
[06/03/15 22:28:10.762 UTC a30 10241] ret_desc_string=unknown
[06/03/15 22:28:10.762 UTC a31 10241] SSL_state_string=before/accept初始化
[06/03/15 22:28:10.762 UTC a32 10241] SSL状态= 0x2111;其中= 0x2002;ret = 0xffffffff
[06/03/15 22:28:10.762 UTC a33 10241] ret_type_string=unknown
[06/03/15 22:28:10.762 UTC a34 10241] ret_desc_string=unknown
[06/03/15 22:28:10.762 UTC a35 10241] SSL_state_string=SSLv3读取客户端hello B
— 更多 — ?????????????????????[06/03/15 22:28:10.762 UTC a36 10241] — 返回连接ssl b3f8a8d0的WANT_READ
[06/03/15 22:28:10.762 UTC a37 10241] sslConnectionInit()成功,连接状态为:INIT,SSL状态:握手
[06/03/15 22:28:10.768 UTC a38 10241] doSSLRecvLoop:连接0的握手尚未完成
[06/03/15 22:28:10.768 UTC a39 10241] sslConnectionInit:conn ssl b3f8a8d0的SSL_do_handshake, conn state:INIT,SSL状态:握手
[06/03/15 22:28:10.768 UTC a3a 10241] SSL状态= 0x2111;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a3b 10241] ret_type_string=unknown
[06/03/15 22:28:10.768 UTC a3c 10241] ret_desc_string=unknown
[06/03/15 22:28:10.768 UTC a3d 10241] SSL_state_string=SSLv3读取客户端Hello B
[06/03/15 22:28:10.768 UTC a3e 10241] SSL状态= 0x2130;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a3f 10241] ret_type_string=unknown
[06/03/15 22:28:10.768 UTC a40 10241] ret_desc_string=unknown
[06/03/15 22:28:10.768 UTC a41 10241] SSL_state_string=SSLv3写服务器hello A
[06/03/15 22:28:10.768 UTC a42 10241] SSL状态= 0x2140;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a43 10241] ret_type_string=unknown
[06/03/15 22:28:10.768 UTC a44 10241] ret_desc_string=unknown
[06/03/15 22:28:10.768 UTC a45 10241] SSL_state_string=SSLv3写证书A
— 更多 — ?????????????????????[06/03/15 22:28:10.768 UTC a46 10241] SSL状态= 0x2160;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a47 10241] ret_type_string=unknown
[06/03/15 22:28:10.768 UTC a48 10241] ret_desc_string=unknown
[06/03/15 22:28:10.768 UTC a49 10241] SSL_state_string=SSLv3写证书请求A
[06/03/15 22:28:10.768 UTC a4a 10241] SSL状态= 0x2100;其中= 0x2001;ret = 0x1
[06/03/15 22:28:10.768 UTC a4b 10241] ret_type_string=unknown
[06/03/15 22:28:10.768 UTC a4c 10241] ret_desc_string=unknown
[06/03/15 22:28:10.768 UTC a4d 10241] SSL_state_string=SSLv3刷新数据
[06/03/15 22:28:10.768 UTC a4e 10241] SSL状态= 0x2180;其中= 0x2002;ret = 0xffffffff
[06/03/15 22:28:10.768 UTC a4f 10241] ret_type_string=unknown
[06/03/15 22:28:10.768 UTC a50 10241] ret_desc_string=unknown
[06/03/15 22:28:10.768 UTC a51 10241] SSL_state_string=SSLv3读取客户端证书A
[06/03/15 22:28:10.768 UTC a52 10241] — 返回conn ssl b3f8a8d0的WANT_READ
[06/03/15 22:28:11.068 UTC a53 10241] doSSLRecvLoop:连接0的握手尚未完成
[06/03/15 22:28:11.068 UTC a54 10241] sslConnectionInit:conn ssl b3f8a8d0的SSL_do_handshake, conn state:INIT,SSL状态:握手
[06/03/15 22:28:11.069 UTC a55 10241]对等证书验证已完成,用于conn ssl b3f8a8d0, calling authlist。
— 更多 — ????????????????????[06/03/15 22:28:11.070 UTC a56 10241]连接ssl b3f8a8d0的Authlist身份验证失败
[06/03/15 22:28:12.070 UTC a57 10241]对等体未根据授权列表进行验证
[06/03/15 22:28:12.070 UTC a58 10241] SSL状态= 0x2182;其中= 0x4008;ret = 0x22e
[06/03/15 22:28:12.070 UTC a59 10241] ret_type_string=fatal
[06/03/15 22:28:12.070 UTC a5a 10241] ret_desc_string=certificate unknown
[06/03/15 22:28:12.070 UTC a5b 10241] SSL_state_string=SSLv3读取客户端证书C
[06/03/15 22:28:12.070 UTC a5c 10241] SSL状态= 0x2182;其中= 0x2002;ret = 0xffffffff
[06/03/15 22:28:12.070 UTC a5d 10241] ret_type_string=unknown
[06/03/15 22:28:12.070 UTC a5e 10241] ret_desc_string=unknown
[06/03/15 22:28:12.070 UTC a5f 10241] SSL_state_string=SSLv3读取客户端证书C
[06/03/15 22:28:12.070 UTC a60 10241] — conn ssl b3f8a8d0的握手失败,ssl_err 1错误=错误:140890B2:SSL例程:SSL3_GET_CLIENT_CERTIFICATE:未返回证书
[06/03/15 22:28:12.070 UTC a61 10241]释放Nmsp conn ssl b3f8a8d0, conn id 0
[06/06/15 17:47:53.600 UTC 4f2 10205]将NMSP_APP_MEAS_NOTIFY_MSG发送到LocServer 0
[06/06/15 17:56:34.305 UTC 4f3 10205]已分配新的NMSP连接0
— 更多 — ????????????????????[06/06/15 17:56:34.306 UTC 4f4 10205] sslConnectionInit:SSL_new()conn ssl 590a6048
[06/06/15 17:56:34.306 UTC 4f5 10205] sslConnectionInit:conn ssl 590a6048的SSL_do_handshake, conn state:INIT,SSL状态:握手
[06/06/15 17:56:34.306 UTC 4f6 10205] SSL状态= 0x6000;其中= 0x10;ret = 0x1
[06/06/15 17:56:34.306 UTC 4f7 10205] ret_type_string=unknown
[06/06/15 17:56:34.306 UTC 4f8 10205] ret_desc_string=unknown
[06/06/15 17:56:34.307 UTC 4f9 10205] SSL_state_string=before/accept初始化
[06/06/15 17:56:34.307 UTC 4fa 10205] SSL状态= 0x6000;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.307 UTC 4fb 10205] ret_type_string=unknown
[06/06/15 17:56:34.307 UTC 4fc 10205] ret_desc_string=unknown
[06/06/15 17:56:34.307 UTC 4fd 10205] SSL_state_string=before/accept初始化
[06/06/15 17:56:34.307 UTC 4fe 10205] SSL状态= 0x2111;其中= 0x2002;ret = 0xffffffff
[06/06/15 17:56:34.307 UTC 4ff 10205] ret_type_string=unknown
[06/06/15 17:56:34.307 UTC 500 10205] ret_desc_string=unknown
[06/06/15 17:56:34.307 UTC 501 10205] SSL_state_string=SSLv3读取客户端Hello B
[06/06/15 17:56:34.307 UTC 502 10205] — 返回连接ssl 590a6048的WANT_READ
[06/06/15 17:56:34.307 UTC 503 10205] sslConnectionInit()成功,连接状态为:INIT,SSL状态:握手
— 更多 — ?????????????????????[06/06/15 17:56:34.309 UTC 504 10205] doSSLRecvLoop:连接0的握手尚未完成
[06/06/15 17:56:34.309 UTC 505 10205] sslConnectionInit:conn ssl 590a6048的SSL_do_handshake, conn state:INIT,SSL状态:握手
[06/06/15 17:56:34.309 UTC 506 10205] SSL状态= 0x2111;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.309 UTC 507 10205] ret_type_string=unknown
[06/06/15 17:56:34.309 UTC 508 10205] ret_desc_string=unknown
[06/06/15 17:56:34.309 UTC 509 10205] SSL_state_string=SSLv3读取客户端Hello B
[06/06/15 17:56:34.309 UTC 50a 10205] SSL状态= 0x2130;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.309 UTC 50b 10205] ret_type_string=unknown
[06/06/15 17:56:34.309 UTC 50c 10205] ret_desc_string=unknown
[06/06/15 17:56:34.309 UTC 50d 10205] SSL_state_string=SSLv3写服务器hello A
[06/06/15 17:56:34.310 UTC 50e 10205] SSL状态= 0x2140;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.310 UTC 50f 10205] ret_type_string=unknown
[06/06/15 17:56:34.310 UTC 510 10205] ret_desc_string=unknown
[06/06/15 17:56:34.310 UTC 511 10205] SSL_state_string=SSLv3写证书A
[06/06/15 17:56:34.310 UTC 512 10205] SSL状态= 0x2160;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.310 UTC 513 10205] ret_type_string=unknown
— 更多 — ?????????????????????[06/06/15 17:56:34.310 UTC 514 10205] ret_desc_string=unknown
[06/06/15 17:56:34.310 UTC 515 10205] SSL_state_string=SSLv3写证书请求A
[06/06/15 17:56:34.310 UTC 516 10205] SSL状态= 0x2100;其中= 0x2001;ret = 0x1
[06/06/15 17:56:34.310 UTC 517 10205] ret_type_string=unknown
[06/06/15 17:56:34.310 UTC 518 10205] ret_desc_string=unknown
[06/06/15 17:56:34.310 UTC 519 10205] SSL_state_string=SSLv3刷新数据
[06/06/15 17:56:34.310 UTC 51a 10205] SSL状态= 0x2180;其中= 0x2002;ret = 0xffffffff
[06/06/15 17:56:34.310 UTC 51b 10205] ret_type_string=unknown
[06/06/15 17:56:34.310 UTC 51c 10205] ret_desc_string=unknown
[06/06/15 17:56:34.310 UTC 51d 10205] SSL_state_string=SSLv3读取客户端证书A
[06/06/15 17:56:34.310 UTC 51e 10205] — 返回连接ssl 590a6048的WANT_READ
[06/06/15 17:56:34.610 UTC 51f 10205] doSSLRecvLoop:连接0的握手尚未完成
[06/06/15 17:56:34.610 UTC 520 10205] sslConnectionInit:conn ssl 590a6048的SSL_do_handshake, conn state:INIT,SSL状态:握手
[06/06/15 17:56:34.616 UTC 521 10205]对等证书验证已完成,用于conn ssl 590a6048,主叫authlist..
[06/06/15 17:56:34.622 UTC 522 10205]连接ssl 590a6048的身份验证成功
??????????????????[06/06/15 17:56:35.616 UTC 523 10205]对等体已根据授权列表进行验证
[06/06/15 17:56:35.616 UTC 524 10205] SSL状态= 0x2180;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.616 UTC 525 10205] ret_type_string=unknown
[06/06/15 17:56:35.616 UTC 526 10205] ret_desc_string=unknown
[06/06/15 17:56:35.616 UTC 527 10205] SSL_state_string=SSLv3读取客户端证书A
[06/06/15 17:56:35.633 UTC 528 10205] SSL状态= 0x2190;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.633 UTC 529 10205] ret_type_string=unknown
[06/06/15 17:56:35.633 UTC 52a 10205] ret_desc_string=unknown
[06/06/15 17:56:35.633 UTC 52b 10205] SSL_state_string=SSLv3读取客户端密钥交换A
[06/06/15 17:56:35.635 UTC 52c 10205] SSL状态= 0x21a0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 52d 10205] ret_type_string=unknown
[06/06/15 17:56:35.636 UTC 52e 10205] ret_desc_string=unknown
[06/06/15 17:56:35.636 UTC 52f 10205] SSL_state_string=SSLv3读取证书验证A
[06/06/15 17:56:35.636 UTC 530 10205] SSL状态= 0x21c0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 531 10205] ret_type_string=unknown
[06/06/15 17:56:35.636 UTC 532 10205] ret_desc_string=unknown
— 更多 — ????????????????????[06/06/15 17:56:35.636 UTC 533 10205] SSL_state_string=SSLv3读取完成A
[06/06/15 17:56:35.636 UTC 534 10205] SSL状态= 0x21d0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 535 10205] ret_type_string=unknown
[06/06/15 17:56:35.636 UTC 536 10205] ret_desc_string=unknown
[06/06/15 17:56:35.636 UTC 537 10205] SSL_state_string=SSLv3写更改密码规范A
[06/06/15 17:56:35.636 UTC 538 10205] SSL状态= 0x21e0;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.636 UTC 539 10205] ret_type_string=unknown
[06/06/15 17:56:35.636 UTC 53a 10205] ret_desc_string=unknown
[06/06/15 17:56:35.636 UTC 53b 10205] SSL_state_string=SSLv3写入完成A
[06/06/15 17:56:35.637 UTC 53c 10205] SSL状态= 0x2100;其中= 0x2001;ret = 0x1
[06/06/15 17:56:35.637 UTC 53d 10205] ret_type_string=unknown
[06/06/15 17:56:35.637 UTC 53e 10205] ret_desc_string=unknown
[06/06/15 17:56:35.637 UTC 53f 10205] SSL_state_string=SSLv3刷新数据
[06/06/15 17:56:35.637 UTC 540 10205] SSL状态= 0x3;其中= 0x20;ret = 0x1
[06/06/15 17:56:35.637 UTC 541 10205] ret_type_string=unknown
[06/06/15 17:56:35.637 UTC 542 10205] ret_desc_string=unknown
[06/06/15 17:56:35.637 UTC 543 10205] SSL_state_string=SSL协商成功完成
[06/06/15 17:56:35.637 UTC 544 10205] SSL状态= 0x3;其中= 0x2002;ret = 0x1
— 更多 — ????????????????????[06/06/15 17:56:35.637 UTC 545 10205] ret_type_string=unknown
[06/06/15 17:56:35.637 UTC 546 10205] ret_desc_string=unknown
[06/06/15 17:56:35.637 UTC 547 10205] SSL_state_string=SSL协商成功完成
[06/06/15 17:56:35.637 UTC 548 10205] SSL_do_handshake()成功用于conn ssl 590a6048
[06/06/15 17:56:35.637 UTC 549 10205] NMSP连接成功!用于conn 0