• 全部
  • 经验案例
  • 典型配置
  • 技术公告
  • FAQ
  • 漏洞说明
  • 全部
  • 全部
  • 大数据引擎
  • 知了引擎
产品线
搜索
取消
案例类型
发布者
是否解决
是否官方
时间
搜索引擎
匹配模式
高级搜索

★ ※Experience cases of handling the problem that portal authentication does not take effect in a local forwarding network at a site

2020-12-28 Published
  • 0关注
  • 0收藏 1398浏览
周天 五段
粉丝:0人 关注:0人

Network Topology

Comware V7 platform wireless controller, wireless local forwarding enables portal authentication

Problem Description

After the wireless terminal is associated with the wireless, the portal authentication is not redirected when opening the webpage, but can go online directly, and the portal authentication does not take effect.

Process Analysis

After the wireless terminal is associated with wireless, it will not be redirected for portal authentication when opening the webpage, but can go online directly, and the portal authentication does not take effect.

1. Check the configuration, check whether the related portal configuration is normal, try to send the same portal configuration to the centralized forwarding service template, and the portal functions normally. Run the display portal user all command to check that the number of online portal users is 0.

2. Use the command display portal server to check the portal service status on the AC to be UP, indicating that the configuration is okay and the function is enabled.

3. Check the portal free-rule configuration, delete all portal free-rule rules and only retain two rules to the DNS server and to the portal server. The test found that redirection still cannot be achieved, and it can be directly connected to the external network.

4. Portal escape configuration is suspected to have been configured on AC before. All rules will be released on AP after local forwarding portal escape without portal authentication. Log in to the AP and use the display portal rule all command to view the portal rule currently issued to the AP. It is found that in addition to the DNS and IMC address permits, all source addresses to all destinations 80 and 443 are redirected, and other ports are denied. That the portal rule is okay. I also tried to restart the AP so that the AC reissued the portal rule configuration to the AP, but the problem remained.

5. It is suspected that the AP cannot communicate with the portal server or cannot resolve the portal url address to the portal server address, causing the AP to think that the server is blocked and escape, try to log in to the AP to configure the DNS address,  AP can ping DNS, and ping the portal server IP address can also be connected. Indicates that the AP resolves the portal URL address and connectivity to the portal server is OK.

6. Try to reproduce the problem and visit the web page after connecting to the wireless connection. During this process, the debug information is collected on the AC and AP, and it is found that there is no redirected debug print, indicating that the portal function does not take effect.

7. Finally, go back to check the configuration for any suspicious configuration and modify it. It is found that the business vlan ID configured under the service template is inconsistent with the vlan ID specified for local forwarding, as follows:

# wlan service-template 1 

 ssid XXX 

 vlan XX1 

 client forwarding-location ap vlan XX2 

 portal enable method direct 

 portal domain xxx 

 portal  bas-ip X.X.X.X 

 portal apply web-server portal 

 service-template enable 

#


From the above configuration, it can be seen that the actual business VLAN is XX1, and the VLAN with local forwarding enabled is XX2. The display wlan client command on the AC shows that the terminal access is all on vlan XX1. The above configuration actually takes effect:

1) The actual vlan XX1 is centralized forwarding instead of local forwarding. Only the business of vlan XX2 is local forwarding, and the service template in the AP view is not configured with a vlan ID, so the actual business vlan is the business vlan XX1 configured under the service template.

2) The portal authentication configured under the service template can only be enabled in one forwarding mode, that is, either centralized forwarding or local forwarding. The two forwarding methods cannot be enabled at the same time.

3) When the local forwarding command (client forwarding-location ap) is configured under the service template, regardless of whether the local forwarding vlan is specified or not, the portal can only be enabled under the local forwarding service.

Combining the above three elements, it finally shows that the actual business VLAN of this configuration method is centralized forwarding and the portal authentication function is not enabled.


Solution

1. Modify the local forwarding VLAN configuration to the actual business VLAN

2. Delete the local forwarding specified vlan configuration

# wlan service-template 1 

 ssid XXX 

 vlan XX1 

 client forwarding-location ap vlan XX1 or  client forwarding-location ap 

 portal enable method direct 

 portal domain xxx 

 portal  bas-ip X.X.X.X 

 portal apply web-server portal 

 service-template enable 

#

该案例对您是否有帮助:

您的评价:1

若您有关于案例的建议,请反馈:

0 comments

No comments

Add Comments:

举报

×

侵犯我的权益 >
对根叔知了社区有害的内容 >
辱骂、歧视、挑衅等(不友善)

侵犯我的权益

×

泄露了我的隐私 >
侵犯了我企业的权益 >
抄袭了我的内容 >
诽谤我 >
辱骂、歧视、挑衅等(不友善)
骚扰我

泄露了我的隐私

×

您好,当您发现根叔知了上有泄漏您隐私的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您认为哪些内容泄露了您的隐私?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)

侵犯了我企业的权益

×

您好,当您发现根叔知了上有关于您企业的造谣与诽谤、商业侵权等内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到 zhiliao@h3c.com 邮箱,我们会在审核后尽快给您答复。
  • 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
  • 3. 是哪家企业?(营业执照,单位登记证明等证件)
  • 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

抄袭了我的内容

×

原文链接或出处

诽谤我

×

您好,当您发现根叔知了上有诽谤您的内容时,您可以向根叔知了进行举报。 请您把以下内容通过邮件发送到zhiliao@h3c.com 邮箱,我们会尽快处理。
  • 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
  • 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
我们认为知名企业应该坦然接受公众讨论,对于答案中不准确的部分,我们欢迎您以正式或非正式身份在根叔知了上进行澄清。

对根叔知了社区有害的内容

×

垃圾广告信息
色情、暴力、血腥等违反法律法规的内容
政治敏感
不规范转载 >
辱骂、歧视、挑衅等(不友善)
骚扰我
诱导投票

不规范转载

×

举报说明

提出建议

    +

亲~登录后才可以操作哦!

确定

亲~检测到您登陆的账号未在http://hclhub.h3c.com进行注册

注册后可访问此模块

跳转hclhub

你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作