无
现场结合绿洲做portal认证,用的本地转发,终端能获取到地址,但是弹不出portal认证界面
1、绿洲认证问题,首先需要检查设备侧和绿洲平台的配置
(1) 配置认证域
domain XXX
authentication portal none
authorization portal none
accounting portal none
(2) 配置云端Portal认证功能
wlan service-template XXX
ssid XXX
vlan 160
client forwarding-location ap vlan 160
portal enable method direct
portal domain cloud
portal bas-ip X.X.X.1
portal apply web-server XXX
portal temp-pass period 20 enable
service-template enable
portal web-server XXX
url http://X.X.X.54/portal/protocol
captive-bypass ios optimize enable
server-type oauth
if-match user-agent CaptiveNetworkSupport redirect-url http://X.X.X.54/generate_404
if-match user-agent Dalvik/2.1.0(Linux;U;Android7.0;HUAWEI redirect-url http://X.X.X.54/generate_404
if-match original-url http://10.168.168.168 temp-pass
if-match original-url http://captive.apple.com user-agent Mozilla temp-pass redirect-url http://X.X.X.54/portal/protocol
if-match original-url http://www.apple.com user-agent Mozilla temp-pass redirect-url http://X.X.2.54/portal/protocol
portal local-web-server http
ip http enable
ip https enable
portal host-check enable
portal user log enable
portal free-rule 1 destination ip 114.114.114.114 255.255.255.255
portal free-rule 2 destination ip any udp 53
portal free-rule 3 destination ip any tcp 53
portal free-rule 4 destination ip any tcp 5223
portal free-rule 5 destination wbc.h3c.com
portal safe-redirect enable
portal safe-redirect method get post
portal safe-redirect user-agent Android
portal safe-redirect user-agent CaptiveNetworkSupport
portal safe-redirect user-agent MicroMessenger
portal safe-redirect user-agent Mozilla
portal safe-redirect user-agent WeChat
portal safe-redirect user-agent iPhone
portal safe-redirect user-agent micromessenger
2、设备配置和绿洲侧配置确认无误(绿洲平台配置参考官网WBC560多业务无线控制器本地化绿洲配置指导即可)
3、后续找二线分析确认,是终端 解析不出来 cloud.h3c.com 导致
1、需要AC上开启dns proxy enable
2、在设备dhcp server 配置里需要加上 dns-list (AC的 ip),并将终端的dns server设置为AC 的ip