Print

某局点WBC560 结合绿洲做portal认证,页面出不来的经验案例

2019-10-19发表

组网及说明

问题描述

现场结合绿洲做portal认证,用的本地转发,终端能获取到地址,但是弹不出portal认证界面

过程分析

1、绿洲认证问题,首先需要检查设备侧和绿洲平台的配置

(1) 配置认证域  

       domain XXX

      authentication portal none

      authorization portal none

      accounting portal none

(2) 配置云端Portal认证功能  

wlan service-template XXX

 ssid XXX

 vlan 160

 client forwarding-location ap vlan 160

 portal enable method direct

 portal domain cloud

 portal bas-ip X.X.X.1

 portal apply web-server XXX

 portal temp-pass period 20 enable

 service-template enable

portal web-server XXX

 url http://X.X.X.54/portal/protocol

 captive-bypass ios optimize enable

 server-type oauth

 if-match user-agent CaptiveNetworkSupport redirect-url http://X.X.X.54/generate_404

 if-match user-agent Dalvik/2.1.0(Linux;U;Android7.0;HUAWEI redirect-url http://X.X.X.54/generate_404

 if-match original-url http://10.168.168.168 temp-pass

 if-match original-url http://captive.apple.com user-agent Mozilla temp-pass redirect-url http://X.X.X.54/portal/protocol

 if-match original-url http://www.apple.com user-agent Mozilla temp-pass redirect-url http://X.X.2.54/portal/protocol

portal local-web-server http

 ip http enable

 ip https enable

portal host-check enable

 portal user log enable

 portal free-rule 1 destination ip 114.114.114.114 255.255.255.255

 portal free-rule 2 destination ip any udp 53

 portal free-rule 3 destination ip any tcp 53

 portal free-rule 4 destination ip any tcp 5223

 portal free-rule 5 destination wbc.h3c.com

 portal safe-redirect enable

 portal safe-redirect method get post

 portal safe-redirect user-agent Android

 portal safe-redirect user-agent CaptiveNetworkSupport

 portal safe-redirect user-agent MicroMessenger

 portal safe-redirect user-agent Mozilla

 portal safe-redirect user-agent WeChat

 portal safe-redirect user-agent iPhone

 portal safe-redirect user-agent micromessenger

2、设备配置和绿洲侧配置确认无误(绿洲平台配置参考官网WBC560多业务无线控制器本地化绿洲配置指导即可   

3、后续找二线分析确认,是终端 解析不出来 cloud.h3c.com  导致





解决方法

1、需要AC上开启dns proxy enable

2、在设备dhcp server 配置里需要加上 dns-list (AC的 ip),并将终端的dns server设置为AC 的ip