Got it
Huawei Enterprise Support Community
Community Forums WLAN
Built-in Portal Authentic...

Built-in Portal Authentication

Latest reply: May 28, 2021 11:41:07 4823 4 0 0 0
View the author 1#

Our coustumer wants to enable Built-in Portal Authentication. We followed the KB1000047185 and KB1000061211. The devices cannot open the portal after the configuration.

Attached is the conf file.

Thanks!

[V200R005C00SPC600]

#
sysname AC1
ftp server enable
#
snmp-agent local-engineid 800007DB039C37F487E981
snmp-agent
#
http secure-server ssl-policy default_policy
http server enable
#
portal local-server ip 1.1.1.1
portal local-server https ssl-policy default_policy port 3000
#
info-center timestamp log format-date
#
vrrp recover-delay 30
#
vlan batch 118 to 121
#
stp instance 0 root primary
stp enable
#
domain sdh.gov
#
dot1x enable
dot1x authentication-method eap
#
wlan ac-global country-code BR
wlan ac-global carrier id other ac id 1
#
dhcp enable
#
dhcp server bootp
#
dhcp server database enable
#
diffserv domain default
#
radius-server template sdh_radius
radius-server shared-key cipher %@%@)\<#Q==WJ@D|-OL[7eSHeOOh%@%@
radius-server authentication 10.102.11.23 1812 weight 80
radius-server retransmit 2
undo radius-server user-name domain-included
radius-server authorization 10.102.11.23 shared-key cipher %@%@L'xBEAShe&EDGr#rt1VXM~|n%@%@ server-group sdh_radius
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
ip pool corp1
network 192.168.101.0 mask 255.255.255.0
excluded-ip-address 192.168.101.1 192.168.101.3
lease day 2 hour 2 minute 30
#
ip pool corp2
network 192.168.102.0 mask 255.255.255.0
#
ip pool corp3
network 192.168.103.0 mask 255.255.255.0
#
ip pool corp4
network 192.168.104.0 mask 255.255.255.0
#
ip pool guest1
network 192.168.105.0 mask 255.255.255.0
excluded-ip-address 192.168.105.1 192.168.105.3
#
ip pool guest2
network 192.168.106.0 mask 255.255.255.0
#
ip pool guest3
network 192.168.107.0 mask 255.255.255.0
#
ip pool guest4
network 192.168.108.0 mask 255.255.255.0
#
aaa
authentication-scheme default
authentication-scheme sdh_radius
  authentication-mode radius
authentication-scheme sdh_guest
authorization-scheme default
authorization-scheme sdh_radius
  authorization-mode if-authenticated
authorization-scheme sdh_guest
accounting-scheme default
domain default 
domain default_admin 
domain sdh.gov 
  authentication-scheme sdh_radius
  radius-server sdh_radius
local-user admin password cipher %@%@)(9#Qv{-)26DK~8<,s>+AA)W%@%@
local-user admin privilege level 15
local-user admin service-type telnet http
local-user huawei password cipher %@%@{y~,Ux;|F-`Q=sXa8gd/NE.o%@%@
local-user huawei privilege level 15
local-user huawei ftp-directory flash:/
local-user huawei service-type telnet terminal ssh ftp web http
local-user guest_adm password irreversible-cipher %@%@Z///Fv&>GE|Oaa3+TK"6MCn&Eo7`S)/pRE)+R*/skGg0Cn)M%@%@
local-user guest_adm privilege level 4
local-user guest_adm service-type web
#
interface Vlanif118
description ### Interface de Gerencia ###
ip address 192.168.100.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.100.3
admin-vrrp vrid 1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode timer delay 120
dhcp select interface
dhcp server excluded-ip-address 192.168.100.2 192.168.100.3
dhcp server excluded-ip-address 192.168.100.254
#
interface Vlanif119
description ### Interface de Visitante ###
ip address 192.168.105.1 255.255.255.0
vrrp vrid 3 virtual-ip 192.168.105.3
vrrp vrid 3 preempt-mode timer delay 120
vrrp vrid 3 track admin-vrrp interface Vlanif118 vrid 1 unflowdown
dhcp select global
#
interface Vlanif120
description ### Interface de Corporativa ###
ip address 192.168.101.1 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.101.3
vrrp vrid 2 preempt-mode timer delay 120
vrrp vrid 2 track admin-vrrp interface Vlanif118 vrid 1 unflowdown
dhcp select global
#
interface Vlanif121
description ### Interface VRRP ###
ip address 192.168.121.1 255.255.255.0
#
interface MEth0/0/1
description ### Configure o IP 192.168.254.30 255.255.255.0 no PC ###
ip address 192.168.254.20 255.255.255.0
#
interface GigabitEthernet0/0/1
description ### Conectado ao Switch Core ###
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 118 to 120
stp disable
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 121
#
interface GigabitEthernet0/0/3
description ## Interface de teste do AP ##
port link-type trunk
port trunk pvid vlan 118
port trunk allow-pass vlan 118 to 120
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface XGigabitEthernet0/0/1
#
interface XGigabitEthernet0/0/2
#
interface Wlan-Ess119
description ### Interface Logica WLAN Visitantes ###
port hybrid pvid vlan 119
port hybrid untagged vlan 119
portal local-server enable
permit-domain name sdh.gov
force-domain name sdh.gov
#
interface Wlan-Ess120
description ### Interface Logica WLAN Corporativa ###
port hybrid pvid vlan 120
port hybrid untagged vlan 120
dot1x enable
dot1x authentication-method eap
#
interface NULL0
#
interface LoopBack1
ip address 192.168.100.4 255.255.255.255
#
stelnet server enable
telnet client-source -a 172.16.10.237
#
ip route-static 0.0.0.0 0.0.0.0 192.168.100.254
#
user-interface con 0
authentication-mode password
set authentication password cipher %@%@x8X&MKgE*89v,zGi,AdN,.C;6Fq1B$09_C(#xJ2LmOd/.C>,%@%@
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
idle-timeout 0 0
protocol inbound all
user-interface vty 16 20
#
hsb-service 0
service-ip-port local-ip 192.168.121.1 peer-ip 192.168.121.2 local-data-port 10241 peer-data-port 10241
service-keep-alive detect retransmit 2 interval 1
#
hsb-group 0
track vrrp vrid 1 interface Vlanif118
bind-service 0
hsb enable
#
hsb-service-type access-user hsb-group 0
#
hsb-service-type dhcp hsb-group 0
#
hsb-service-type ap hsb-group 0
#
wlan
wlan ac source interface vlanif118
ap id 999 type-id 35 mac 9c37-f486-f220 sn 210235810910F3000022
  ap-sysname SDH_08_805D
  keep-service enable
wmm-profile name wmm-sdh id 0
traffic-profile name traffic-sdh id 0
security-profile name security-corp id 0
  security-policy wpa2
  wpa2 authentication-method dot1x encryption-method tkip-ccmp
security-profile name security-visit id 1
sta-load-balance enable
sta-load-balance mode traffic
sta-load-balance session gap 20
sta-load-balance traffic gap 30
service-set name sdh-corp id 0
  wlan-ess 120
  ssid SDH-CORPORATIVO
  traffic-profile id 0
  security-profile id 0
  service-vlan 120
  undo tunnel-forward protocol mdns
service-set name sdh-visit id 1
  wlan-ess 119
  ssid SDH-VISITANTE
  traffic-profile id 0
  security-profile id 1
  service-vlan 119
  undo tunnel-forward protocol mdns
calibrate enable schedule time 00:00:00
radio-profile name 2.4GHz id 0
  wmm-profile id 0
radio-profile name 5GHz id 1
  wmm-profile id 0
ap 999 radio 0
  radio-profile id 0
  service-set id 0 wlan 1
  service-set id 1 wlan 2
ap 999 radio 1
  radio-profile id 1
  service-set id 1 wlan 1
  service-set id 0 wlan 2
#
ntp-service source-interface Vlanif118
ntp-service unicast-server 10.102.11.2
#
return

Like (0) Dislike (0) Favorite(0) Share Report
Previous: problem in connecting the device‘s wifi with other devices
Next: AP5130DN - Antenna
(0) (0)
2#
user_2790689
Created May 13, 2015 10:11:38

Please wait,we'll answer you later.
View more
  • x
  • convention:
(0) (0)
3#
Saulo.Araujo
Created Aug 3, 2015 18:32:06

Hi, the problem was in the DNS. The wifi clients was able to reach the portal when typing an IP address in the browser. Once the DNS is configured, the clients are jumping to portal typing any address in the browser.

Thanks!
View more
  • x
  • convention:
(0) (0)
4#
br3d89
Created Sep 2, 2015 18:55:56

I have the same problem, after user connects to wifi network he gets full access without redirection
View more
  • x
  • convention:
(0) (0)
5#
LilStylz237
Created May 28, 2021 11:41:07

Thanks for the post
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.