Guest WIFI with self registration

wissal · Created Aug 22, 2019 17:24:23

Hi,

For Guest WIFI with self registration

Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Guests can obtain passwords through mobile phones to connect to networks quickly.

Involved Products and Versions

Product Type	Product Name	Version
RADIUS Server Portal Server	AC-Campus	V100R002C10

Networking Requirements

An enterprise has deployed an authentication system to implement access control for all the wireless users who attempt to connect to the enterprise network. Only authenticated users can connect to the enterprise network. Enterprise employees connect to the network through personal computers (PCs) and guests connect to the network through mobile phones. The administrator has created local accounts for the employees so that they can use the local accounts to pass authentication. For guest accounts, the system should satisfy the following demands:

All guests must associate with the Wi-Fi network whose SSID is guest to connect to the Internet. Other SSIDs are not allowed.
All guests can use their mobile phone number to obtain passwords to access the network. After guests send their requests to obtain passwords, passwords are sent to the guests through SMS messages.
After the authentication succeeds, the web page requested by the guest before the authentication is displayed automatically.

Data Plan

Table 3-1 Data plan

Item	Data	Description
SM + SC (RADIUS server + Portal server)	IP address: 172.18.1.1	-
SMS server	Message Sending Method GPRS modem Enable distributed SC no Serial Port ID COM1 Country Code 86 Baud Rate 115200 Test Number 13412345678	Set corresponding parameters on the GPRS modem in advance. For details, see What Should I Do Before Connecting a GPRS Modem to the AC-Campus?.
Number of the ACL for guests' post-authentication domain	3002	-
SSID of the network to which guests associate with	guest	Configure this parameter on the AC. For details, see step 4 in 2.2.2 Example for Configuring Portal Authentication (Including MAC Address-Prioritized Portal Authentication) for Wireless Users.

Configuration Roadmap

Configure the SMS server so that the system can send SMS messages properly.
Configure guest account policies. This example uses the default policy "self-registration_obtaining passwords through mobile phones_8-hour validity period".
Customize the authentication page. The authentication page is automatically displayed if an unauthenticated guest accesses the network.
Configure a Portal page push rule to push the customized authentication page to guests.
Add guest authorization results and authorization rules to assign access rights to guests after they are successfully authenticated.

Prerequisites

Portal authentication configurations have been completed on the AC/switch and the AC-Campus. For details, see configuration examples about Portal.

Procedure

Enter https://172.18.1.1:8443 in the address box of a web browser to log in to the Service Manager.
Configure the SMS server so that the system can send SMS messages properly.
1. Choose System > Server Configuration > SMS Server Configuration.
2. Set parameters of the SMS server.
  NOTE:
  If the SMS modem is used, no more than three guests can register per minute. If the number of guests that need to register in a minute exceeds three, use the SMS gateway.
3. Click Test. The Test Succeeded message is displayed and the phone with the configured mobile phone number receives a test SMS message.
4. Click Save.
Configure guest account policies. Choose Policy > Permission Control > Guest Management > Guest Account Policy.
This example uses the default policy "Self-registration_password through phones_valid for 8 hours". If the default policy cannot satisfy requirements, you can modify it or create a new policy. Set the parameters marked in red rectangles according to the following figure.
Customize the authentication page. The authentication page is automatically displayed if an unauthenticated guest accesses the network.
1. Choose Policy > Permission Control > Page Customization > Page Customization.
2. Click .
3. Configure basic information about the authentication page.
  You must select Self Register and set Guest Account Policy to the policy created in 3.
4. Click Next. Set the page template and language template.
  The page template is set to System-Mobile Quick Authentication Template and the language template is set to English.
5. Click Next to customize the page pushed to a phone.
  The guest uses the phone to obtain a password to complete registration. Therefore, no registration and registration success pages are required. You only need to customize the authentication, authentication success, and user notice pages. You can change logos as required.
6. Click Next to customize the page pushed to a PC.
7. Click Publish.
  If Delivery succeeded is displayed, page customization succeeds.

Configure a Portal page push rule to push the customized authentication page to guests.

Choose Policy > Permission Control > Page Customization > Portal Page Push Rule.

Click Add to add the Portal page push rule.

Parameter	Value	Description
Name	Push rule for phone registration	-
User-defined parameters	ssid=guest	ssid=guest indicates that the AC pushes the specified page so long as unauthorized guests select the SSID guest. For details about User-defined parameters, see Defining a Redirection Rule for the Portal Page. The AC needs to send the user-defined URL parameter to the Portal server through the URL parameter template, so that the Portal server can correctly match the pushed condition. In this example, the AC sends the user-defined URL parameter ssid to the Portal server, so that it can correctly match the pushed condition.
Pushed page	Select the page customized in 4	-
Page displayed after successful authentication	Continue to visit the original page	The value of the redirect-url field specified on the AC must be url. For details, see How Do I Continue to Access the Original Page After Successful Portal Authentication?.

Click OK.

Add SSIDs to the AC-Campus for SSID-based user authorization.
1. Choose Policy > Permission Control > Policy Element > SSID.
2. Click Add, and add a guest SSID.
  The case-sensitive SSID name must be the same as those configured on the AC.

Add an authorization result and rule to allow guests to connect to the Internet after they are successfully authenticated.

Choose Policy > Permission Control > Authentication and Authorization > Authorization Result and specify resources that guests can access after being authenticated and authorized.

ee3a9d89469f4ae5bb163ee80a8ffd33

Parameter	Value	Description
Name	Authorization Result for guest	-
Service Type	Access Service	-
ACL Number/AAA User Group	3002	ACL number must be the same as the number of the ACL configured for guests on the AC.

Choose Policy > Permission Control > Authentication and Authorization > Authorization Rule and specify the authorization conditions for guests.

9bdb0a1854c74fd0a05b86fb3f550a03

Parameter	Value	Description
Name	Authorization Rule for guest	-
Service Type	Access User	-
User Group	Guest	The value must be the same as that of User Group specified when you configure a guest account policy.
SSID	guest	The SSID must be the same as that configured for guests on the AC.
Authorization Result	Authorization Result for guest	-

Verification

A guest uses a mobile phone to connect to a Wi-Fi network. The guest selects the hotspot guest to connect to the Internet. The authentication page is pushed to the guest.
The guest enters his or her mobile phone number and clicks Get Password.
The authentication password is sent to the guest's mobile phone.
The guest enters the mobile phone number and password and clicks Login. The web page requested by the guest before the authentication is displayed automatically.
On the Service Manager, choose Resource > User > Online User Management. The online information about the account is displayed.
On the Service Manager, choose Resource > User > RADIUS Log. The RADIUS authentication logs of the account are displayed.

Thanks

umaryaqub · Created Aug 22, 2019 17:06:33

Hi,

You can use agile controller for self-registration of guests. And it's easily configured with wireless network.
You can also use 3rd party sms gateway to send username/password to guest user. Or any mail client to send details via email.

wissal · Created Aug 22, 2019 17:24:23

Hi,

For Guest WIFI with self registration

Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Guests can obtain passwords through mobile phones to connect to networks quickly.

Involved Products and Versions

Product Type	Product Name	Version
RADIUS Server Portal Server	AC-Campus	V100R002C10

Networking Requirements

An enterprise has deployed an authentication system to implement access control for all the wireless users who attempt to connect to the enterprise network. Only authenticated users can connect to the enterprise network. Enterprise employees connect to the network through personal computers (PCs) and guests connect to the network through mobile phones. The administrator has created local accounts for the employees so that they can use the local accounts to pass authentication. For guest accounts, the system should satisfy the following demands:

All guests must associate with the Wi-Fi network whose SSID is guest to connect to the Internet. Other SSIDs are not allowed.
All guests can use their mobile phone number to obtain passwords to access the network. After guests send their requests to obtain passwords, passwords are sent to the guests through SMS messages.
After the authentication succeeds, the web page requested by the guest before the authentication is displayed automatically.

Data Plan

Table 3-1 Data plan

Item	Data	Description
SM + SC (RADIUS server + Portal server)	IP address: 172.18.1.1	-
SMS server	Message Sending Method GPRS modem Enable distributed SC no Serial Port ID COM1 Country Code 86 Baud Rate 115200 Test Number 13412345678	Set corresponding parameters on the GPRS modem in advance. For details, see What Should I Do Before Connecting a GPRS Modem to the AC-Campus?.
Number of the ACL for guests' post-authentication domain	3002	-
SSID of the network to which guests associate with	guest	Configure this parameter on the AC. For details, see step 4 in 2.2.2 Example for Configuring Portal Authentication (Including MAC Address-Prioritized Portal Authentication) for Wireless Users.

Configuration Roadmap

Configure the SMS server so that the system can send SMS messages properly.
Configure guest account policies. This example uses the default policy "self-registration_obtaining passwords through mobile phones_8-hour validity period".
Customize the authentication page. The authentication page is automatically displayed if an unauthenticated guest accesses the network.
Configure a Portal page push rule to push the customized authentication page to guests.
Add guest authorization results and authorization rules to assign access rights to guests after they are successfully authenticated.

Prerequisites

Portal authentication configurations have been completed on the AC/switch and the AC-Campus. For details, see configuration examples about Portal.

Procedure

Enter https://172.18.1.1:8443 in the address box of a web browser to log in to the Service Manager.
Configure the SMS server so that the system can send SMS messages properly.
1. Choose System > Server Configuration > SMS Server Configuration.
2. Set parameters of the SMS server.
  NOTE:
  If the SMS modem is used, no more than three guests can register per minute. If the number of guests that need to register in a minute exceeds three, use the SMS gateway.
3. Click Test. The Test Succeeded message is displayed and the phone with the configured mobile phone number receives a test SMS message.
4. Click Save.
Configure guest account policies. Choose Policy > Permission Control > Guest Management > Guest Account Policy.
This example uses the default policy "Self-registration_password through phones_valid for 8 hours". If the default policy cannot satisfy requirements, you can modify it or create a new policy. Set the parameters marked in red rectangles according to the following figure.
Customize the authentication page. The authentication page is automatically displayed if an unauthenticated guest accesses the network.
1. Choose Policy > Permission Control > Page Customization > Page Customization.
2. Click .
3. Configure basic information about the authentication page.
  You must select Self Register and set Guest Account Policy to the policy created in 3.
4. Click Next. Set the page template and language template.
  The page template is set to System-Mobile Quick Authentication Template and the language template is set to English.
5. Click Next to customize the page pushed to a phone.
  The guest uses the phone to obtain a password to complete registration. Therefore, no registration and registration success pages are required. You only need to customize the authentication, authentication success, and user notice pages. You can change logos as required.
6. Click Next to customize the page pushed to a PC.
7. Click Publish.
  If Delivery succeeded is displayed, page customization succeeds.

Configure a Portal page push rule to push the customized authentication page to guests.

Choose Policy > Permission Control > Page Customization > Portal Page Push Rule.

Click Add to add the Portal page push rule.

Parameter	Value	Description
Name	Push rule for phone registration	-
User-defined parameters	ssid=guest	ssid=guest indicates that the AC pushes the specified page so long as unauthorized guests select the SSID guest. For details about User-defined parameters, see Defining a Redirection Rule for the Portal Page. The AC needs to send the user-defined URL parameter to the Portal server through the URL parameter template, so that the Portal server can correctly match the pushed condition. In this example, the AC sends the user-defined URL parameter ssid to the Portal server, so that it can correctly match the pushed condition.
Pushed page	Select the page customized in 4	-
Page displayed after successful authentication	Continue to visit the original page	The value of the redirect-url field specified on the AC must be url. For details, see How Do I Continue to Access the Original Page After Successful Portal Authentication?.

Click OK.

Add SSIDs to the AC-Campus for SSID-based user authorization.
1. Choose Policy > Permission Control > Policy Element > SSID.
2. Click Add, and add a guest SSID.
  The case-sensitive SSID name must be the same as those configured on the AC.

Add an authorization result and rule to allow guests to connect to the Internet after they are successfully authenticated.

Choose Policy > Permission Control > Authentication and Authorization > Authorization Result and specify resources that guests can access after being authenticated and authorized.

ee3a9d89469f4ae5bb163ee80a8ffd33

Parameter	Value	Description
Name	Authorization Result for guest	-
Service Type	Access Service	-
ACL Number/AAA User Group	3002	ACL number must be the same as the number of the ACL configured for guests on the AC.

Choose Policy > Permission Control > Authentication and Authorization > Authorization Rule and specify the authorization conditions for guests.

9bdb0a1854c74fd0a05b86fb3f550a03

Parameter	Value	Description
Name	Authorization Rule for guest	-
Service Type	Access User	-
User Group	Guest	The value must be the same as that of User Group specified when you configure a guest account policy.
SSID	guest	The SSID must be the same as that configured for guests on the AC.
Authorization Result	Authorization Result for guest	-

Verification

A guest uses a mobile phone to connect to a Wi-Fi network. The guest selects the hotspot guest to connect to the Internet. The authentication page is pushed to the guest.
The guest enters his or her mobile phone number and clicks Get Password.
The authentication password is sent to the guest's mobile phone.
The guest enters the mobile phone number and password and clicks Login. The web page requested by the guest before the authentication is displayed automatically.
On the Service Manager, choose Resource > User > Online User Management. The online information about the account is displayed.
On the Service Manager, choose Resource > User > RADIUS Log. The RADIUS authentication logs of the account are displayed.

Thanks

chenhui · Created Aug 23, 2019 02:10:16

@southside hi!
besides the example which @wissal listed, you can find more examples at https://support.huawei.com/hedex/hdx.do?docid=EDOC1100062239&id=c_cfgexample_0026&text=Guest%252520Management&lang=en

Guest WIFI with self registration

Recommended answer

Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Involved Products and Versions

Networking Requirements

Data Plan

Configuration Roadmap

Prerequisites

Procedure

Verification

Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Involved Products and Versions

Networking Requirements

Data Plan

Configuration Roadmap

Prerequisites

Procedure

Verification

Third Party’s Trade Secret

My Followers

Enterprise

Consumer

Corporate

Carriers

Guest WIFI with self registration

Recommended answer

Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Involved Products and Versions

Networking Requirements

Data Plan

Configuration Roadmap

Prerequisites

Procedure

Verification

Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Involved Products and Versions

Networking Requirements

Data Plan

Configuration Roadmap

Prerequisites

Procedure

Verification

Third Party’s Trade Secret

My Followers