Got it
Huawei Enterprise Support Community
Community Forums WLAN
Huawei Wireless Access Co...

Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring Built-in Portal Authentication for Local Users

Latest reply: Oct 19, 2017 10:02:32 2241 1 0 0 0
View the author 1#

18.10  Example for Configuring Built-in Portal Authentication for Local Users


Networking Requirements

As shown in Figure 18-10, an enterprise connects the AC to the aggregation switch in bypass mode to manage the AP in centralized manner and provide a WLAN with the SSID huawei so that users can access the network anywhere at any time. The AC functions as the DHCP server to assign IP addresses to the AP and STA.

Due to openness of the WLAN, there are security risks. To manage users in centralized manner, Portal authentication is configured on the AC. Any user that attempts to access the Internet is redirected to the Portal authentication page. Users are authorized to access the Internet after entering the correct user names and passwords. If the enterprise has a few number of users, the AC can function as the Portal server to authenticate users locally to reduce costs.

Figure 18-10  Networking for configuring built-in Portal authentication for local users 
a854b4ae7342460f93bb09525142f6b7

Data Preparation

ItemData
Management VLAN for the APVLAN 100
Service VLAN for STAsVLAN 101
DHCP serverThe AC functions as the DHCP server for the AP and STAs.
IP address pool for the AP192.168.100.2 to 192.168.100.254/24
IP address pool for STAs

192.168.101.3 to 192.168.101.254/24

DNS: 8.8.8.8

Address that cannot be assigned: 192.168.101.2 of Router

AC ID/Country code0/CN
AC's source interfaceVLANIF 100
WLAN radio profile

Name: radio

WMM profile: wmm

WLAN service set

Name: huawei

SSID: huawei

WLAN ESS interface: WLAN-ESS1

Security profile: security

Traffic profile: traffic

Data forwarding mode: tunnel forwarding

AP's gateway

VLANIF 100: 192.168.100.1

STA's gateway

VLANIF101: 192.168.101.1

STA user name and password

  • User name: huawei

  • Password: huawei123

  • Authentication domain: default

Built-in Portal server

  • IP address: 192.168.101.1

  • SSL policy: default_policy (the certificate in the PKI domain is obtained in self-signed mode)

  • Port number: 2000

  • Authentication mode: CHAP

Configuration Roadmap

The configuration roadmap is as follows:

  1. Use the configuration wizard to configure the AP to go online on the AC. Configure a management VLAN and a service VLAN.

  2. Configure a DNS server address in the DHCP address pool of the service VLAN to provide the DNS service for the STA.

  3. Configure a static route so that the AC forwards the packet to the router after receiving the packet from the STA.

  4. Configure a built-in Portal server to authenticate users locally and use the authenticate domain default for Portal authentication.

  5. Use the configuration wizard to configure the WLAN service and deliver the WLAN service to the AP.

Procedure

  1. Configure the access switch, aggregation switch, and router.


    # Add GE0/0/1 and GE0/0/2 on the access switch to VLAN 100 (the default VLAN of GE0/0/1).

    # On the aggregation switch, add GE0/0/1 and GE0/0/2 to the management VLAN 100, and add GE0/0/2 and GE0/0/3 to the service VLAN 101.

    # Assign an IP address 192.168.101.2 to GE0/0/1 on Router and configure the router as the default gateway for the AC.


  2. Configure the AP to go online on the AC.

    1. Choose Configuration Wizard > Configuration Wizard > AP Online Configuration Wizard. The AP Online Configuration Wizard page is displayed.
      3261ae2f641c405980710c8d72e763d9

    2. Configure the Ethernet interface.


      # On the Configure Ethernet Interface page, click 575354a25edd4421a8b43be075ad3ab5 next to GigabitEthernet0/0/1 to add the interface to VLAN 100 and VLAN 101 in tagged mode.
      acd712a64a9a4ff1a9606f8a535b835d


    3. Configure virtual interfaces.


      # Click Create on the Configure Virtual Interface page. The Create Virtual Interfacepage is displayed.

      # Configure an IP address 192.168.100.1/24 for VLANIF 100.
      aaeac19a85b54793a77f7f1e5cb0ea81

      # Configure an IP address 192.168.101.1/24 for VLANIF101.

      # Click Next.


    4. Configure DHCP.


      # Click Create on the Configure DHCP page. The Create IP Pool page is displayed.

      # Configure an IP address pool for VLANIF 100.
      a4cd27e8762b47189fe0a2dec841ab26

      # Configure an IP address pool for VLANIF 101. Specify that the IP address 192.168.101.2 in this address pool cannot be automatically assigned to STAs.
      4dd76e4d787748ae95521487689f2a7b

      # Click Next.


    5. Configure the AC.



      dbbbc9acb5094c1190e5d94cfab1181f


    6. Confirm the settings.


      On the Confirm Settings page, confirm that the settings are correct and then click Finish.


  3. Configure DNS.


    # Choose IP Service > DHCP > IP Pool and click 575354a25edd4421a8b43be075ad3ab5 next to Vlanif101 in IP Pool List to configure the DNS server address for the STA.

    47c735a0af4e4bbea94ca2c1e4479df6


  4. Configure a static route.


    # Choose IP Service > Route > Static Route Configuration to create a static route.
    b3260dafbcc44411868395065dcf6beb


  5. Configure a local authentication user.


    # Choose Security Management > AAA > User Management to create a local authentication user.
    c4149e812fc44072b979f4e2f7fccc10


  6. Configure a built-in Portal server.


    # Choose Security Management > Portal Authentication > Built-in Portal Server, set parameters for the built-in Portal server, and click Apply.

    4c83cd6b69b14e7e875907490b335849


  7. Configure the WLAN service.

    1. Choose Configuration Wizard > Configuration Wizard > WLAN Configuration Wizard. The WLAN Configuration Wizard page is displayed.
      778f6d2d31f34716969a21fbc3bc373b

    2. Select Common WLAN Service and click Next.

    3. Add the AP.


      # Click Create on the Configure AP page. The Create AP page is displayed.

      # Set AP type to AP6010DN-AGN and MAC address to 60de-4476-e360 on the Create AP page to add the AP. 
      92a5d52d12b74cc8a5bdc3a0f50ee3c3

      Select the AP and click Next.


    4. Configure the radio.


      # Select 2.4 GHz.

      # Create a radio profile named radio. Create a WMM profile named wmm and use the default settings in the profile.
      55767d1124314e47a0e53ecc499b3a8f

      # Click Next.


    5. Configure the WLAN service.


      # On the Configure WLAN Service page, click Create to create a service set.
      03131ea295694ac88337ad6f9989e844

      # Create a traffic profile named traffic.
      af65b8a9692043c7a7f653effc6e195d

      # Create a security profile named security.
      dd6f4fd8c4744e73a0b94a45c84c7266

      # Create an ESS interface.
      b201c5cd41c9401fa8e0ee40366a8ff0

      # Select the created security profile, traffic profile, ESS interface, click Advanced, and set Forwarding mode to Tunnel.
      73874585a3424118920f49fd93d3310a

      # Click OK and then click Next.


    6. Confirm the settings.

      # Confirm that the settings are correct, and then click Finish. In the message that is displayed, confirm that the configuration is to be delivered to the AP.

  8. Verify the configuration.

    1. The WLAN with the SSID huawei is available for the STA.

    2. The STA can associate with the WLAN and obtain an IP address 192.168.101.x/24 and its gateway address is 192.168.101.1.
      4ad7b297fadf46c78e718eb16456f8d8

    3. Choose Terminal Management > Terminal Management > STA Management. You can see that the STA goes online successfully and obtains an IP address.
      590c9857fe9f4dd7b4244080673e9d26

    4. When a user opens the browser and enters an IP address, the user is redirected to the Portal authentication page. Enter the user name and password and click Login.

      87601c37b1bc4af3b1fb972de5b12788

    5. If the following page is displayed, the user is successfully authenticated and can access the Internet. Do not close this page when you access the Internet.

      6d4de67549ba4f48b95dcab095d1ca89

From group: WLAN

Like (0) Dislike (0) Favorite(0) Share Report
Previous: Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring Traffic-based Dynamic Load Balancing
Next: Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring Portal Authentication
(0) (0)
2#
WoodWood
Created Oct 19, 2017 10:02:32

Huawei Wireless Access Controllers V200R003C00 Web Platform Configuration Guide-Example for Configuring Built-in Portal Authentication for Local Users
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.