Got it

MAC + portal authentication for wireless user(MAC first)

Latest reply: Dec 29, 2018 06:06:44 382 5 9 0

204302iddz0cm0p0caazfd.png


1. Wireless User Association, AC Initiates MAC certification if authentication fails

2. The client obtain ip address and initiates the authentication request through the HTTP protocol.

3.chap (Challenge Handshake authentication Protocol, Challenge Handshake Verification Protocol) authentication interaction between the portal server and the access device.

4.Portal server encapsulates the user name and password entered by the user into the authentication request message sent to the access device.

5. Interaction between the access device and the authentication server for authentication messages.

6. The access device sends the authentication answer message to the Portal server. 

7.Portal server sends authentication to the client through the message, informing the client that the authentication was successful.

8.Portal server sends a certification response confirmation to the access device

configuration example


#
radius-server template controller_12.36
 radius-server shared-key cipher %^%#}gu$V!77QTf_=E.XK49#cLg'Smo}T!v8mIBwkKz0%^%#
 radius-server authentication 12.12.12.36 1812 weight 80
#
aaa
 authentication-scheme radius
  authentication-mode radius
 domain radius
  authentication-scheme radius
  radius-server controller_12.36
#

#
web-auth-server controller_12.36
 server-ip 12.12.12.36
 port 50100
 shared-key cipher %^%#NL[;Z]3E*(wML.1b2*x'zG\t-\e)$98$R;:Qnh"V%^%#
 url http://12.12.12.36:8080/portal
#
portal-access-profile name portal_access_profile
 web-auth-server controller_12.36 direct
#
mac-access-profile name mac_access_profile
#
free-rule-template name default_free_rule
 free-rule 0 destination ip 8.8.8.8 mask 255.255.255.255
#
authentication-profile name mac_portal
 mac-access-profile mac_access_profile
 portal-access-profile portal_access_profile
 free-rule-template default_free_rule
 access-domain radius
#

#
wlan
 ssid-profile name mac_portal
  ssid mac_portal_129_33
 vap-profile name mac_portal
  forward-mode tunnel
  service-vlan vlan-id 200
  ssid-profile mac_portal
  authentication-profile mac_portal
 ap-group name default
  radio 0
   vap-profile mac_portal wlan 2
#



  • x
  • convention:

Mysterious.color
Created Dec 25, 2018 13:35:15 Helpful(0) Helpful(0)

good to see call flow
View more
  • x
  • convention:

Core%20Engineer%2C%20Technical%20Department.%20High%20experience%20in%20Networking
yjhd
Created Dec 28, 2018 02:06:44 Helpful(0) Helpful(0)

Portal server sends a certification response confirmation to the access device

configuration example
View more
  • x
  • convention:

SupperRobin
Created Dec 29, 2018 03:06:43 Helpful(0) Helpful(0)

Check whether the Portal server can work properly and whether the Portal service can be used properly.

If the Portal server works properly, check the network connectivity between the Portal server and device. If the network connection is disconnected, restore the network connection.
If the Portal server cannot work properly, restore the Portal server to the normal state.
View more
  • x
  • convention:

Finn92
Created Dec 29, 2018 03:15:48 Helpful(0) Helpful(0)

there are potential security risks to enterprise information if no access control is configured for the WLAN. To meet high security requirements of the enterprise, only specified STAs are allowed to access the WLAN. These STAs need to be authenticated before users of the STAs can be authenticated. MAC address + 802.1X hybrid authentication is an appropriate choice in this scenario, in which a RADIUS server is deployed to authenticate the identity of wireless users.
View more
  • x
  • convention:

Torrent
Created Dec 29, 2018 06:06:44 Helpful(0) Helpful(0)

7.Portal server sends authentication to the client through the message, informing the client that the authentication was successful.

8.Portal server sends a certification response confirmation to the access device

configuration example
thanks for sharing , we learned a lot
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.