MAC + portal authentication for wireless user(MAC first)

Latest reply: Dec 29, 2018 06:06:44 252 5 9 0

204302iddz0cm0p0caazfd.png


1. Wireless User Association, AC Initiates MAC certification if authentication fails

2. The client obtain ip address and initiates the authentication request through the HTTP protocol.

3.chap (Challenge Handshake authentication Protocol, Challenge Handshake Verification Protocol) authentication interaction between the portal server and the access device.

4.Portal server encapsulates the user name and password entered by the user into the authentication request message sent to the access device.

5. Interaction between the access device and the authentication server for authentication messages.

6. The access device sends the authentication answer message to the Portal server. 

7.Portal server sends authentication to the client through the message, informing the client that the authentication was successful.

8.Portal server sends a certification response confirmation to the access device

configuration example


#
radius-server template controller_12.36
 radius-server shared-key cipher %^%#}gu$V!77QTf_=E.XK49#cLg'Smo}T!v8mIBwkKz0%^%#
 radius-server authentication 12.12.12.36 1812 weight 80
#
aaa
 authentication-scheme radius
  authentication-mode radius
 domain radius
  authentication-scheme radius
  radius-server controller_12.36
#

#
web-auth-server controller_12.36
 server-ip 12.12.12.36
 port 50100
 shared-key cipher %^%#NL[;Z]3E*(wML.1b2*x'zG\t-\e)$98$R;:Qnh"V%^%#
 url http://12.12.12.36:8080/portal
#
portal-access-profile name portal_access_profile
 web-auth-server controller_12.36 direct
#
mac-access-profile name mac_access_profile
#
free-rule-template name default_free_rule
 free-rule 0 destination ip 8.8.8.8 mask 255.255.255.255
#
authentication-profile name mac_portal
 mac-access-profile mac_access_profile
 portal-access-profile portal_access_profile
 free-rule-template default_free_rule
 access-domain radius
#

#
wlan
 ssid-profile name mac_portal
  ssid mac_portal_129_33
 vap-profile name mac_portal
  forward-mode tunnel
  service-vlan vlan-id 200
  ssid-profile mac_portal
  authentication-profile mac_portal
 ap-group name default
  radio 0
   vap-profile mac_portal wlan 2
#



  • x
  • convention:

Mysterious.color
MVE Created Dec 25, 2018 13:35:15 Helpful(0) Helpful(0)

good to see call flow
  • x
  • convention:

Core%20Engineer%2C%20Technical%20Department.%20High%20experience%20in%20Networking
yjhd
Created Dec 28, 2018 02:06:44 Helpful(0) Helpful(0)

Portal server sends a certification response confirmation to the access device

configuration example
  • x
  • convention:

SupperRobin
Created Dec 29, 2018 03:06:43 Helpful(0) Helpful(0)

Check whether the Portal server can work properly and whether the Portal service can be used properly.

If the Portal server works properly, check the network connectivity between the Portal server and device. If the network connection is disconnected, restore the network connection.
If the Portal server cannot work properly, restore the Portal server to the normal state.
  • x
  • convention:

Finn92
Created Dec 29, 2018 03:15:48 Helpful(0) Helpful(0)

there are potential security risks to enterprise information if no access control is configured for the WLAN. To meet high security requirements of the enterprise, only specified STAs are allowed to access the WLAN. These STAs need to be authenticated before users of the STAs can be authenticated. MAC address + 802.1X hybrid authentication is an appropriate choice in this scenario, in which a RADIUS server is deployed to authenticate the identity of wireless users.
  • x
  • convention:

Torrent
Created Dec 29, 2018 06:06:44 Helpful(0) Helpful(0)

7.Portal server sends authentication to the client through the message, informing the client that the authentication was successful.

8.Portal server sends a certification response confirmation to the access device

configuration example
thanks for sharing , we learned a lot
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login