Got it
Huawei Enterprise Support Community
Community Forums WLAN
[Troubleshooting]Wireless...

[Troubleshooting]Wireless Portal Authentication Failure

Latest reply: Apr 20, 2022 07:02:00 67 12 3 0 0
View the author 1#

 Hello everyone. Today, we will continue to study portal authentication in WLAN. If portal authentication fails, What should we do about it? Today, the AC6005 and Huawei Agile Controller authentication software are used.

portal

Fault Symptom

When a guest needs to connect to a wireless network, the portal authentication page is automatically displayed on the mobile browser. After entering the portal account and password, you can access the Internet successfully. What if the portal page cannot be displayed? Alternatively, the server IP address cannot be automatically redirected, and the account and password authentication fails. So what should we do about it?


Handling Approach

  1. Check whether the network between the terminal and the server is normal.

  2. Check the terminal model or browser version.

  3. Enter an address and check whether the authentication page can be displayed.

  4. Check whether the AC configuration is correct.

  5. Check whether the DNS server address is configured.

  6. Use test-aaa to test whether the authentication is successful.

  7. Checking the RADIUS Authentication Logs of the Controller

  8. Check whether the CAN bypass function is configured.

  9. Trace the MAC address of the terminal.

  10. Collecting Log Information

 

Handling Procedure

  1. Check whether the network between the terminal and the server is normal: The first step of the protocol authentication failure check is to use the PC to connect to the portal for authentication, run the ping command on the PC to check whether the network between the terminal and the server is normal. If you use a mobile phone to connect to the portal page, enter the URL of the portal server in the browser to check whether the portal page can be opened. If the server cannot be pinged, it is recommended that you first check the network. After confirming that the network is normal, we try to use portal authentication again.


  2. Check whether the terminal model or browser version is too old: Many customers use very old mobile phones or the browser version on their computers is too old. As a result, some protocols are not supported and authentication fails. If we use very old devices or versions, it is recommended that we update them first.


  3. Manually enter an IP address to check whether the authentication page can be displayed. If the authentication page cannot be displayed, manually enter an IP address, such as 1.1.1.1 or any other IP address. If the authentication page can be displayed after you manually enter the address, check the DNS configuration. If the authentication page cannot be displayed, check the Portal authentication configuration, for example, the authentication template configuration.


  4. Check whether the AC configuration is correct. The purpose of checking the AC configuration is to check whether the authentication configuration on the AC is correct. For example, check the authentication template, portal template, and URL template. Check whether the configuration is correct.


  5. Check whether the DNS server address is configured. When configuring portal authentication, configure the DNS address in the authentication-free template to redirect the portal authentication page. You are advised to set the DNS address of the local carrier or set the DNS address to 114.114.114.114

    portal


  6. Run the test-aaa command to test whether the authentication succeeds. The test-aaa command is frequently used for Portal authentication. You can use the user name and password to test the authentication. If the message "Accout test succeed" is displayed, the configuration and network are normal. If other results are displayed, you can check the AC configuration based on the result.

    portal


  7. Check the RADIUS authentication log of the controller. After checking the configuration on the AC side, you can also check the configuration on the controller side. The most commonly used RADIUS authentication log information can be used to check whether the configuration of the controller is correct. For example, the configuration of terminal translation and encryption protocols may cause authentication errors.


  8. Check whether the CAN bypass function is configured. The CAN bypass function is a command for the iOS system. Because the old iOS system is closed, portal authentication errors may occur. If this error message is displayed only on iOS, you are advised to configure the CAN bypass function and then perform the test.


  9. Trace the MAC address of the terminal. After the preceding steps are complete, run the trace command to check whether the packets between the terminal and the server are correct. You can run the trace command to check the complete portal packet exchange process.

    [AC6508] trace object mac - address xxxx - xxxx - xx7b

    [AC6508] trace object ip - address x. x. 174

    [AC6508] trace enable


  10. Collect log information: If the fault persists after the preceding steps are complete, collect diag information and contact the TAC center for assistance.

    [Huawei] display diagnostic - information


Like (3) Dislike (0) Favorite(0) Share Report
Previous: Power saving on Wi-Fi 6 devices
Next: Central AP working modes
(1) (0)
2#
SamB
Moderator Created Yesterday 06:14

Very good handling approach and process to resolve the mentioned issue
View more
  • x
  • convention:
(1) (0)
3#
SamB
Moderator Created Yesterday 06:15

Is this applicable only to AC6000 Series ?
View more
  • x
  • convention:

fuzi_yao
fuzi_yao Created Yesterday 06:19 (1) (0)
This applies to devices in the WLAN sector, not just the AC6000 series.  
SamB
SamB Reply fuzi_yao  Created Yesterday 06:56 (0) (0)
Good to know, thanks for the clarification  
fuzi_yao
fuzi_yao Reply SamB  Created Yesterday 06:58 (0) (0)
 
(0) (0)
4#
Mahedi
MVE Author Created Yesterday 06:17

nice explanation!
View more
  • x
  • convention:
(0) (0)
5#
Mahedi
MVE Author Created Yesterday 06:17

keep it up.
View more
  • x
  • convention:

fuzi_yao
fuzi_yao Created Yesterday 06:19 (0) (0)
 
(0) (0)
6#
Saqibaz
Created Yesterday 06:47

Thanks for sharing
View more
  • x
  • convention:

fuzi_yao
fuzi_yao Created Yesterday 06:58 (0) (0)
 
(0) (0)
7#
wissal
MVE Created Yesterday 07:02

Practical case, useful solution!
View more
  • x
  • convention:

fuzi_yao
fuzi_yao Created Yesterday 07:17 (0) (0)
 
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.