• May 23, 2018, 02:54:37 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Captive Portal  (Read 4061 times)

0 Members and 1 Guest are viewing this topic.

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Captive Portal
« on: May 03, 2016, 03:54:28 PM »
Hello all again, I have a question of which I'm sure someone will know the answer as I seem to be missing something.

I have set the captive portal up using the controller as the radius server, so if I go to the captive portal wlan then open google the page comes back asking to login, I put the username created in radius user pool, but when I enter the username and password, it comes back with access denied, the laptop has an ip etc,

If I set the  access under captive portal to no authentication required   gets out on the internet, but when I set it to radius it fails but I'm not sure why , Any help on this appreciated

RFS7000 with AP650 ( wing 5.8.2 )
thanks
« Last Edit: May 03, 2016, 04:11:13 PM by Radio_Head »


Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Captive Portal
« Reply #1 on: May 04, 2016, 09:16:43 PM »
Hi,
Did you remember to apply the radius server policy to the RFS?

conf t
self
use radius-server-policy POLICYNAME

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Captive Portal
« Reply #2 on: May 05, 2016, 01:58:28 PM »
Hi,
  I Think so,
this is from the running config

wlan MCP
 ssid "M Guest Portal"
 vlan 10
 bridging-mode tunnel
 encryption-type none
 authentication-type none
 use captive-portal "M Captive portal"
 captive-portal-enforcement
 use ip-access-list out BROADCAST-MULTICAST-CONTROL
 use mac-access-list out PERMIT-ARP-AND-IPv4
 use bonjour-gw-discovery-policy AppleTV

radius-group "M Guest Portal"
 guest
 policy vlan 10
 policy ssid "M Guest Portal"
!
radius-user-pool-policy "M Guest"
 user Visitor1 password 0 123456789 group "M Guest Portal"
Start-date 05/03/2016
!
radius-server-policy "M Guest"
 use radius-user-pool-policy "M Guest"


Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Captive Portal
« Reply #3 on: May 05, 2016, 05:41:37 PM »
You would need to paste your entire config please (remove your sensitive information)

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Captive Portal
« Reply #4 on: May 06, 2016, 02:19:24 AM »
Hi this is the startup-config- will this help or is it the running_config that is required ?

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Captive Portal
« Reply #5 on: May 17, 2016, 12:31:17 AM »
Could you please try this:

In your aaa-policy "M Guets Portal" instead of using "onboard controller" option, choose to specify the authentication server by IP address and enter the IP of the controller

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Captive Portal
« Reply #6 on: May 17, 2016, 04:07:20 AM »
Hi Thanks for the response, I will do this as soon as I have rebuilt my WLANS etc, It all went Pete_Tongue on me,  :(
If I put the address of the Primary controller and it fails to the backup, will this stop the authentication ?
there are two RFS units running in active / Standby setup

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Captive Portal
« Reply #7 on: May 18, 2016, 01:19:08 AM »
The cluster controllers can support VRRP (share a virtual IP)
But I really just want you check if this makes a difference, not required to leave it that way permanently.

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Captive Portal
« Reply #8 on: May 18, 2016, 04:22:29 PM »
Hi, I have set the portal up again, and in the AAA policy server ID1 .I have changed the server type to Host and entered the IP of the wireless controller, then I have to enter a secret in order to be able to select OK,  under the drop down box  " Request Proxy Mode" do I need to set this to anything other than None ?

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Captive Portal
« Reply #9 on: May 19, 2016, 01:57:21 AM »
To be on the safe side, set it to proxy through controller

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Captive Portal
« Reply #10 on: May 23, 2016, 04:26:25 AM »
Hi
   I have set the proxy mode as suggested, I can see the captive portal, when I try and connect it requests a username and password, I put these details in, and I get "Access has been denied"

Config all seems OK ( But I must admit I'm quite new to these units ) so what looks right to me may not be right at all )

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Captive Portal
« Reply #11 on: July 15, 2016, 03:29:20 PM »
Well I'm stumped, with getting the Captive portal working on the RFS, so now onto my second option, which is pointing the captive portal to an internet appliance, but I'm not sure the RFS

"supports the sending of Framed-IP-Address (RADIUS attribute 8 )"


The RFS7000 is running Wing 5.8..3.0-041R, we will be removing a poxy server and implementing a Smooth-wall, along with this we will be setting up two captive Portals, but in order to implement the captive portals the RFS has to

sending of Framed-IP-Address (RADIUS attribute 8 )

I have looked in the documentation and it seems to suggest that it does, but if someone has experience of this could give a Yes or No that would help.

Offline McNulty

  • Sr. Member
  • ****
  • Posts: 216
Re: Captive Portal
« Reply #12 on: July 15, 2016, 03:35:26 PM »
Yes it does. You can easily verify that by capturing a radius transaction. Open up the Radius request packet in wireshark and you'll see all the framed info.

Offline Radio_Head

  • Jr. Member
  • **
  • Posts: 48
Re: Captive Portal
« Reply #13 on: July 15, 2016, 03:44:47 PM »
wow, that was a quick response, many thanks  :)