Hello,
I'm learning about as much wireless network as zebra equipments and I configured one network with 2 ssid. After a long time I finally made it. The users connect on both SSID, they go to internet and so on, but sometimes, during not only roaming, they are disconnected and the system ask for another authentication via Captive Portal.
What could be wrong?
Thanks a lot.
!
! Configuration of RFS7000 version 5.8.4.0-034R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
aaa-policy esaf01_AAA
authentication server 1 onboard controller
authentication server 1 proxy-mode through-controller
authentication server 1 dscp 46
accounting server 1 onboard controller
!
aaa-policy esaffuncionarios
authentication server 1 host 10.10.10.40 secret 0 XXXXXXXXXXX
authentication server 1 proxy-mode through-controller
accounting server 1 host 10.10.10.40 secret 0 XXXXXXXXXXX
accounting server 1 proxy-mode through-controller
!
dns-whitelist dns_listabranca
permit XXXXXXXXXXX.gov.br suffix
!
captive-portal Portal
access-time 720
inactivity-timeout 21600
server host 10.195.40.10
server mode centralized
simultaneous-users 2000
webpage internal org-name ESAF
webpage internal org-signature ESAF
webpage internal login footer Entre em contato com o administrador caso encontre algum problema.
webpage internal login main-logo XXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal login org-background-color #ffffff
webpage internal login org-font-color #003300
webpage internal login body-background-color #ffffff
webpage internal welcome main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal welcome title Seja bem vindo
webpage internal fail header O acesso foi negado.
webpage internal fail main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal fail title Falha
webpage internal agreement header Seja bem vindo
webpage internal agreement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal agreement title ESAF
webpage internal acknowledgement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal registration description Por favor encontre um momento para registrar-se.
webpage internal registration header Bem vindo
webpage internal registration main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal no-service main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
accounting radius
use aaa-policy esaf01_AAA
use dns-whitelist dns_listabranca
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
captive-portal PortalFuncionario
access-time 720
inactivity-timeout 21600
server host 10.195.37.2
server mode centralized
simultaneous-users 200
webpage internal org-name ESAF
webpage internal org-signature ESAF
webpage internal login description Conecte-se com nome e senha
webpage internal login footer Conecte-se com nome e senha
webpage internal login header Conecte-se com nome e senha
webpage internal login main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal login main-logo use-as-banner
accounting radius
use aaa-policy esaffuncionarios
use dns-whitelist dns_listabranca
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan ESAF-01
description ESAF-Visitantes
shutdown
ssid ESAF-Visitantes
vlan 2074
bridging-mode local
encryption-type none
authentication-type none
no fast-bss-transition over-ds
use captive-portal Portal
captive-portal-enforcement
ip dhcp trust
!
wlan ESAFFuncionarios
description ESAF-Servidores
ssid ESAF-Funcionarios
vlan 2075
bridging-mode local
encryption-type none
authentication-type none
wireless-client inactivity-timeout 21600
wireless-client cred-cache-ageout 43200
wireless-client vlan-cache-ageout 43200
use aaa-policy esaffuncionarios
use captive-portal PortalFuncionario
captive-portal-enforcement
relay-agent dhcp-option82
!
wlan ESAFVISITANTES
ssid ESAF-Visitantes
vlan 2074
bridging-mode tunnel
encryption-type none
authentication-type none
wireless-client inactivity-timeout 21600
wireless-client cred-cache-ageout 43200
wireless-client vlan-cache-ageout 43200
wing-extensions move-command
wing-extensions scan-assist
wing-extensions ft-over-ds-aggregate
use aaa-policy esaf01_AAA
use captive-portal Portal
captive-portal-enforcement
!
smart-rf-policy smartrfbasico
group-by area
!