Country/Region

WX2860X cannot integrate with a third-party captive portal/ AAA server to complete portal authentication

2023-06-28 23:19:25 Published
  • 0 Followed
  • 0Collected ,608Browsed
Xushuai

Network Topology

Topo:


Problem Description

The customer engineer are trying to integrate H3C controller with a thire-party captive portal/ AAA server.

However, the controller failed to respond and make radius request to our AAA when server send portal protocol packet to port 50100 on the controller after the user has been authenticated on our web server.

Process Analysis

The main configuration on the AC is as follows,and there is no problem with the configuration.

wlan service-template attrelogix-wifi-staging
 description test atlg
 ssid AttreLogix-WiFi-Staging
 portal enable method direct
 portal domain atlg-domain
 portal apply web-server "ATLG Apollo"
 service-template enable
#

portal free-rule 1 destination ip any udp 53
 portal free-rule 1 description dns
 portal free-rule 2 source ip any udp 53
 portal free-rule 2 description dns
 portal free-rule 3 source ip 103.13.75.198 255.255.255.255
 portal free-rule 3 description portal
 portal free-rule 4 destination ip 103.13.75.198 255.255.255.255
 portal free-rule 4 description portal

#
portal web-server "ATLG Apollo"
 url https://eaziwi5.attrelogix.com:8443/cp/attrelogix/h3c/
 server-type cmcc

#

 url-parameter ssid value AttreLogix-WiFi-Staging
 url-parameter url original-url
 url-parameter wlanuserip source-address
#
portal server "ATLG Apollo"
 ip 192.168.0.110
 server-type cmcc

#

radius scheme atlg-radius
 primary authentication 103.13.75.198 24812 key cipher $c$3$BOski+caHFhX6AmGmw4G0jp5iJQ0n5CD7iXPyK4=
 primary accounting 103.13.75.198 24813 key cipher $c$3$Slw7E1baadx/TK13wbxNmGS9Bl/y/34sngz/UsU=
 key authentication cipher $c$3$u7pxZdMsAnEnARvOtlfA9qXCM27V6E7DwbrYYmw=
 key accounting cipher $c$3$YmyC4B7N5MGERdyPTX1sBPQV3yGO1v9Jb35NW+k=
 user-name-format keep-original
#

domain atlg-domain
 authentication portal radius-scheme atlg-radius
 authorization portal radius-scheme atlg-radius
 accounting portal radius-scheme atlg-radius

#

The engineer captures packets on the firewall side and finds that the packets are as follows,the portal server sends a message with the destination port 50100 to H3C controller .


However, we know that in the interaction of portal messages, the portal server needs to listen port number 50100, and the AC needs to listen port number 2000, so the AC will not respond to the port number of 50100.

Solution

The Onsite engineer modify the destination port number of the portal message to 2000 to realize the normal connection between the AC and the portal server.

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted