Country/Region

Portal authentication is not effective.

2023-06-30 00:06:53 Published
  • 0 Followed
  • 0Collected ,647Browsed
Liangjinbao

Network Topology

The following shows the networking diagram,


Problem Description

After configuring the portal authentication for users, it is not effective and users can access the network without authentication when connecting to the wireless network.

Process Analysis

Collect debugging and view configurations.

wlan service-template yqedu

 ssid xxx

 portal enable method direct

 portal domain dm

 portal bas-ip 10.192.192.254

 portal apply web-server web

 portal apply mac-trigger-server mac

 service-template enable

 

radius scheme rs

 primary authentication 117.106.7.15

 primary accounting 117.106.7.15

 key authentication cipher $c$3$Oe+mxsMkFdWIWIk+wfIyzu1wK5KydQfO

 key accounting cipher $c$3$hHtNxhw8+ccGWEU2BKfyxXy+FqmSsJT7

 user-name-format without-domain

 nas-ip 10.192.192.254

#

domain system

#

domain dm

 authorization-attribute idle-cut 20 1024000

 authentication portal radius-scheme rs

 authorization portal radius-scheme rs

 accounting portal radius-scheme rs

 

portal host-check enable

 portal free-rule 0 source interface GigabitEthernet1/0/7

 portal free-rule 5 source ip any destination ip 1.1.1.1 255.255.255.255

 portal free-rule 10 source ip any destination ip 2.2.2.2 255.255.255.255

 

portal free-rule 15 source ip any destination ip 114.114.114.114 255.255.255.255

#

portal web-server yqedu-web

 url http://1.1.1.1:8080/portal

 server-type cmcc

 url-parameter ssid ssid

 url-parameter wlanacname value AC

 url-parameter wlanuserip source-address

 

portal server yqedu

 ip 1.1.1.1 key cipher $c$3$z6O9logiCyo95DUxcRBaQ5ssFHpCQSG7

 server-type cmcc

 

wlan ap-group default-group

 vlan 1

 ap-model WTU430-EI

  radio 1

   max-power 19

   radio enable

   ldpc enable

   option keep-active enable

   option client fast-forwarding enable level 3

  radio 2

 

It has been found that there is a configuration option client fast-forwarding enable level 3 under the AP group. Enabling this feature allows the AP to directly forward wireless data packets to wireless clients without any additional processing (such as verification or statistics) to improve processing performance. Therefore, the device does not intercept user traffic and allows it to pass through, which means users can access the network without authentication from the terminal side.

Solution

Removing the option client fast-forwarding enable level 3 command resolves this issue.

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted