Network Topology
Null
Problem Description
An office uses WX1840H and the Cloudnet network to perform portal authentication for fixed accounts. The main fault is that the portal page cannot be displayed from time to time.
Process Analysis
1) Checked the error URL and found that it was obviously not the URL of Cloudnet Network, which is http://oasisauth.h3c.com/portal/protocol. From this error report, we suspect that there are two service templates on the site that enable portal and use the same VLAN.
2) In this case, if the terminal first accesses SSID 1, the normal portal authentication to the Internet, and then switches to SSID 2. At this time, as there is still the portal user of this terminal on the AC, and the VLAN and IP have not changed, normally at this time, there will be no pop-up page, and it will not be possible to use SSID 2. The page will not pop up and you will not be able to authenticate normally on SSID 2.
|
wlan service-template xxx1 ssid xxx-xxx vlan 103 client vlan-alloc static portal enable method direct portal domain cloud portal apply web-server cloud portal temp-pass period 20 enable service-template enable # wlan service-template xxx2 ssid xxx vlan 103 portal enable method direct portal domain sangfor portal bas-ip 10.xx.xx.6 portal apply web-server sangfor service-template enable portal web-server cloud url http://oasisauth.h3c.com/portal/protocol captive-bypass ios optimize enable server-type oauth if-match user-agent CaptiveNetworkSupport redirect-url http://wifi.weixin.qq.com if-match user-agent Dalvik/2.1.0(Linux;U;Android7.0;HUAWEI redirect-url http://oasisauth.h3c.com/generate_404 if-match user-agent micromessenger temp-pass redirect-url http://oasisauth.h3c.com/portal/protocol if-match original-url http://10.168.168.168 temp-pass if-match original-url http://captive.apple.com user-agent Mozilla temp-pass redirect-url http://oasisauth.h3c.com/portal/protocol if-match original-url http://captive.apple.com/hotspot-detect.html user-agent Mozilla temp-pass redirect-url http://oasisauth.h3c.com/portal/protocol if-match original-url http://www.apple.com user-agent Mozilla temp-pass redirect-url http://oasisauth.h3c.com/portal/protocol # portal web-server sangfor url http://192.168.xx.xx/cid/7327/portal.html url-parameter bssid ssid url-parameter redirect original-url url-parameter staip source-address url-parameter stamac source-mac url-parameter vlan1 vlan
|
3) After the portal user-logoff ssid-switch enable command is configured on site, the fault disappears. The meaning of this command is: enable the forced logout function of the wireless Portal user after switching the SSID. If a user creates two wireless service templates and both enable Portal authentication, the user VLANs are the same. The user first goes online through the SSID of one wireless service template and passes Portal authentication; when the user switches to the SSID of another wireless service template and performs Portal authentication, the user cannot pass the authentication. After executing this command, when the wireless Portal user switches from the original SSID to the new SSID, the device will force the user to go offline and automatically delete the user information, and the user can pass the Portal authentication again.
Solution
portal user-logoff ssid-switch enable Enable the forced logout function of wireless Portal users after SSID switching.