Local portal authentication page not popping up issue
- 0 Followed
- 0Collected ,766Browsed
Network Topology
Anchor AC or AC
Problem Description
The Android terminal can pop up the portal authentication page normally, while the iOS terminal cannot pop up, debug information has the following error:
%May 24 22:34:41:571 2022 [AC1840H_AST DOT1X/5/DOT1X_WLAN_LOGIN_FAILURE: -Username=murzabekov.d-UserMAC=08d4-0c37-fa3c-BSSID=9c54-c25d-dd20-SSID=KT-H3C-APName=9c54-c25d-dd20-RadioID=1-VLANID=228; A user failed 802.1X authentication.Reason:AAA processed authentication request and return 8.
Process Analysis
After confirmation, if it is an internet environment, it is also necessary to configure the portal free-rule to allow DNS addresses or DNS protocol port numbers, allowing users to access DNS services without going through Portal authentication. Because of the active pop-up mechanism, the terminal's detection packets are intercepted, triggering the browser to launch. The terminal will send out detection packets with port numbers udp 53/tcp 53/tcp 5223. Usually, Android terminals only need to allow the first two port numbers, while iOS terminals also need to allow the third port number.
Solution
iOS terminals also needs to open port number 5223, configuration as shown below:
[AC] portal free-rule 1 destination ip any udp 53
[AC] portal free-rule 2 destination ip any tcp 53
[AC] portal free-rule 2 destination ip any tcp 5223