Network Topology
Like the following figure:
Problem Description
Wireless portal authentication cannot pop up the authentication page
Process Analysis
Follow the steps below to check:
1.Check that the portal server status is normal: dis portal server;
2.The client is online and has obtained an IP address;
3.The terminal can ping the portal server address;
4. Directly enter the URL to pop up the authentication page;
5. And debug portal shows the following error:
*Jan 9 23:31:33:219 2025 1 PORTAL/7/RULE: -Chassis=2-Slot=1;
[Inbound] execute full rule match, { MatchRes = [Rule4-Deny] }
L3 Interface = Vlan224, L2 Interface = BAGG9, VLAN = 224, SrcMac = 82b1-7406-XXXX,
SrcIP = 10.225.X.X, DstIP = 10.225.X.X
*Jan 9 23:31:39:206 2025 1 PORTAL/7/ERROR: -Chassis=2-Slot=1; Failed to get the host name for free rule.
After checking the configuration, I found that only the address to the portal server was open on site. we needed to open the DNS port.
portal free-rule 1 source ip any destination ip 172.100.X.X 255.255.255.255
Add the following command to test it.
portal free-rule 1 destination ip any udp 53
portal free-rule 2 destination ip any tcp 53 //Open DNS query UDP OR TCP port 53
portal free-rule 3 destination ip any tcp 5223 //Special DNS query method for ios iphone
Solution
Add the following command to test success.
portal free-rule 1 destination ip any udp 53
portal free-rule 2 destination ip any tcp 53 //Open DNS query UDP OR TCP port 53
portal free-rule 3 destination ip any tcp 5223 //Special DNS query method for ios iphone