No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 Web Authen Server Need to be in VPN

Publication Date:  2012-08-12 Views:  135 Downloads:  0
Issue Description
ME60 support the option of interactive authentication mode in which a users opens the authentication page on the RM9000 Portal server, enters the name and password and submits it. RM9000 Portal server then interacts with ME60 to complete the authentication process. However, when the users enter name and password, the authentication failed due to no response from ME60.

Alarm Information
N.A.
Handling Process
We change the configuration on ME60 to the following
 
interface LoopBack100
  ip binding vpn-instance Wifi_Service
  ip address 210.213.44.246 255.255.255.255
 
web-auth-server source interface LoopBack100
web-auth-server 119.46.78.212 vpn-instance Wifi_Service port 50100 key huawei
 
Notice that Vpn-instance has value of “Wifi_Service”.
 
<PNCBBKCA1QW>dis web-auth-server configuration
  Source interface      : LoopBack100
  Listening port        : 2000
  Portal                : version 1, version 2
  Include reply message : enabled
  ------------------------------------------------------------------------
           Server  Shared-key         Port  PortFlag  NAS-IP  Vpn-instance
  ------------------------------------------------------------------------
    119.46.78.212  huawei            50100   NO       NO           Wifi_Service
 
 
Now the user performs web authentication again and he is authenticated and can access the Internet after that.
 

Root Cause
We try to isolate problem by the following process
 
  1. Check the basic parameter configuration on RM9000 & ME60
  2. We check the connectivity between from ME60 and RM9000
  3. We check the configuration on ME60
 
We first check the basic parameter on RM9000 & ME60, the basic parameters such as the IP address, port number and shared key are the same, confirming the right parameter. On ME60, enters “dis web-auth-server configuration” to generate the following results:
 
<PNCBBKCA1QW>dis web-auth-server configuration
  Source interface      : LoopBack0
  Listening port        : 2000
  Portal                : version 1, version 2
  Include reply message : enabled
  ------------------------------------------------------------------------
           Server  Shared-key         Port  PortFlag  NAS-IP  Vpn-instance
  ------------------------------------------------------------------------
    119.46.78.212  huawei            50100   NO       NO          
 
On RM9000, visit URL http://X.X.X.X/portal/admin. Login with admin account, go to Configuration Management>MSCG Management. We can compare the parameter configuration on RM9000 with ME60
 

The configuration matches each other so the parameter is ok.
 
Secondly, we perform ping test from ME60 to RM9000 and the connectivity has no problem. Alternatively, we can login to RM9000 admin page like previous steps, select the configured ME60, and click test. The result shows that the connection is OK.
 
Thirdly, we check the configuration on ME60 by typing “dis web-auth-server configuration”, the following results are shown
 
<PNCBBKCA1QW>dis web-auth-server configuration
  Source interface      : LoopBack0
  Listening port        : 2000
  Portal                : version 1, version 2
  Include reply message : enabled
  ------------------------------------------------------------------------
           Server  Shared-key         Port  PortFlag  NAS-IP  Vpn-instance
  ------------------------------------------------------------------------
    119.46.78.212  huawei            50100   NO       NO          
    119.46.78.213  huawei            50100   NO       NO        
    119.46.78.214  huawei            50100   NO       NO        
    119.46.78.215  huawei            50100   NO       NO        
  ------------------------------------------------------------------------
  4 Web authentication server(s) in total
 
We noticed that there is an empty “Vpn-instance” in the display result, while our subscriber is in the Wifi_Service vpn-instance. After talking with R&D, we confirmed that the web authentication server configuration needs to be in the same VPN with the subscriber.

Suggestions

END