How to configure built-in portal service with local user

Publication Date:  2014-07-24 Views:  1868 Downloads:  0
Issue Description
Customer bought our AC6605 and need to deploy portal authentication. But they do not have external portal and radius server. This case provides one example using built-in portal authentication with Local user.
Alarm Information
None
Handling Process
1. Configuration and topology
PC --Wireless --- AP ---(GigabitEthernet0/0/1) AC6605

pki realm default                                                              
enrollment self-signed                                                        
#                                                                              
ssl policy default_policy type server                                          
pki-realm default

http secure-server ssl-policy default_policy                                  
http server enable                                                            
http secure-server enable                                                     
#                                                                              
portal local-server ip 1.1.1.1                                                 
portal local-server https ssl-policy default_policy port 3000

aaa                                                                                                                                  
local-user portaluser password cipher %@%@K>Z@="2WAQ3fC1GF<{cDi22f%@%@         ///Local portal authentication user.
local-user portaluser service-type web     ///Service type for portal authentication user.

interface Vlanif1000            ///For AP management                                               
ip address 192.168.100.254 255.255.255.0                                      
dhcp select interface                                                         
#                                                                              
interface Vlanif1001            ///For Wireless user                                               
ip address 192.168.1.254 255.255.255.0                                        
dhcp select interface 

interface GigabitEthernet0/0/1                       ///Connect to AP                           
port link-type trunk                                                          
port trunk pvid vlan 1000                                                     
port trunk allow-pass vlan 1000 to 1001

interface Wlan-Ess1                                                            
port hybrid pvid vlan 1001                                                    
port hybrid untagged vlan 1001                                     
portal local-server enable                               ///Enable Local portal server service                 
permit-domain name default                                                    
force-domain name default 

wlan                                           
wlan ac source interface vlanif1000                                           
ap-region id 10                                                               
ap-auth-mode no-auth                                                          
ap id 0 type-id 19 mac f84a-bfed-cb60 sn XXXXX               
wmm-profile name wmm id 1                                                     
traffic-profile name traffic id 1                                             
security-profile name security id 1                                           
service-set name test id 1                                                    
  wlan-ess 1                                                                   
  ssid HCNA-AC                                                                 
  traffic-profile id 1                                                         
  security-profile id 1                                                        
  service-vlan 1001                                                            
radio-profile name radio id 1                                                 
  wmm-profile id 1                                                             
ap 0 radio 0                                                                  
  radio-profile id 1                                                           
  service-set id 1 wlan 1

2. Test Result
a. Wirelss PC can search and connect to the SSID


Get IP address


b.Before finishing portal authentication, client cannot access network even gateway

Just can ping portal server IP 1.1.1.1


c.Open internet browser and input portal server IP:port


Input the local user and password. Finish the portal authentication.


d.After portal authentication, the wireless client can access network
Root Cause
None
Suggestions
None

END