No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>


To have a better experience, please upgrade your IE browser.


How to configure built-in portal service with local user

Publication Date:  2014-07-24 Views:  4232 Downloads:  0
Issue Description
Customer bought our AC6605 and need to deploy portal authentication. But they do not have external portal and radius server. This case provides one example using built-in portal authentication with Local user.
Alarm Information
Handling Process
1. Configuration and topology
PC --Wireless --- AP ---(GigabitEthernet0/0/1) AC6605

pki realm default                                                              
enrollment self-signed                                                        
ssl policy default_policy type server                                          
pki-realm default

http secure-server ssl-policy default_policy                                  
http server enable                                                            
http secure-server enable                                                     
portal local-server ip                                                 
portal local-server https ssl-policy default_policy port 3000

local-user portaluser password cipher %@%@K>Z@="2WAQ3fC1GF<{cDi22f%@%@         ///Local portal authentication user.
local-user portaluser service-type web     ///Service type for portal authentication user.

interface Vlanif1000            ///For AP management                                               
ip address                                      
dhcp select interface                                                         
interface Vlanif1001            ///For Wireless user                                               
ip address                                        
dhcp select interface 

interface GigabitEthernet0/0/1                       ///Connect to AP                           
port link-type trunk                                                          
port trunk pvid vlan 1000                                                     
port trunk allow-pass vlan 1000 to 1001

interface Wlan-Ess1                                                            
port hybrid pvid vlan 1001                                                    
port hybrid untagged vlan 1001                                     
portal local-server enable                               ///Enable Local portal server service                 
permit-domain name default                                                    
force-domain name default 

wlan ac source interface vlanif1000                                           
ap-region id 10                                                               
ap-auth-mode no-auth                                                          
ap id 0 type-id 19 mac f84a-bfed-cb60 sn XXXXX               
wmm-profile name wmm id 1                                                     
traffic-profile name traffic id 1                                             
security-profile name security id 1                                           
service-set name test id 1                                                    
  wlan-ess 1                                                                   
  ssid HCNA-AC                                                                 
  traffic-profile id 1                                                         
  security-profile id 1                                                        
  service-vlan 1001                                                            
radio-profile name radio id 1                                                 
  wmm-profile id 1                                                             
ap 0 radio 0                                                                  
  radio-profile id 1                                                           
  service-set id 1 wlan 1

2. Test Result
a. Wirelss PC can search and connect to the SSID

Get IP address

b.Before finishing portal authentication, client cannot access network even gateway

Just can ping portal server IP

c.Open internet browser and input portal server IP:port

Input the local user and password. Finish the portal authentication.

d.After portal authentication, the wireless client can access network
Root Cause