Case Study: The Portal Authentication Page Cannot Be Displayed After a STA Connects to an AP Because the Network Is Unavailable Between the STA and Portal Server

Symptom

In Portal+RADIUS authentication is configured between the AC is connected to the Agile Controller. After a STA connects to an AP, the Portal authentication page cannot be displayed.

Relevant Alarms and Logs

None

Cause Analysis

An ACL rule is configured on the STA gateway to prevent the STA from accessing the Portal server. As a result, the network is unavailable between the STA and Portal server.

Procedure

1. Check the Portal authentication page push process through debugging on the AP.

   <AP> debug portal all
   <AP> terminal debugging
   <AP> terminal monitor
   Mar 01 2021 14:18:21.280.36+00:00 AP16 PORTAL/7/PORTAL DEBUG:
   PORTAL->(CB:0)HTTP Push Payload:
   HTTP/1.1 200 OK
   Content-Type: text/html
   Content-Length: 352
   <TITLE> Web Authentication Redirect</TITLE>
   <META http-equiv="Cache-control" content="no-cache">
   <META http-equiv="Pragma" content="no-cache">
   <META http-equiv="Expires" content="-1">
   <META http-equiv="refresh" content="1; URL=http://portal-server-ip:8080/portal?ssid=Talent……">

   The AP has pushed the Portal authentication page to the STA as requested by the Portal server.

2. On the STA, use Telnet to test the reachability of TCP port 8080.

   pc-client> telnet portal-server-ip 8080

   The STA is unreachable to the port of the Portal server.

3. On the STA gateway, test the reachability to the Portal server with the source IP address.

   <STA-Gateway> telnet –s source-ip portal-server-ip

   The network is available between the STA gateway and Portal server.

4. Check the STA gateway configuration. It is found that an ACL rule is configured in the service VLAN of the STA to prevent the STA from accessing the Portal server. After the rule is deleted, the problem is solved.