Key Configuration Check

WLAN Troubleshooting Guide

About This Document
Using eDesk Pro for Network Inspection and Troubleshooting
Using Troubleshooting Insights
Risky Operations
- Hardware-Related Risky Operations
- Software-Related Risky Operations
Routine Maintenance
- Routine Maintenance Overview
- Before You Start
- Checking the Device Environment
  - Checking the Equipment Room Environment
  - Checking the Cable Status
- Checking Basic Device Information
  - Checking the Indicator Status
  - Checking for Critical or Major Alarms on an AC
- Checking the Device Running Status
- Checking Interface Information
- Checking Services
  - Checking the User Status
- Fault Information Collection and Feedback
Troubleshooting: Hardware
- Hardware Overview
- Troubleshooting Guidelines for Hardware
- Troubleshooting Cases for Hardware Faults
- Hardware FAQs
Troubleshooting: STA Experience Faults
- Troubleshooting Guidelines for STA Experience Faults
- Troubleshooting Cases for STA Experience Issues
- STA Experience FAQs
Troubleshooting: AP Joining Faults
- Troubleshooting Guidelines for AP Joining Faults
  - An AP Fails to Go Online on the AC
  - An AP Goes Offline Unexpectedly
- Troubleshooting Cases for AP Onboarding Issues
- AP Onboarding FAQs
Troubleshooting: STA Onboarding Faults
- Troubleshooting Guidelines for STA Onboarding Faults
- Troubleshooting Cases for STA Onboarding Issues
- STA Onboarding FAQs
Troubleshooting: Wireless Access Authentication Issues
- 802.1X Authentication Failures
- HTTP-based External Portal Authentication Failures
- Failures in External Portal Authentication Using the Portal Protocol
- Portal Redirection Failures
- Built-in Portal LDAP or AD Authentication Failures
- Failure to Access the Built-in Portal Page
  - Key Configuration Check
  - Common Built-in Portal Page Access Failures
- Troubleshooting Cases for STA Authentication Failures
- WLAN Authentication FAQs
Troubleshooting: Device Login Faults
- Troubleshooting Guidelines for Device Login Faults
- Device Login FAQs
Troubleshooting: Device Upgrade Faults
- Troubleshooting Guidelines for Device Upgrade Faults
- Troubleshooting Cases for Device Upgrade Failures
  - Case Study: Intelligent Upgrade Fails Because the CA Certificate on the AC Does Not Match That on the HOUP Server
  - Case Study: AP5030DN Upgrade and Mode Switching Are Abnormal Because the AP5030DN Enters the Assistant Package Mode
- Device Upgrade FAQs
Troubleshooting: Device Management Faults
- Troubleshooting Guidelines for Device Management Faults
- Device Management FAQs
Troubleshooting: Reliability Faults
- Troubleshooting Guidelines for Reliability Faults
- Troubleshooting Cases for Reliability Issues
- Reliability FAQs
Troubleshooting: Wireless Bridge Service Faults
- Troubleshooting Guidelines for Wireless Bridge Service Faults
- Wireless Bridge FAQs
Troubleshooting: Radio Management Service Faults
- Troubleshooting Guidelines for Radio Management Service Faults
  - Radio Calibration Does Not Take Effect
  - AI Roaming Does Not Take Effect
- Radio Management FAQs
Troubleshooting: Cloud Management Faults
- Troubleshooting Guidelines for Cloud Management Faults
- Troubleshooting Cases for Cloud Management Faults
  - Case Study: Fit APs Managed by a Cloud AC Fail to Go Online Due to Insufficient License Resources on the Cloud Management Platform
  - Case Study: In a VRRP Backup Scenario, a Loop Occurs on the Network When ACs Connect to the Cloud in PnP Auto-Negotiation Mode
Troubleshooting: CPE Service Faults
- Troubleshooting Guidelines for CPE Service Faults
- Troubleshooting Cases for CPE Service Faults
  - Case Study: When a CPE Roams Repeatedly, Terminals Connected to the CPE Are Intermittently Disconnected
  - Case Study: An Exception Occurs on a CPE Tunnel Due to EoGRE Configuration Changes
- CPE Service FAQs
  - How Can I Know the CPE Connected to a Wired Terminal and Its Uplink AP?
  - How Do I Collect CPE Fault Information by One Click?
Troubleshooting: Others
- Troubleshooting Guidelines for Other WLAN Service Faults
  - User Rate Limiting Does Not Take Effect
- Troubleshooting Cases for Other WLAN Service Issues
  - Case Study: Two STAs Connected to the Same SSID on the Same AP Cannot Communicate with Each Other Because the traffic-optimize bcmc deny all Command Is Executed on the Device
- FAQs About Other WLAN Services
TechNotes
- WLAN Network Optimization
- How an AP Joins an AC and Troubleshooting Any Join Failures
- How to Log In to WLAN ACs and APs
- Troubleshooting WLAN Password Issues
- AP Mode Switching - Overview, Configuration Examples, and Troubleshooting
- TechNotes: Mapping Between WACs and APs
- TechNotes: Wireless Packet Obtaining
- VLAN Deployment Guide for WLAN
- WLAN Performance Test Guide
- How to Configure Option 43 When Huawei APs Are Connected to DHCP Servers of Different Vendors
- Common WLAN Configuration Errors
Appendix: Common Information Collection and Fault Diagnostic Commands
- Information Collection
- Typical Fault Information Collection
- System Maintenance Methods
- Common Fault Diagnostic Commands
Appendix: Indicators
Contacting Huawei Technical Support

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Key Configuration Check

Profile Configuration on the AC
Portal Configuration on the AP

Profile Configuration on the AC

Find the corresponding VAP profile based on the SSID, and check the configurations of the VAP profile, including the configuration of the authentication profile.

Run the display vap-profile all command to check all VAP profiles and find the corresponding VAP profile based on the SSID.

[HUAWEI] display vap-profile all
FMode   : Forward mode
STA U/D : Rate limit client up/down
VAP U/D : Rate limit VAP up/down
BR2G/5G : Beacon 2.4G/5G rate
---------------------------------------------------------------
Name         FMode    Type     VLAN       AuthType     STA U/D(Kbps)  VAP U/D(Kbps)  BR2G/5G(Mbps)  Reference  SSID
---------------------------------------------------------------
default      direct   service  VLAN 1    Open         -/-            -/-               1/6              0           HUAWEI-WLAN
vap_portal  tunnel    service  VLAN 200 Open+Portal -/-            -/-               1/6              3           portal_test
---------------------------------------------------------------
Total: 2

It is not recommended that the same SSID be bound to multiple VAP profiles because exceptions (such as access failures) will occur when multiple VAP profiles with the same SSID are bound to the same AP.

Check the configuration of the VAP profile, and find the authentication profile bound to the VAP profile.

[HUAWEI] wlan
[HUAWEI-wlan-view] vap-profile name vap_portal
[HUAWEI-wlan-vap-prof-vap_portal]display this
#
 forward-mode tunnel
 service-vlan vlan-id 200
 ssid-profile localportal
 authentication-profile authen_portal
#

Check the configuration of the authentication profile. It must have a Portal access profile bound.

[HUAWEI] authentication-profile name authen_portal
[HUAWEI-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test
#

Check the configuration of the Portal access profile. It must have built-in Portal authentication enabled or have a Portal server template bound.

For built-in Portal authentication, you need to enable built-in Portal authentication in the Portal access profile.

[HUAWEI] portal-access-profile name access_portal
[HUAWEI-portal-access-profile-access_portal] display this
#
portal-access-profile name access_portal
 portal local-server enable
#

For external Portal authentication, you need to bind a Portal server template to the Portal access profile.

[HUAWEI] portal-access-profile name access_portal
[HUAWEI-portal-access-profile-access_portal] display this
#
portal-access-profile name access_portal
 web-auth-server portal_test direct
#

If an external Portal server is used, the server IP address and URL must be configured.
The URL can be configured in either of the following methods: 1. Configure the URL on the Portal server; 2. Reference the URL template on the Portal server and configure the URL in the URL template. In addition, you can configure the required URL parameters in the URL template. If the Portal server requires specific URL parameters, you can configure the URL parameters only in the URL template.
- Method 1: Configure a URL on the Portal server.
```
[HUAWEI] web-auth-server portal_test
[HUAWEI-web-auth-server-portal_test] display this
#
web-auth-server server_portal
 server-ip 12.12.12.1
 port 50100
 url http://12.12.12.1:8080/portal
 protocol http
#
```
- Method 2: Configure a URL template on the Portal server.
```
[HUAWEI] web-auth-server portal_test
[HUAWEI-web-auth-server-portal_test] display this
#
web-auth-server server_portal
 server-ip 12.12.12.1
 port 50100
 url-template url_test
 protocol http
#
```
  Check the configuration in the URL template. The URL and required parameters need to be configured.
```
[HUAWEI]url-template name url_test
[HUAWEI-url-template-url_test] display this
#
url-template name url_test
 url http://12.12.12.1:8080/portal
 url-parameter device-ip ac-ip user-ipaddress userip ssid ssid
#
```

Check the DNS bypass configuration.

Check whether the portal pass dns enable command is configured in the system view. By default, this command is disabled in V200R019 and later versions. If this command is not configured, configure an authentication-free rule to bypass the DNS server address. The following shows how to configure an authentication-free rule to bypass DNS server address 8.8.8.8.

[HUAWEI] free-rule-template name default
[HUAWEI-free-rule-default] display this
#
free-rule-template name default_free_rule
 free-rule 1 destination ip 8.8.8.8 mask 255.255.255.0 source ip any
#
[HUAWEI] authentication-profile name authen_portal
[HUAWEI-authentication-profile-authen_portal] display this
#
authentication-profile name authen_portal
 portal-access-profile access_portal
 access-domain domain_test
 free-rule-template default_free_rule
#

Portal Configuration on the AP

Check the configuration of the URL template delivered to the AP.

The URL template on the AP includes the built-in Portal server configuration, Portal server template configuration, and URL template configuration on the AC.

Query the configuration of all URL templates on the AP.

[HUAWEI-AP] display url-template all
---------------------------------------------------------------
ID                 URL      Start    Assignment    Isolate
Number   Mark     Mark           Mark
---------------------------------------------------------------
0                  1         ?         =               &
1                  0
2                  1         ?         =               &
---------------------------------------------------------------
Total 3

Query the URL template configuration based on the URL template ID.

URL template 0 corresponds to the built-in Portal server configuration on the AC.

[HUAWEI-AP] display url-template id 0
ID   : 0
Name : portal-local-server*
URL  :
 1. http://12.12.12.76:2000/index.html
Start mark      : ?
Assignment mark : =
Isolate mark    : &
AC IP           :
AC MAC          :
AP IP           :
AP MAC          :
User MAC        :
Redirect URL    :
SSID            :
User IP address :
Sysname         :
User VLAN       :
AP Name         :
AP Location     :
AP Group Name   :
Delimiter       :
Format          :
Http to ap      : 1
Https to ap     : 1
Server State    : 0
Server ip       : 12.12.12.76
Server ipv6     : ::
Do not Redirect : 0
URL cipher name :
URL iv name     :
URL cipher key  :
AC IP Value     :
AC MAC Value    :
Sysname Text    :
AP IP Value     :

URL template 1 corresponds to the Portal server template configuration on the AC.

[HUAWEI-AP] display url-template id 1
ID   : 1
Name : portal_test
URL  :
Start mark      :
Assignment mark :
Isolate mark    :
AC IP           :
AC MAC          :
AP IP           :
AP MAC          :
User MAC        :
Redirect URL    :
SSID            :
User IP address :
Sysname         :
User VLAN       :
AP Name         :
AP Location     :
AP Group Name   :
Delimiter       :
Format          :
Http to ap      : 1
Https to ap     : 1
Server State    : 0
Server ip       : 12.12.12.1
Server ipv6     : ::
Do not Redirect : 0
URL cipher name :
URL iv name     :
URL cipher key  :
AC IP Value     :
AC MAC Value    :
Sysname Text    :
AP IP Value     :

URL template 2 corresponds to the URL template configuration on the AC.

[HUAWEI-AP] display url-template id 2
ID   : 2
Name : url_test
URL  :
1. http://12.12.12.1:8080/portal
Start mark      : ?
Assignment mark : =
Isolate mark    : &
AC IP           : ac-ip
AC MAC          :
AP IP           :
AP MAC          :
User MAC        :
Redirect URL    :
SSID            : ssid
User IP address : userip
Sysname         :
User VLAN       :
AP Name         :
AP Location     :
AP Group Name   :
Delimiter       :
Format          :
Http to ap      : 0
Https to ap     : 0
Server State    : 0
Server ip       : 0.0.0.0
Server ipv6     : ::
Do not Redirect : 0
URL cipher name :
URL iv name     :
URL cipher key  :
AC IP Value     :
AC MAC Value    :
Sysname Text    :
AP IP Value     :

Check the Portal authentication configuration delivered to the AP.

[HUAWEI-AP] display portal config
Portal CnaBypass  : disable
Portal CnaAdaptive: enable
Portal User Agent : enable
Portal URL Encode : disable
Portal Https redirect : enable         port 64443
Portal JS Redirect: disable
Portal 302 Redirect: disable
Portal DNS Permit: disable
Vlan config info:
--------------------------------------------------------------
Vlanid   main web index   main url index   back web index   back url index
--------------------------------------------------------------
Bssid config info:
--------------------------------------------------------------
Vapid Bssid main web index main url index back web index back url index
1     27    0              0               255            255
2     28    1              2               255            255
17    30    0              0               255            255
18    31    1              2               255            255
--------------------------------------------------------------

main web index indicates the active Portal server, main url index indicates the active URL template, back web index indicates the standby Portal server, and back url index indicates the standby URL template.

You can check whether the binding relationship delivered to the AP is correct based on the global Portal authentication on the AP. If not, unbind the authentication profile from the AC VAP profile and then bind the authentication profile again.

To view authentication-free rules on the AP, run the display wsrv portal free-rule command in V200R010 or later.

[HUAWEI-AP-diagnose] display wsrv portal free-rule
----------------------------------------------------------------
Dynamic IPv4 free rule
destination IP 12.12.12.6 mask 255.255.255.255
destination IP 50.1.1.1 mask 255.255.255.255
Total 2
----------------------------------------------------------------
Profile ID 0
Rule   1:  destination IP 8.8.8.8 mask 255.255.255.0
Total 1
----------------------------------------------------------------
Profile ID 1
Rule   1:  destination IP 8.8.8.8 mask 255.255.255.0
Total 1
---------------------------------------------------------------

Profile Configuration on the AC
Portal Configuration on the AP

Translation

简体中文

Download

Updated: 2023-06-02

Document ID: EDOC1000060368

Downloads: 5813

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Profile Configuration on the AC

Portal Configuration on the AP

Related Version

Related Documents

Digital Signature File