No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

WLAN Product Interoperation Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Guests Connect to Networks by Scanning Public QR Codes

Example for Configuring Guests Connect to Networks by Scanning Public QR Codes

After guests connect to a Wi-Fi network using their mobile phones, they can scan QR codes posted in public areas for authentication to easily access a network.

Involved Products and Versions

Product Type

Product Name

Version

  • RADIUS Server
  • Portal Server

Agile Controller-Campus

V100R003C00

Networking Requirements

An enterprise has deployed an identity authentication system to implement access control for all the wireless users who attempt to connect to the enterprise network. Only authenticated users can connect to the enterprise network. To allow guests to access the network in the enterprise exhibition hall, system administrators can post a public QR code in public areas in the exhibition hall, so that guests can access the network by scanning the public QR code.

Data Plan

Table 1-17  Data plan

Item

Data

Description

SM + SC (RADIUS server + Portal server)

IP address: 172.18.1.1

-

Number of the ACL for guests' post-authentication domain

3002

-

SSID of the network to which guests associate with

guest

Configure this parameter on the AC. For details, see step 4 in Example for Configuring Portal Authentication (Including MAC Address-Prioritized Portal Authentication) for Wireless Users.

Configuration Roadmap

  1. Enable public QR code authentication.
  2. Configure a guest account policy for creating public QR codes.
  3. Create and export a public QR code. Print and post it in public areas where guests can scan it to connect to the network.
  4. Customize authentication and authentication success pages. After guests pass authentication by scanning the public QR code, the authentication success page is automatically displayed.
  5. Configure a Portal page push rule to push the customized authentication page to guests.
  6. Add guest authorization results and authorization rules to assign access permission to guests after they are authenticated.

Prerequisites

Portal authentication has been configured on the AC/switch and the Agile Controller-Campus. For details, see configuration examples about Portal.
NOTE:
When you configure URL parameters in the URL template, a value must be set for redirect-url; otherwise, the Agile Controller-Campus fails to interconnect with the AC/switch. The recommended value is url.
[AC] url-template name huawei
[AC-url-template-huawei] url-parameter redirect-url url
[AC-url-template-huawei] url http://172.18.1.1:8080/portal
[AC-url-template-huawei] quit

Procedure

  1. Enter https://172.18.1.1:8443 in the address box of a web browser to log in to the Service Manager.
  2. Enable public QR code authentication.

    You can use the Guest Management navigation to complete this step and the subsequent steps. Choose Policy > Permission Control > Guest Management > Quick Start, set Guest Account Management Mode to Public QR Code, and click Navigation. Complete the configuration by following the navigation. The following example illustrates how to use the GUI menus to open the configuration page and complete the configuration.

    1. Choose Policy > Permission Control > Guest Management > Parameter Setting.
    2. Click the Set Public QR Code Parameters tab.
    3. Enable Public QR Code and set public QR code parameters.

      Parameter

      Value

      Description

      Public QR Code

      Enable

      -

      URL prefix in the link

      http://192.168.1.1

      Use an IP address but not a domain name to specify the URL prefix. The URL prefix is only used to trigger Portal authentication. The IP address of a post-authentication domain can be used as the URL prefix. In other words, an IP address that guests cannot access before authentication can be used as the URL prefix.

      URL encryption key

      Admin@123

      -

      Confirm URL encryption key

      Admin@123

      -

    4. Click OK.
  3. Configure a guest account policy for creating public QR codes.
    1. Choose Policy > Permission Control > Guest Management > Guest Account Policy.
    2. Click Add.
    3. Configure a guest account policy.



      Parameter

      Value

      Description

      Name

      Public QR Code

      -

      Creation type

      Single

      Only a single public QR code can be created each time. Public QR codes cannot be created in batches.

      Generation policy

      Public QR Code

      -

      Effective time

      Takes effect immediately after being created

      -

      Account Fields

      Click Edit, select the Location field, and deselect the other fields.

      Attribute fields of a public QR code account are displayed. When creating a public QR code, enter information about the attribute fields that are selected here. In this example, the Location field is selected.

    4. Click OK.
  4. Create a public QR code.
    1. Choose Policy > Permission Control > Guest Management > Guest Account Management.
    2. Click Add to create a public QR code.

      Set Account policy to the guest account policy configured in 3.

    3. Click Save and generate a QR code.

      Select the enterprise logo image in the Update Barcode Logo area, and click Upload to add the logo to the public QR code.

    4. Click Export Barcode to export the public QR code to a local directory. Print and post it in public areas.
  5. Customize authentication and authentication success pages.

    After a guest connects to a Wi-Fi network and scans the public QR code, the authentication page is automatically displayed to authenticate the guest.

    1. Choose Policy > Permission Control > Page Customization > Page Customization.
    2. Select a template randomly, for example, System-SMS Authentication Template, and click Create Page.
    3. Configure basic information about the authentication page.

      Parameter

      Value

      Description

      Customize page name

      Public QR Code

      -

      Page title

      Web

      This web title will be displayed on the authentication page.

      Enable Self-register

      Deselect it.

      -

      Push pages using HTTPS

      Deselect it.

      If you want to allow guests to use WeChat to scan the public QR code for authentication, you need to purchase a server certificate issued by a CA to replace the default server certificate. For details, see Server Certificate Importing Tool. Otherwise, deselect Push pages using HTTPS to ensure that guests can use WeChat to scan the public QR code.

    4. Click OK to customize authentication and authentication success pages.

      The Common QR Code control needs to be added on an authentication page. The login button on the Common QR Code control must be retained.

    5. Click Release to complete the page customization.
  6. Configure a Portal page push rule to push the customized authentication page to guests.
    1. Choose Policy > Permission Control > Page Customization > Portal Page Push Rule.
    2. Click Add to add the Portal page push rule.

      Parameter

      Value

      Description

      Name

      Push rule for public QR code authentication

      -

      Customized parameters

      ssid=guest

      • ssid=guest indicates that the AC pushes the specified page so long as unauthorized guests select the SSID guest.
      • For details about User-defined parameters, see Defining a Redirection Rule for the Portal Page.
      • The AC needs to send the user-defined URL parameter to the Portal server through the URL parameter template, so that the Portal server can correctly match the pushed condition. In this example, the AC sends the user-defined URL parameter ssid to the Portal server, so that it can correctly match the pushed condition.

      Account type

      Public QR Code

      -

      Pushed page

      Select a page customized in 5.

      -

    3. Click OK.
  7. Add SSIDs to the Agile Controller-Campus for SSID-based user authorization.
    1. Choose Policy > Permission Control > Policy Element > SSID.
    2. Click Add, and add a guest SSID.

      The case-sensitive SSID name must be the same as those configured on the AC.

  8. Add an authorization result and rule to allow guests to connect to the Internet after they are successfully authenticated.
    1. Choose Policy > Permission Control > Authentication and Authorization > Authorization Result and specify resources that guests can access after being authenticated and authorized.

      Parameter

      Value

      Description

      Name

      Authorization Result for guest

      -

      Service Type

      Access Service

      -

      ACL Number/AAA User Group

      3002

      ACL number must be the same as the number of the ACL configured for guests on the AC.

    2. Choose Policy > Permission Control > Authentication and Authorization > Authorization Rule and specify the authorization conditions for guests.

      Parameter

      Value

      Description

      Name

      Authorization Rule for guest

      -

      Service Type

      Access User

      -

      User Group

      Guest

      The value must be the same as that of User Group specified when you configure a guest account policy.

      SSID

      guest

      The SSID must be the same as that configured for guests on the AC.

      Authorization Result

      Authorization Result for guest

      -

Verification

  1. A guest uses a mobile phone to connect to the Wi-Fi hotspot guest.

    Before scanning the public QR code, the guest needs to connect to the Wi-Fi hotspot for public QR code authentication. Scanning a public QR code only triggers authentication and authorization. It is recommended that the following information be added on the upper side of the public QR codes posted in public areas: Connect to the Wi-Fi network before scanning the public QR code for authentication.

  2. The guest scans the public QR code posted in public areas.
    NOTE:

    The customized public QR code authentication page is pushed only after the guest scans the public QR code. If a guest does not scan the public QR code after connecting to the Wi-Fi network, the guest is authenticated based on the Portal authentication process. The system matches Portal page push rules by priority and pushes the matched authentication page but not the public QR code authentication page to the guest.

  3. The terminal automatically initiates an authentication request after the guest successfully scans the public QR code.
    If a blank page is displayed after the guest scans the public QR code using WeChat, the possible causes are as follows:
    • During customization of the authentication page, the administrator selects Push pages using HTTPS but does not buy a trusted server certificate.

      Guests can use another scanning tool to scan the public QR code for authentication. Alternatively, the administrator re-customizes the public QR code authentication page. During the customization, the administrator needs to deselect Push pages using HTTPS and specify the new customized authentication page in the Portal page push rule.

    • If the guest has passed public QR code authentication and scans it again, a blank page is displayed.

      Choose Resource > User > Online User Management to check whether the terminal is online using the public QR code account.

  4. After the authentication succeeds, the authentication success page is displayed.

    If the authentication fails, choose Resource > User > RADIUS Log to check RADIUS authentication logs. Check causes of the authentication failure and whether the authentication rule and authorization rule are correctly configured.

  5. After the authentication succeeds, the guest can access the Internet.
  6. On the Service Manager, choose Resource > User > Online User Management. The online information about the public QR code account is displayed.
  7. On the Service Manager, choose Resource > User > RADIUS Log. The RADIUS authentication logs of the public QR code account are displayed.
    NOTE:

    The same account (public QR code account) is displayed on the Service Manager for all guests who scan the same public QR code for authentication.

Summary and Suggestions

Authorization rules or Portal page push rules are matched in descending order of priority (ascending order of rule numbers). If the authorization condition or Portal push condition of a user matches a rule, the system does not check the subsequent rules. Therefore, it is recommended that you set higher priorities for the rules defining more precise conditions and set lower priorities for the rules defining fuzzy conditions.

Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000113779

Views: 55689

Downloads: 1753

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next