No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

WLAN V200R008C10 Typical Configuration Examples

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Example for Configuring Guests to Obtain Passwords Through Mobile Phones to Pass Authentication Quickly

Guests can obtain passwords through mobile phones to connect to networks quickly.

Involved Products and Versions

Product Type

Product Name

Version

  • RADIUS Server
  • Portal Server

Agile Controller-Campus

V100R002C00

Networking Requirements

An enterprise has deployed an authentication system to implement access control for all the wireless users who attempt to connect to the enterprise network. Only authenticated users can connect to the enterprise network. Enterprise employees connect to the network through personal computers (PCs) and guests connect to the network through mobile phones. The administrator has created local accounts for the employees so that they can use the local accounts to pass authentication. For guest accounts, the system should satisfy the following demands:
  • All guests must associate with the Wi-Fi network whose SSID is guest to connect to the Internet. Other SSIDs are not allowed.
  • All guests can use their mobile phone number to obtain passwords to access the network. After guests send their requests to obtain passwords, passwords are sent to the guests through SMS messages.
  • After the authentication succeeds, the web page requested by the guest before the authentication is displayed automatically.

Data Plan

Table 4-130 Data plan

Item

Data

Description

SM + SC (RADIUS server + Portal server)

IP address: 172.18.1.1

-

SMS server

Message Sending Method

SMSGW

Enable distributed SC

no

Serial Port ID

COM1

Country Code

86

Baud Rate

115200

Test Number

13412345678

Set corresponding parameters on the GPRS modem in advance. For details, see What Should I Do Before Connecting a GPRS Modem to the Agile Controller-Campus?.

Number of the ACL for guests' post-authentication domain

3002

-

SSID of the network to which guests associate with

guest

Configure this parameter on the AC. For details, see step 6 in Example for Configuring Portal Authentication (Including MAC Address-Prioritized Portal Authentication) for Wireless Users.

Configuration Roadmap

  1. Configure the SMS server so that the system can send SMS messages properly.
  2. Configure guest account policies. This example uses the default policy "self-registration_obtaining passwords through mobile phones_8-hour validity period".
  3. Customize the authentication page. The authentication page is automatically displayed if an unauthenticated guest accesses the network.
  4. Configure a Portal page push rule to push the customized authentication page to guests.
  5. Add guest authorization results and authorization rules to assign access rights to guests after they are successfully authenticated.

Prerequisites

Portal authentication configurations have been completed on the AC/switch and the Agile Controller-Campus. For details, see configuration examples about Portal.

Procedure

  1. Enter https://172.18.1.1:8443 in the address box of a web browser to log in to the Service Manager.
  2. Configure the SMS server so that the system can send SMS messages properly.
    1. Choose System > Server Configuration > SMS Server Configuration.
    2. Set parameters of the SMS server.

      NOTE:

      If the SMS modem is used, no more than three guests can register per minute. If the number of guests that need to register in a minute exceeds three, use the SMS gateway.

    3. Click Test. The Test Succeeded message is displayed and the phone with the configured mobile phone number receives a test SMS message.
    4. Click Save.
  3. Configure guest account policies. Choose Policy > Permission Control > Guest Management > Guest Account Policy.

    This example uses the default policy "Self-registration_password through phones_valid for 8 hours". If the default policy cannot satisfy requirements, you can modify it or create a new policy. Set the parameters marked in red rectangles according to the following figure.

  4. Customize the authentication page. The authentication page is automatically displayed if an unauthenticated guest accesses the network.
    1. Choose Policy > Permission Control > Page Customization > Page Customization.
    2. Choose System-SMS Authentication Template and click Create Page.
    3. Configure basic information about the authentication page.

      You must select Self Register and set Guest Account Policy to the policy created in 3.

    4. Click OK to customize the page pushed to a phone.

      The guest uses the phone to obtain a password to complete registration. Therefore, no registration and registration success pages are required. You only need to customize the authentication, authentication success, and user notice pages. You can change logos as required.

    5. Click Next to customize the page pushed to a PC.

    6. Click Release.

      If Delivery succeeded is displayed, page customization succeeds.

  5. Configure a Portal page push rule to push the customized authentication page to guests.
    1. Choose Policy > Permission Control > Page Customization > Portal Page Push Rule.
    2. Click Add to add the Portal page push rule.

      Parameter

      Value

      Description

      Name

      Push rule for phone registration

      -

      User-defined parameters

      ssid=guest

      • ssid=guest indicates that the AC pushes the specified page so long as unauthorized guests select the SSID guest.
      • For details about User-defined parameters, see Defining a Redirection Rule for the Portal Page.
      • The AC needs to send the user-defined URL parameter to the Portal server through the URL parameter template, so that the Portal server can correctly match the pushed condition. In this example, the AC sends the user-defined URL parameter ssid to the Portal server, so that it can correctly match the pushed condition.

      Pushed page

      Select the page customized in 4

      -

      Page displayed after successful authentication

      Continue to visit the original page

      The value of the redirect-url field specified on the AC must be url. For details, see How Do I Continue to Access the Original Page After Successful Portal Authentication?.

    3. Click OK.
  6. Add SSIDs to the Agile Controller-Campus for SSID-based user authorization.
    1. Choose Policy > Permission Control > Policy Element > SSID.
    2. Click Add, and add a guest SSID.

      The case-sensitive SSID name must be the same as those configured on the AC.

  7. Add an authorization result and rule to allow guests to connect to the Internet after they are successfully authenticated.
    1. Choose Policy > Permission Control > Authentication and Authorization > Authorization Result and specify resources that guests can access after being authenticated and authorized.

      Parameter

      Value

      Description

      Name

      Authorization Result for guest

      -

      Service Type

      Access Service

      -

      ACL Number/AAA User Group

      3002

      ACL number must be the same as the number of the ACL configured for guests on the AC.

    2. Choose Policy > Permission Control > Authentication and Authorization > Authorization Rule and specify the authorization conditions for guests.

      Parameter

      Value

      Description

      Name

      Authorization Rule for guest

      -

      Service Type

      Access User

      -

      User Group

      Guest

      The value must be the same as that of User Group specified when you configure a guest account policy.

      SSID

      guest

      The SSID must be the same as that configured for guests on the AC.

      Authorization Result

      Authorization Result for guest

      -

Verification

  1. A guest uses a mobile phone to connect to a Wi-Fi network. The guest selects the hotspot guest to connect to the Internet. The authentication page is pushed to the guest.
  2. The guest enters his or her mobile phone number and clicks Get Verification Code.

    The authentication password is sent to the guest's mobile phone.

  3. The guest enters the verification code and clicks Log In. The web page requested by the guest before the authentication is displayed automatically.
  4. On the Service Manager, choose Resource > User > Online User Management. The online information about the account is displayed.
  5. On the Service Manager, choose Resource > User > RADIUS Log. The RADIUS authentication logs of the account are displayed.
Translation
Download
Updated: 2019-03-30

Document ID: EDOC1000184389

Views: 94859

Downloads: 550

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next