No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FATAP and Cloud AP V200R009C00 Web-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Built-in Portal Authentication for Local Users

Example for Configuring Built-in Portal Authentication for Local Users

Service Requirements

WLAN is open to users and therefore has potential security risks. To manage access users in a centralized manner, Portal authentication is configured on the FAT AP. Any user that attempts to access the WLAN is redirected to the Portal authentication page. Users are authorized to access the WLAN after entering the correct user names and passwords. If the enterprise has a few number of users, the FAT AP can function as the Portal server to authenticate users locally to reduce costs. Built-in Portal authentication requires no additional Portal server, allowing for easy and flexible deployment. However, as the Portal server, the FAT AP provides only basic web functions (such as user login and logout) but cannot replace an independent Portal server or provide extended functions of an external Portal server.

Networking Requirements

  • DHCP deployment mode: The AP functions as a DHCP server to assign IP addresses to STAs.
Figure 2-9  Networking for configuring built-in Portal authentication

Data Planning

Table 2-5  AP data planning
Item Data

Service VLAN for STAs

VLAN 101

DHCP server

The FAT AP functions as a DHCP server to assign IP addresses to STAs.

IP address pool for STAs

10.23.101.2-10.23.101.254/24

DNS: 8.8.8.8

STA's gateway

VLANIF 101: 10.23.101.1

Built-in portal server

  • Server IP: 10.23.101.1

  • SSL policy: default_policy

  • Port number: 20000

Local user

  • User name: guest

  • Password: guest@123

SSID profile

  • Name: wlan-net

  • SSID name: wlan-net

Security profile

  • Name: wlan-net

  • Security policy: open (no authentication, no encryption)

Authentication Profile

  • Name: wlan-net

  • Referenced profile: Authentication-free rule profile default_free_rule

VAP profile

  • Name: wlan-net

  • Service VLAN: VLAN 101

  • Referenced profile: SSID profile wlan-net, security profile wlan-net and Authentication profile wlan-net

Configuration Roadmap

The configuration roadmap is as follows:
  1. Select WLAN Wizard to configure WLAN services on the FAT AP. On the web platform, the HTTPS service is enabled and an SSL policy is applied. When configuring a built-in Portal server, configure the same SSL policy for the built-in Portal server.
  2. Configure a DNS server address in the DHCP address pool of the service VLAN to provide the DNS service for the STA.
  3. Specify network resources accessible to authentication-free users.
  4. Complete service verification.

Procedure

  1. Configure WLAN services.
    1. Choose Wizard > Config Wizard. The Configure Wi-Fi Signals page is displayed.
    2. Configure Wi-Fi signals.

      # Click Create. The Basic Information page is displayed.

      # Configure basic information about an SSID. Set Security settings to Portal (applicable to enterprise networks) and Portal server to Built-in Portal server. Under Built-in Portal Server Configuration, configure the server IP address and port number.

      # Click Manage next to Local user. The Local User page is displayed

      # Click Create. The Create Local User page is displayed.

      # Set Creation mode to Manually add and configure the local user name and password.



      # Click OK.

      # On the Create Local User page, select the new user and click OK.

      # Click Next. The IP and Rate page is displayed.

      # Set IP address parameters.

      # Click Finish.

    3. Configure Internet connection parameters.

      # Click Next. The Configure Internet Connection page is displayed.

      # Add an interface to VLAN 101 in tagged mode.
      NOTE:

      If you log in to the web platform using a PC whose Ethernet interface is being modified, do not delete the existing VLAN configuration on the interface to ensure that the PC can communicate with Fat APs. As shown in the following figure, GigabitEthernet0/0/0 is added to VLAN 1 by default and STAs communicate with the AP through this interface. You can use the default IP address of the AP to log in to the web platform. If you need to use the default IP address to log in to the web platform, do not delete VLAN 1.



      # Click Finish.

  2. Configure DNS.
    1. Choose Configuration > IP Service > DHCP > DHCP Address Pool. In Address Pool List, click Vlanif101. The Modify DHCP Address Pool page is displayed.
    2. Configure the DNS server address for the STA and click OK.

  3. Configure network resources accessible to authentication-free users.

    1. Choose Configuration > WLAN Service > Profile.The Profile Management page is displayed.
    2. Choose Wireless Service > VAP Profile > wlan-net > Authentication Profile > Authentication-free Rule Profile. The Authentication-free Rule Profile page is displayed.
    3. Set Authentication-free Rule Profile to default_free_rule.
    4. Click Create. On the Create Authentication-free Rule page that is displayed, set Rule ID to 1 and the authentication-free resource to the IP address of the DNS server.

    5. Click OK.
    6. Select the authentication-free rule with the ID 1 and click Apply. In the dialog box that is displayed, click OK.

  4. Verify the configuration.
    1. The WLAN with the SSID wlan-net is available.
    2. The STA can associate with the WLAN and obtain an IP address 10.23.101.x/24 and its gateway address is 10.23.101.1.



    3. When a user browses a web page, the browser automatically redirects the user to the Portal authentication page. After entering the correct user name and password, the user passes the authentication and can access the web page.
    4. Choose Monitoring > Terminal Manage > STA Management. In User, you can see that STAs go online properly and obtain IP addresses.
  5. Maintain local user information.

    # Choose Configuration > Security > AAA > Local User. Click a user name to modify the password of the user. Click Delete to delete the selected user. Click Create to add a local user. The following image shows adding a user.



Translation
Download
Updated: 2019-04-18

Document ID: EDOC1100035626

Views: 10953

Downloads: 426

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next