No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade
Knowledge Base

Portal authentication issue

Publication Date:  2018-05-16  |   Views:  605  |   Downloads:  0  |   Author:  t84075118  |   Document ID:  EKB1001590284

Contents

Issue Description

Customer configured portal authentication on Agile-Controller that was also the radius server.

When trying to connect to the WLAN network using portal authentication, the portal page was displayed correctly but after the username and password was inserted the login would fail.


Handling Process

We have made a trace using the STA IP address and from the trace we found that the authentication failure was due to shared-key mismatch.

 

Please note that:

The shared key is used to encrypt the password and generate the response authenticator.

When exchanging authentication packets with a RADIUS server, the device uses MD5 to encrypt important data such as the password to ensure security of data transmission over the network. To ensure validity of both communication parties, the device and RADIUS server must be configured with the same shared key.

 

We have configured the shared-key again on S5720 radius-server template (that was working as AC) and on Agile Controller, but after the change the authentication still failed.

We have checked configuration again and we noticed that the radius-server shared-key was configured both globally and in the radius-server template.


Root Cause

The radius-server configured globally has a high priority than radius-server template, if we configure a global radius-server shared key and a template shared key, the AC will send the globally configured one.


Solution

Remove the command “radius-server ip-address 10.1.1.1 shared-key” from the global configuration.

After we removed it the portal authentication was working.


Suggestions

Make sure that you have same shared key configured on both ends (Agile Controller and Access Controller) and if both global and template radius shared key is configured for same ip address please note that the globally configured will take priority.