ExtremeWireless (WiNG)

Expand all | Collapse all

Wing 5.8, RFS7000, AP7532. Users disconnect and are asked to login again.

  • 1.  Wing 5.8, RFS7000, AP7532. Users disconnect and are asked to login again.

    Posted 08-23-2017 14:25
    Hello,

    I'm learning about as much wireless network as zebra equipments and I configured one network with 2 ssid. After a long time I finally made it. The users connect on both SSID, they go to internet and so on, but sometimes, during not only roaming, they are disconnected and the system ask for another authentication via Captive Portal.

    What could be wrong?
    Thanks a lot.

    !
    ! Configuration of RFS7000 version 5.8.4.0-034R
    !
    !
    version 2.5
    !
    !
    client-identity-group default
    load default-fingerprints
    !
    ip access-list BROADCAST-MULTICAST-CONTROL
    permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
    permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
    deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
    deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
    deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
    permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
    !
    mac access-list PERMIT-ARP-AND-IPv4
    permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
    permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
    !
    ip snmp-access-list default
    permit any
    !
    firewall-policy default
    no ip dos tcp-sequence-past-window
    !
    !
    mint-policy global-default
    !
    meshpoint-qos-policy default
    !
    wlan-qos-policy default
    qos trust dscp
    qos trust wmm
    !
    radio-qos-policy default
    !
    aaa-policy esaf01_AAA
    authentication server 1 onboard controller
    authentication server 1 proxy-mode through-controller
    authentication server 1 dscp 46
    accounting server 1 onboard controller
    !
    aaa-policy esaffuncionarios
    authentication server 1 host 10.10.10.40 secret 0 XXXXXXXXXXX
    authentication server 1 proxy-mode through-controller
    accounting server 1 host 10.10.10.40 secret 0 XXXXXXXXXXX
    accounting server 1 proxy-mode through-controller
    !
    dns-whitelist dns_listabranca
    permit XXXXXXXXXXX.gov.br suffix
    !
    captive-portal Portal
    access-time 720
    inactivity-timeout 21600
    server host 10.195.40.10
    server mode centralized
    simultaneous-users 2000
    webpage internal org-name ESAF
    webpage internal org-signature ESAF
    webpage internal login footer Entre em contato com o administrador caso encontre algum problema.
    webpage internal login main-logo XXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal login org-background-color #ffffff
    webpage internal login org-font-color #003300
    webpage internal login body-background-color #ffffff
    webpage internal welcome main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal welcome title Seja bem vindo
    webpage internal fail header O acesso foi negado.
    webpage internal fail main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal fail title Falha
    webpage internal agreement header Seja bem vindo
    webpage internal agreement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal agreement title ESAF
    webpage internal acknowledgement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal registration description Por favor encontre um momento para registrar-se.
    webpage internal registration header Bem vindo
    webpage internal registration main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal no-service main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    accounting radius
    use aaa-policy esaf01_AAA
    use dns-whitelist dns_listabranca
    webpage internal registration field city type text enable label "City" placeholder "Enter City"
    webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
    webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
    webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
    webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
    webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
    webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
    webpage internal registration field email type e-address enable mandatory label "Email" placeholder
    webpage internal registration field via-email type checkbox enable title "Email Preferred"
    !
    captive-portal PortalFuncionario
    access-time 720
    inactivity-timeout 21600
    server host 10.195.37.2
    server mode centralized
    simultaneous-users 200
    webpage internal org-name ESAF
    webpage internal org-signature ESAF
    webpage internal login description Conecte-se com nome e senha
    webpage internal login footer Conecte-se com nome e senha
    webpage internal login header Conecte-se com nome e senha
    webpage internal login main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal login main-logo use-as-banner
    accounting radius
    use aaa-policy esaffuncionarios
    use dns-whitelist dns_listabranca
    webpage internal registration field city type text enable label "City" placeholder "Enter City"
    webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
    webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
    webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
    webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
    webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
    webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
    webpage internal registration field email type e-address enable mandatory label "Email" placeholder
    webpage internal registration field via-email type checkbox enable title "Email Preferred"
    !
    wlan ESAF-01
    description ESAF-Visitantes
    shutdown
    ssid ESAF-Visitantes
    vlan 2074
    bridging-mode local
    encryption-type none
    authentication-type none
    no fast-bss-transition over-ds
    use captive-portal Portal
    captive-portal-enforcement
    ip dhcp trust
    !
    wlan ESAFFuncionarios
    description ESAF-Servidores
    ssid ESAF-Funcionarios
    vlan 2075
    bridging-mode local
    encryption-type none
    authentication-type none
    wireless-client inactivity-timeout 21600
    wireless-client cred-cache-ageout 43200
    wireless-client vlan-cache-ageout 43200
    use aaa-policy esaffuncionarios
    use captive-portal PortalFuncionario
    captive-portal-enforcement
    relay-agent dhcp-option82
    !
    wlan ESAFVISITANTES
    ssid ESAF-Visitantes
    vlan 2074
    bridging-mode tunnel
    encryption-type none
    authentication-type none
    wireless-client inactivity-timeout 21600
    wireless-client cred-cache-ageout 43200
    wireless-client vlan-cache-ageout 43200
    wing-extensions move-command
    wing-extensions scan-assist
    wing-extensions ft-over-ds-aggregate
    use aaa-policy esaf01_AAA
    use captive-portal Portal
    captive-portal-enforcement
    !
    smart-rf-policy smartrfbasico
    group-by area
    !
    auto-provisioning-policy aps-7532
    adopt ap7532 precedence 1 profile AP-7532 rf-domain RF-SERPRO any
    !
    radius-group Esaf01
    guest
    policy vlan 2074
    policy ssid ESAF-Visitantes
    policy day mo
    policy day tu
    policy day we
    policy day th
    policy day fr
    policy day sa
    policy day su
    !
    radius-group Esaf02
    policy vlan 2074
    !
    radius-group helpdesk
    policy access web
    policy role helpdesk
    !
    radius-user-pool-policy visitante
    user Esaf password 0 esaf group Esaf02
    user helpdesk password 0 helpdesk group helpdesk
    user esaf password 0 esaf group Esaf02
    !
    radius-server-policy radius-esaf
    use radius-user-pool-policy visitante
    use radius-group Esaf01
    !
    dhcp-server-policy DHCP-ESAF
    dhcp-pool ESAF-VISITANTES
    network 10.195.40.0/22
    address range 10.195.40.50 10.195.43.254
    lease 0 14 26 40
    default-router 10.195.40.1
    dns-server 200.198.205.242 161.48.25.38
    dhcp-pool ge
    network 192.168.0.0/24
    address range 192.168.0.100 192.168.0.120
    dhcp-pool ESAF
    network 10.195.37.0/24
    address range 10.195.37.10 10.195.37.254
    lease 0 14 26 40
    default-router 10.195.37.1
    dns-server 200.198.205.242 161.48.25.38
    dhcp-pool APS
    network 10.195.11.0/24
    address range 10.195.11.111 10.195.11.130
    default-router 10.195.11.1
    dns-server 10.12.1.16
    !
    !
    management-policy default
    telnet
    no http server
    https server
    ssh
    user admin password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx role superuser access all
    user teste password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx role web-user-admin
    user helpdesk password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx role helpdesk access web
    snmp-server community 0 private rw
    snmp-server community 0 public ro
    snmp-server user snmptrap v3 encrypted des auth md5 0 senha00
    snmp-server user snmpmanager v3 encrypted des auth md5 0 senha00
    t5 snmp-server community public ro 192.168.0.1
    t5 snmp-server community private rw 192.168.0.1
    idle-session-timeout 300
    !
    ex3500-management-policy default
    snmp-server community public ro
    snmp-server community private rw
    snmp-server notify-filter 1 remote 127.0.0.1
    snmp-server view defaultview 1 included
    !
    ex3500-qos-class-map-policy default
    !
    ex3500-qos-policy-map default
    !
    l2tpv3 policy default
    !
    profile rfs7000 default-rfs7000
    bridge vlan 100
    ip igmp snooping
    ip igmp snooping querier
    ipv6 mld snooping
    ipv6 mld snooping querier
    ip default-gateway 10.195.40.1
    autoinstall configuration
    autoinstall firmware
    use radius-server-policy radius-esaf
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto remote-vpn-client
    interface me1
    interface ge1
    switchport mode trunk
    switchport trunk native vlan 1
    switchport trunk native tagged
    switchport trunk allowed vlan 1,100
    interface ge2
    switchport mode access
    switchport access vlan 100
    interface ge3
    interface ge4
    interface vlan1
    description Esaf01
    interface pppoe1
    use dhcp-server-policy DHCP-ESAF
    use firewall-policy default
    use auto-provisioning-policy aps-7532
    use captive-portal server Portal
    logging on
    service pm sys-restart
    router ospf
    !
    profile ap8533 default-ap8533
    autoinstall configuration
    autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto load-management
    crypto remote-vpn-client
    interface radio1
    interface radio2
    interface radio3
    interface bluetooth1
    shutdown
    interface ge1
    interface ge2
    interface vlan1
    ip address dhcp
    ip address zeroconf secondary
    ip dhcp client request options all
    interface pppoe1
    use firewall-policy default
    use client-identity-group default
    logging on
    service pm sys-restart
    router ospf
    !
    profile ap82xx default-ap82xx
    autoinstall configuration
    autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto remote-vpn-client
    interface radio1
    interface radio2
    interface radio3
    interface ge1
    interface ge2
    interface vlan1
    ip address dhcp
    ip address zeroconf secondary
    ip dhcp client request options all
    interface wwan1
    interface pppoe1
    use firewall-policy default
    use client-identity-group default
    logging on
    service pm sys-restart
    router ospf
    !
    profile ap81xx default-ap81xx
    autoinstall configuration
    autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto remote-vpn-client
    interface radio1
    interface radio2
    interface radio3
    interface bluetooth1
    shutdown
    interface ge1
    interface ge2
    interface vlan1
    ip address dhcp
    ip address zeroconf secondary
    ip dhcp client request options all
    interface wwan1
    interface pppoe1
    use firewall-policy default
    use client-identity-group default
    logging on
    service pm sys-restart
    router ospf
    !
    profile ap7532 AP-7532
    bridge vlan 1
    ip igmp snooping
    ip igmp snooping querier
    ipv6 mld snooping
    ipv6 mld snooping querier
    bridge vlan 10
    ip igmp snooping
    ip igmp snooping querier
    ipv6 mld snooping
    ipv6 mld snooping querier
    bridge vlan 100
    use captive-portal Portal
    ip igmp snooping
    ip igmp snooping querier
    ipv6 mld snooping
    ipv6 mld snooping querier
    ip name-server 10.12.1.16
    ip name-server 8.8.8.8
    ip name-server 4.2.2.2
    ip default-gateway 10.195.40.1
    no autoinstall configuration
    no autoinstall firmware
    use radius-server-policy radius-esaf
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto load-management
    crypto remote-vpn-client
    interface radio1
    wlan ESAF-01 bss 1 primary
    wlan ESAFVISITANTES bss 2 primary
    wlan ESAFFuncionarios bss 3 primary
    interface radio2
    wlan ESAF-01 bss 1 primary
    wlan ESAFVISITANTES bss 2 primary
    wlan ESAFFuncionarios bss 3 primary
    interface ge1
    switchport mode trunk
    switchport trunk native vlan 1
    switchport trunk native tagged
    switchport trunk allowed vlan 1,11,2074-2075
    interface vlan1
    interface vlan11
    description Gerencia
    ip address dhcp
    interface vlan2074
    description Vlan_rede_visitantes
    interface vlan2075
    description Vlan_rede_funcionarios
    interface pppoe1
    use dhcp-server-policy DHCP-ESAF
    use firewall-policy default
    use captive-portal server Portal
    use captive-portal server PortalFuncionario
    logging on
    controller host 10.195.11.100 pool 1 level 1
    service pm sys-restart
    router ospf
    !
    profile ap7532 PROFILE-AP7532
    no autoinstall configuration
    no autoinstall firmware
    crypto ikev1 policy ikev1-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ikev2 policy ikev2-default
    isakmp-proposal default encryption aes-256 group 2 hash sha
    crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
    crypto ikev1 remote-vpn
    crypto ikev2 remote-vpn
    crypto auto-ipsec-secure
    crypto load-management
    crypto remote-vpn-client
    interface radio1
    interface radio2
    interface ge1
    interface vlan11
    ip address dhcp
    interface pppoe1
    use firewall-policy default
    controller host 10.195.11.100
    service pm sys-restart
    router ospf
    !

    rf-domain RF-SERPRO
    location ESAF
    contact Serpro
    timezone America/Sao_Paulo
    country-code br
    use smart-rf-policy smartrfbasico
    controller-managed
    !
    rfs7000 5C-0E-8B-1A-45-26
    use profile default-rfs7000
    use rf-domain RF-SERPRO
    hostname rfs7000-1A4526
    layout-coordinates 3.0 2.5
    license AP 65b47071ef2b3f0237c8f5ff63b4589f1cff782846631007ef3878466f287e8a4745e462a14cae5d
    ip default-gateway 10.195.11.1
    interface me1
    ip address dhcp
    interface ge1
    switchport mode trunk
    switchport trunk native vlan 1
    switchport trunk native tagged
    switchport trunk allowed vlan 1,10-11,2074-2075
    interface ge2
    switchport mode access
    switchport access vlan 11
    interface vlan1
    ip address 192.168.10.1/24
    interface vlan11
    description Gerencia
    ip address 10.195.11.100/24
    interface vlan2074
    description wifi_visitantes
    ip address 10.195.40.10/22
    interface vlan2075
    description wifi_funcionarios
    ip address 10.195.37.2/24
    logging syslog debugging
    !
    ap7532 74-67-F7-03-26-44
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-032644
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-26-48
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-032648
    interface ge1
    switchport mode trunk
    switchport trunk native vlan 1
    switchport trunk native tagged
    switchport trunk allowed vlan 1,11,2074-2075
    controller host 10.195.11.100 pool 1 level 1
    controller vlan 11
    !
    ap7532 74-67-F7-03-26-9C
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-03269C
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-26-A4
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-0326A4
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-26-B4
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-0326B4
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-28-78
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-032878
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-28-B0
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-0328B0
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-28-D8
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-0328D8
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-37-18
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033718
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-37-1C
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-03371C
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-37-20
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033720
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-37-C0
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-0337C0
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-37-E0
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-0337E0
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-37-E8
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-0337E8
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-38-08
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033808
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-38-34
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033834
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-38-54
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033854
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-38-80
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033880
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-3D-BC
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033DBC
    controller host 10.195.11.100 pool 1 level 1
    !
    ap7532 74-67-F7-03-3E-F0
    use profile AP-7532
    use rf-domain RF-SERPRO
    hostname ap7532-033EF0
    interface vlan11
    ip address 10.195.11.110/24
    controller host 10.195.11.100 pool 1 level 1
    !
    !
    end

    AP7532

    !
    ! Configuration of AP7532 version 5.8.4.0-034R
    !
    !
    version 2.5
    !
    !
    ip snmp-access-list default
    permit any
    !
    firewall-policy default
    no ip dos tcp-sequence-past-window
    !
    !
    mint-policy global-default
    !
    wlan-qos-policy default
    qos trust dscp
    qos trust wmm
    !
    radio-qos-policy default
    !
    aaa-policy esaf01_AAA
    authentication server 1 onboard controller
    authentication server 1 proxy-mode through-controller
    authentication server 1 dscp 46
    accounting server 1 onboard controller
    !
    aaa-policy esaffuncionarios
    authentication server 1 host 10.10.10.40 secret 0 XXXXXXXXXXXXXXXXXX
    authentication server 1 proxy-mode through-controller
    accounting server 1 host 10.10.10.40 secret 0 XXXXXXXXXXXXXXXXX
    accounting server 1 proxy-mode through-controller
    !
    dns-whitelist dns_listabranca
    permit XXXXXXXXXXXXX suffix
    !
    captive-portal Portal
    access-time 720
    inactivity-timeout 21600
    server host 10.195.40.10
    server mode centralized
    simultaneous-users 2000
    webpage internal org-name ESAF
    webpage internal org-signature ESAF
    webpage internal login footer Entre em contato com o administrador caso encontre algum problema.
    webpage internal login main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal login org-background-color #ffffff
    webpage internal login org-font-color #003300
    webpage internal login body-background-color #ffffff
    webpage internal welcome main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal welcome title Seja bem vindo
    webpage internal fail header O acesso foi negado.
    webpage internal fail main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal fail title Falha
    webpage internal agreement header Seja bem vindo
    webpage internal agreement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal agreement title ESAF
    webpage internal acknowledgement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal registration description Por favor encontre um momento para registrar-se.
    webpage internal registration header Bem vindo
    webpage internal registration main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal no-service main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    accounting radius
    use aaa-policy esaf01_AAA
    use dns-whitelist dns_listabranca
    webpage internal registration field city type text enable label "City" placeholder "Enter City"
    webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
    webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
    webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
    webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
    webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
    webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
    webpage internal registration field email type e-address enable mandatory label "Email" placeholder "youdomain.com"
    webpage internal registration field via-email type checkbox enable title "Email Preferred"
    !
    captive-portal PortalFuncionario
    access-time 720
    inactivity-timeout 21600
    server host 10.195.37.2
    server mode centralized
    simultaneous-users 200
    webpage internal org-name ESAF
    webpage internal org-signature ESAF
    webpage internal login description Conecte-se com nome e senha
    webpage internal login footer Conecte-se com nome e senha
    webpage internal login header Conecte-se com nome e senha
    webpage internal login main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
    webpage internal login main-logo use-as-banner
    accounting radius
    use aaa-policy esaffuncionarios
    use dns-whitelist dns_listabranca
    webpage internal registration field city type text enable label "City" placeholder "Enter City"
    webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
    webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
    webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
    webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
    webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
    webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
    webpage internal registration field email type e-address enable mandatory label "Email" placeholder "youdomain.com"
    webpage internal registration field via-email type checkbox enable title "Email Preferred"
    !
    wlan ESAF-01
    description ESAF-Visitantes
    shutdown
    ssid ESAF-Visitantes
    vlan 2074
    bridging-mode local
    encryption-type none
    authentication-type none
    no fast-bss-transition over-ds
    use captive-portal Portal
    captive-portal-enforcement
    ip dhcp trust
    !
    wlan ESAFFuncionarios
    description ESAF-Servidores
    ssid ESAF-Funcionarios
    vlan 2075
    bridging-mode local
    encryption-type none
    authentication-type none
    wireless-client inactivity-timeout 21600
    wireless-client cred-cache-ageout 43200
    wireless-client vlan-cache-ageout 43200
    use aaa-policy esaffuncionarios
    use captive-portal PortalFuncionario
    captive-portal-enforcement
    relay-agent dhcp-option82
    !
    wlan ESAFVISITANTES
    ssid ESAF-Visitantes
    vlan 2074
    bridging-mode tunnel
    encryption-type none
    authentication-type none
    wireless-client inactivity-timeout 21600
    wireless-client cred-cache-ageout 43200
    wireless-client vlan-cache-ageout 43200
    wing-extensions move-command
    wing-extensions scan-assist
    wing-extensions ft-over-ds-aggregate
    use aaa-policy esaf01_AAA
    use captive-portal Portal
    captive-portal-enforcement
    !
    smart-rf-policy smartrfbasico
    group-by area
    !
    radius-group Esaf01
    guest
    policy vlan 2074
    policy ssid ESAF-Visitantes
    policy day mo
    policy day tu
    policy day we
    policy day th
    policy day fr
    policy day sa
    policy day su
    !
    radius-group Esaf02
    policy vlan 2074
    !
    radius-group helpdesk
    policy access web
    policy role helpdesk
    !
    radius-user-pool-policy visitante
    user Esaf password 0 esaf group Esaf02
    user helpdesk password 0 helpdesk group helpdesk
    user esaf password 0 esaf group Esaf02
    !
    radius-server-policy radius-esaf
    use radius-user-pool-policy visitante
    use radius-group Esaf01
    !
    dhcp-server-policy DHCP-ESAF
    dhcp-pool APS
    network 10.195.11.0/24
    address range 10.195.11.111 10.195.11.130
    default-router 10.195.11.1
    dns-server 10.12.1.16
    dhcp-pool ge
    network 192.168.0.0/24
    address range 192.168.0.100 192.168.0.120
    dhcp-pool ESAF
    network 10.195.37.0/24
    address range 10.195.37.10 10.195.37.254
    lease 0 14 26 40
    default-router 10.195.37.1
    dns-server 200.198.205.242 161.48.25.38
    dhcp-pool ESAF-VISITANTES
    network 10.195.40.0/22
    address range 10.195.40.50 10.195.43.254
    lease 0 14 26 40
    default-router 10.195.40.1
    dns-server 200.198.205.242 161.48.25.38
    !
    !
    management-policy default
    telnet
    no http server
    https server
    no ftp
    ssh
    user admin password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX role superuser access all
    user teste password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX r


  • 2.  RE: Wing 5.8, RFS7000, AP7532. Users disconnect and are asked to login again.

    Posted 08-23-2017 15:44
    You have defined vlan 2074 both as local and tunneled - that's not supported. You are creating loops. Local VLANs - bridged at the AP. Tunnel VLANs are going to the controller and switched there.


  • 3.  RE: Wing 5.8, RFS7000, AP7532. Users disconnect and are asked to login again.

    Posted 08-23-2017 15:44
    Hello Alona,
    This is a problem, even if the first wlan is set to SHUTDOWN?
    Thank you for the answer.


  • 4.  RE: Wing 5.8, RFS7000, AP7532. Users disconnect and are asked to login again.

    Posted 08-23-2017 15:44
    You need to make the following change on the guest WLAN to match the inactivity-timeout on the captive portal:

    Current Captive Portal config> inactivity-timeout 21600 (in seconds)
    What the WLAN requires> wireless-client hold-time 21600 (in seconds)

    This should resolve your current issue.


  • 5.  RE: Wing 5.8, RFS7000, AP7532. Users disconnect and are asked to login again.

    Posted 08-23-2017 15:44
    I will do it and post the result. Thank you!