Question

Stand Alone AP7622 for Captive Portal- Users not Authenticating

  • 10 March 2020
  • 3 replies
  • 902 views

Hi,

 

We are trying to run guest network on AP7632 WiNG v5.9 configured as stand alone, i.e. controller less enviornment.

Following are the configurations as per the HTGs for captive portal, but after creating multiple users, I am not able to authroise 

 

aaa-policy Internal-AAA
 authentication server 1 onboard controller
!
captive-portal "Autobar Guest"
 terms-agreement
 use aaa-policy Internal-AAA

!
wlan Autobar-Guest
 ssid Autobar-Guest
 vlan 1
 bridging-mode local
 encryption-type none
 authentication-type none
 use captive-portal "Autobar Guest"
 captive-portal-enforcement
!
wlan wlan1
 ssid AP7632e1
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 03322455455
!
wlan wlan2
 ssid AP7632e2
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 03322455455
!
radius-group Autobar-Guests
 policy ssid Autobar-Guest
 policy day mo
 policy day tu
 policy day we
 policy day th
 policy day fr
 policy time start 10:00 end 18:59
!
radius-user-pool-policy Autobar-Guest
 user Irfan password 0 Irfan group Autobar-Guests guest expiry-time 11:56 expiry-date 03/13/2020 start-time 11:56 start-date 03/10/2020 email-id iahmed@autobar.com.pk
 user nasir password 0 nasir group Autobar-Guests guest expiry-time 12:18 expiry-date 03/13/2020 start-time 11:18 start-date 03/10/2020 email-id nqadri@autobar.com.pk
!
radius-server-policy default
 use radius-user-pool-policy Autobar-Guest
!

!
profile ap7632 default-ap7632
 ip default-gateway 192.168.100.1
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan wlan1 bss 1 primary
  wlan wlan2 bss 2 primary
  wlan Autobar-Guest bss 3 primary
  antenna-mode 2x2
 interface radio2
  wlan wlan1 bss 1 primary
  wlan wlan2 bss 2 primary
  antenna-mode 2x2
 interface bluetooth1
  shutdown
  mode le-sensor
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use captive-portal server "Autobar Guest"
 use client-identity-group default
 ip dns-server-forward
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 timezone Etc/GMT+4
 country-code pk
 use nsight-policy default
!
ap7632 94-9B-2C-E7-A5-0E
 use profile default-ap7632
 use rf-domain default
 hostname ap7632-E7A50E
 no mint mlcp vlan
 no mint mlcp ip
 use radius-server-policy default
 interface vlan1
  description "Virtual Interface for LAN by Wizard"
  ip address 192.168.100.5/24
  ip address zeroconf secondary
  no ip dhcp client request options all
 no virtual-controller
 no rf-domain-manager capable
 no adoption-mode
!
!
end


 


3 replies

Userlevel 3

Try:

 

radius-group Autobar-Guests
 guest
 policy ssid Autobar-Guest
 policy day mo
 policy day tu
 policy day we
 policy day th
 policy day fr
 policy time start 10:00 end 18:59

Still facing the same issue.

 

pasting below the full configuration for your reference 

 

 

!
! Configuration of AP7632 version 5.9.6.0-007R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos tcp-sequence-past-window
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
aaa-policy Internal-AAA
 authentication server 1 onboard controller
!
captive-portal "Autobar Guest"
 terms-agreement
 use aaa-policy Internal-AAA
 webpage internal registration field city type text enable label "City" placeholder "Enter City"
 webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
 webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
 webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
 webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
 webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
 webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
 webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
 webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan Autobar-Guest
 ssid Autobar-Guest
 vlan 1
 bridging-mode local
 encryption-type none
 authentication-type none
 use captive-portal "Autobar Guest"
 captive-portal-enforcement
!
wlan wlan1
 ssid AP7632e1
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 03322455455
!
wlan wlan2
 ssid AP7632e2
 vlan 1
 bridging-mode local
 encryption-type tkip-ccmp
 authentication-type none
 wpa-wpa2 psk 0 03322455455
!
radius-group Autobar-Guests
 guest
 policy ssid Autobar-Guest
 policy day mo
 policy day tu
 policy day we
 policy day th
 policy day fr
 policy time start 10:00 end 18:59
!
radius-user-pool-policy Autobar-Guest
 user Irfan password 0 Irfan group Autobar-Guests guest expiry-time 11:56 expiry-date 03/13/2020 start-time 11:56 start-date 03/10/2020 email-id iahmed@autobar.com.pk
 user nasir password 0 nasir group Autobar-Guests guest expiry-time 12:18 expiry-date 03/13/2020 start-time 11:18 start-date 03/10/2020 email-id nqadri@autobar.com.pk
!
radius-server-policy default
 use radius-user-pool-policy Autobar-Guest
!
!
management-policy default
 telnet
 no http server
 https server
 rest-server
 ssh
 user admin password 1 3fa9e01b6810cb57cf1287d3fca86214dc07183358a45a981a571433c87409da role superuser access all
 user Guests-Admin password 1 bc52fd67495bd5b2d6441a3c13d022c89152097b430d4c84f34f728d93b00c0e role web-user-admin 
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
event-system-policy default
!
nsight-policy default
!
profile ap7632 default-ap7632
 ip default-gateway 192.168.100.1
 autoinstall configuration
 autoinstall firmware
 crypto ikev1 policy ikev1-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
  isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan wlan1 bss 1 primary
  wlan wlan2 bss 2 primary
  wlan Autobar-Guest bss 3 primary
  antenna-mode 2x2
 interface radio2
  wlan wlan1 bss 1 primary
  wlan wlan2 bss 2 primary
  antenna-mode 2x2
 interface bluetooth1
  shutdown
  mode le-sensor
 interface ge1
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface pppoe1
 use firewall-policy default
 use captive-portal server "Autobar Guest"
 use client-identity-group default
 ip dns-server-forward
 logging on
 service pm sys-restart
 router ospf
 adoption-mode controller
!
rf-domain default
 timezone Etc/GMT+4
 country-code pk
 use nsight-policy default
!
ap7632 94-9B-2C-E7-A5-0E
 use profile default-ap7632
 use rf-domain default
 hostname ap7632-E7A50E
 no mint mlcp vlan
 no mint mlcp ip
 use radius-server-policy default
 interface vlan1
  description "Virtual Interface for LAN by Wizard"
  ip address 192.168.100.5/24
  ip address zeroconf secondary
  no ip dhcp client request options all
 no virtual-controller
 no rf-domain-manager capable
 no adoption-mode
!
!
end
 

I had a similar issue with APs under Virtual Controller.

The only way I found to enable a working the Captive Portal was to use a physical controller RFS4000.

The setup was almost the same for VC setup and RFS setup.

 

It seems that with the APs all alone (or with VC only) there is not everything in the software for running a standalone working captive portal.

Reply