Wing 5.8, RFS7000, AP7532. Users disconnect and are asked to login again.


Hello,

I'm learning about as much wireless network as zebra equipments and I configured one network with 2 ssid. After a long time I finally made it. The users connect on both SSID, they go to internet and so on, but sometimes, during not only roaming, they are disconnected and the system ask for another authentication via Captive Portal.

What could be wrong?
Thanks a lot.

!
! Configuration of RFS7000 version 5.8.4.0-034R
!
!
version 2.5
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
aaa-policy esaf01_AAA
authentication server 1 onboard controller
authentication server 1 proxy-mode through-controller
authentication server 1 dscp 46
accounting server 1 onboard controller
!
aaa-policy esaffuncionarios
authentication server 1 host 10.10.10.40 secret 0 XXXXXXXXXXX
authentication server 1 proxy-mode through-controller
accounting server 1 host 10.10.10.40 secret 0 XXXXXXXXXXX
accounting server 1 proxy-mode through-controller
!
dns-whitelist dns_listabranca
permit XXXXXXXXXXX.gov.br suffix
!
captive-portal Portal
access-time 720
inactivity-timeout 21600
server host 10.195.40.10
server mode centralized
simultaneous-users 2000
webpage internal org-name ESAF
webpage internal org-signature ESAF
webpage internal login footer Entre em contato com o administrador caso encontre algum problema.
webpage internal login main-logo XXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal login org-background-color #ffffff
webpage internal login org-font-color #003300
webpage internal login body-background-color #ffffff
webpage internal welcome main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal welcome title Seja bem vindo
webpage internal fail header O acesso foi negado.
webpage internal fail main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal fail title Falha
webpage internal agreement header Seja bem vindo
webpage internal agreement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal agreement title ESAF
webpage internal acknowledgement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal registration description Por favor encontre um momento para registrar-se.
webpage internal registration header Bem vindo
webpage internal registration main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal no-service main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
accounting radius
use aaa-policy esaf01_AAA
use dns-whitelist dns_listabranca
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
captive-portal PortalFuncionario
access-time 720
inactivity-timeout 21600
server host 10.195.37.2
server mode centralized
simultaneous-users 200
webpage internal org-name ESAF
webpage internal org-signature ESAF
webpage internal login description Conecte-se com nome e senha
webpage internal login footer Conecte-se com nome e senha
webpage internal login header Conecte-se com nome e senha
webpage internal login main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal login main-logo use-as-banner
accounting radius
use aaa-policy esaffuncionarios
use dns-whitelist dns_listabranca
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan ESAF-01
description ESAF-Visitantes
shutdown
ssid ESAF-Visitantes
vlan 2074
bridging-mode local
encryption-type none
authentication-type none
no fast-bss-transition over-ds
use captive-portal Portal
captive-portal-enforcement
ip dhcp trust
!
wlan ESAFFuncionarios
description ESAF-Servidores
ssid ESAF-Funcionarios
vlan 2075
bridging-mode local
encryption-type none
authentication-type none
wireless-client inactivity-timeout 21600
wireless-client cred-cache-ageout 43200
wireless-client vlan-cache-ageout 43200
use aaa-policy esaffuncionarios
use captive-portal PortalFuncionario
captive-portal-enforcement
relay-agent dhcp-option82
!
wlan ESAFVISITANTES
ssid ESAF-Visitantes
vlan 2074
bridging-mode tunnel
encryption-type none
authentication-type none
wireless-client inactivity-timeout 21600
wireless-client cred-cache-ageout 43200
wireless-client vlan-cache-ageout 43200
wing-extensions move-command
wing-extensions scan-assist
wing-extensions ft-over-ds-aggregate
use aaa-policy esaf01_AAA
use captive-portal Portal
captive-portal-enforcement
!
smart-rf-policy smartrfbasico
group-by area
!
auto-provisioning-policy aps-7532
adopt ap7532 precedence 1 profile AP-7532 rf-domain RF-SERPRO any
!
radius-group Esaf01
guest
policy vlan 2074
policy ssid ESAF-Visitantes
policy day mo
policy day tu
policy day we
policy day th
policy day fr
policy day sa
policy day su
!
radius-group Esaf02
policy vlan 2074
!
radius-group helpdesk
policy access web
policy role helpdesk
!
radius-user-pool-policy visitante
user Esaf password 0 esaf group Esaf02
user helpdesk password 0 helpdesk group helpdesk
user esaf password 0 esaf group Esaf02
!
radius-server-policy radius-esaf
use radius-user-pool-policy visitante
use radius-group Esaf01
!
dhcp-server-policy DHCP-ESAF
dhcp-pool ESAF-VISITANTES
network 10.195.40.0/22
address range 10.195.40.50 10.195.43.254
lease 0 14 26 40
default-router 10.195.40.1
dns-server 200.198.205.242 161.48.25.38
dhcp-pool ge
network 192.168.0.0/24
address range 192.168.0.100 192.168.0.120
dhcp-pool ESAF
network 10.195.37.0/24
address range 10.195.37.10 10.195.37.254
lease 0 14 26 40
default-router 10.195.37.1
dns-server 200.198.205.242 161.48.25.38
dhcp-pool APS
network 10.195.11.0/24
address range 10.195.11.111 10.195.11.130
default-router 10.195.11.1
dns-server 10.12.1.16
!
!
management-policy default
telnet
no http server
https server
ssh
user admin password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx role superuser access all
user teste password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx role web-user-admin
user helpdesk password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx role helpdesk access web
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 senha00
snmp-server user snmpmanager v3 encrypted des auth md5 0 senha00
t5 snmp-server community public ro 192.168.0.1
t5 snmp-server community private rw 192.168.0.1
idle-session-timeout 300
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
ex3500-qos-class-map-policy default
!
ex3500-qos-policy-map default
!
l2tpv3 policy default
!
profile rfs7000 default-rfs7000
bridge vlan 100
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
ip default-gateway 10.195.40.1
autoinstall configuration
autoinstall firmware
use radius-server-policy radius-esaf
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface me1
interface ge1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk native tagged
switchport trunk allowed vlan 1,100
interface ge2
switchport mode access
switchport access vlan 100
interface ge3
interface ge4
interface vlan1
description Esaf01
interface pppoe1
use dhcp-server-policy DHCP-ESAF
use firewall-policy default
use auto-provisioning-policy aps-7532
use captive-portal server Portal
logging on
service pm sys-restart
router ospf
!
profile ap8533 default-ap8533
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface bluetooth1
shutdown
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
!
profile ap82xx default-ap82xx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
!
profile ap81xx default-ap81xx
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface radio1
interface radio2
interface radio3
interface bluetooth1
shutdown
interface ge1
interface ge2
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
interface wwan1
interface pppoe1
use firewall-policy default
use client-identity-group default
logging on
service pm sys-restart
router ospf
!
profile ap7532 AP-7532
bridge vlan 1
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
bridge vlan 10
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
bridge vlan 100
use captive-portal Portal
ip igmp snooping
ip igmp snooping querier
ipv6 mld snooping
ipv6 mld snooping querier
ip name-server 10.12.1.16
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip default-gateway 10.195.40.1
no autoinstall configuration
no autoinstall firmware
use radius-server-policy radius-esaf
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
wlan ESAF-01 bss 1 primary
wlan ESAFVISITANTES bss 2 primary
wlan ESAFFuncionarios bss 3 primary
interface radio2
wlan ESAF-01 bss 1 primary
wlan ESAFVISITANTES bss 2 primary
wlan ESAFFuncionarios bss 3 primary
interface ge1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk native tagged
switchport trunk allowed vlan 1,11,2074-2075
interface vlan1
interface vlan11
description Gerencia
ip address dhcp
interface vlan2074
description Vlan_rede_visitantes
interface vlan2075
description Vlan_rede_funcionarios
interface pppoe1
use dhcp-server-policy DHCP-ESAF
use firewall-policy default
use captive-portal server Portal
use captive-portal server PortalFuncionario
logging on
controller host 10.195.11.100 pool 1 level 1
service pm sys-restart
router ospf
!
profile ap7532 PROFILE-AP7532
no autoinstall configuration
no autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
interface radio2
interface ge1
interface vlan11
ip address dhcp
interface pppoe1
use firewall-policy default
controller host 10.195.11.100
service pm sys-restart
router ospf
!

rf-domain RF-SERPRO
location ESAF
contact Serpro
timezone America/Sao_Paulo
country-code br
use smart-rf-policy smartrfbasico
controller-managed
!
rfs7000 5C-0E-8B-1A-45-26
use profile default-rfs7000
use rf-domain RF-SERPRO
hostname rfs7000-1A4526
layout-coordinates 3.0 2.5
license AP 65b47071ef2b3f0237c8f5ff63b4589f1cff782846631007ef3878466f287e8a4745e462a14cae5d
ip default-gateway 10.195.11.1
interface me1
ip address dhcp
interface ge1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk native tagged
switchport trunk allowed vlan 1,10-11,2074-2075
interface ge2
switchport mode access
switchport access vlan 11
interface vlan1
ip address 192.168.10.1/24
interface vlan11
description Gerencia
ip address 10.195.11.100/24
interface vlan2074
description wifi_visitantes
ip address 10.195.40.10/22
interface vlan2075
description wifi_funcionarios
ip address 10.195.37.2/24
logging syslog debugging
!
ap7532 74-67-F7-03-26-44
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-032644
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-26-48
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-032648
interface ge1
switchport mode trunk
switchport trunk native vlan 1
switchport trunk native tagged
switchport trunk allowed vlan 1,11,2074-2075
controller host 10.195.11.100 pool 1 level 1
controller vlan 11
!
ap7532 74-67-F7-03-26-9C
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-03269C
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-26-A4
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-0326A4
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-26-B4
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-0326B4
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-28-78
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-032878
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-28-B0
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-0328B0
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-28-D8
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-0328D8
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-37-18
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033718
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-37-1C
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-03371C
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-37-20
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033720
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-37-C0
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-0337C0
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-37-E0
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-0337E0
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-37-E8
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-0337E8
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-38-08
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033808
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-38-34
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033834
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-38-54
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033854
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-38-80
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033880
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-3D-BC
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033DBC
controller host 10.195.11.100 pool 1 level 1
!
ap7532 74-67-F7-03-3E-F0
use profile AP-7532
use rf-domain RF-SERPRO
hostname ap7532-033EF0
interface vlan11
ip address 10.195.11.110/24
controller host 10.195.11.100 pool 1 level 1
!
!
end

AP7532

!
! Configuration of AP7532 version 5.8.4.0-034R
!
!
version 2.5
!
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
!
!
mint-policy global-default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
aaa-policy esaf01_AAA
authentication server 1 onboard controller
authentication server 1 proxy-mode through-controller
authentication server 1 dscp 46
accounting server 1 onboard controller
!
aaa-policy esaffuncionarios
authentication server 1 host 10.10.10.40 secret 0 XXXXXXXXXXXXXXXXXX
authentication server 1 proxy-mode through-controller
accounting server 1 host 10.10.10.40 secret 0 XXXXXXXXXXXXXXXXX
accounting server 1 proxy-mode through-controller
!
dns-whitelist dns_listabranca
permit XXXXXXXXXXXXX suffix
!
captive-portal Portal
access-time 720
inactivity-timeout 21600
server host 10.195.40.10
server mode centralized
simultaneous-users 2000
webpage internal org-name ESAF
webpage internal org-signature ESAF
webpage internal login footer Entre em contato com o administrador caso encontre algum problema.
webpage internal login main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal login org-background-color #ffffff
webpage internal login org-font-color #003300
webpage internal login body-background-color #ffffff
webpage internal welcome main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal welcome title Seja bem vindo
webpage internal fail header O acesso foi negado.
webpage internal fail main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal fail title Falha
webpage internal agreement header Seja bem vindo
webpage internal agreement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal agreement title ESAF
webpage internal acknowledgement main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal registration description Por favor encontre um momento para registrar-se.
webpage internal registration header Bem vindo
webpage internal registration main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal no-service main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
accounting radius
use aaa-policy esaf01_AAA
use dns-whitelist dns_listabranca
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder "youdomain.com"
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
captive-portal PortalFuncionario
access-time 720
inactivity-timeout 21600
server host 10.195.37.2
server mode centralized
simultaneous-users 200
webpage internal org-name ESAF
webpage internal org-signature ESAF
webpage internal login description Conecte-se com nome e senha
webpage internal login footer Conecte-se com nome e senha
webpage internal login header Conecte-se com nome e senha
webpage internal login main-logo XXXXXXXXXXXXX.br/imagens/logoesafidg.jpg
webpage internal login main-logo use-as-banner
accounting radius
use aaa-policy esaffuncionarios
use dns-whitelist dns_listabranca
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder "youdomain.com"
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan ESAF-01
description ESAF-Visitantes
shutdown
ssid ESAF-Visitantes
vlan 2074
bridging-mode local
encryption-type none
authentication-type none
no fast-bss-transition over-ds
use captive-portal Portal
captive-portal-enforcement
ip dhcp trust
!
wlan ESAFFuncionarios
description ESAF-Servidores
ssid ESAF-Funcionarios
vlan 2075
bridging-mode local
encryption-type none
authentication-type none
wireless-client inactivity-timeout 21600
wireless-client cred-cache-ageout 43200
wireless-client vlan-cache-ageout 43200
use aaa-policy esaffuncionarios
use captive-portal PortalFuncionario
captive-portal-enforcement
relay-agent dhcp-option82
!
wlan ESAFVISITANTES
ssid ESAF-Visitantes
vlan 2074
bridging-mode tunnel
encryption-type none
authentication-type none
wireless-client inactivity-timeout 21600
wireless-client cred-cache-ageout 43200
wireless-client vlan-cache-ageout 43200
wing-extensions move-command
wing-extensions scan-assist
wing-extensions ft-over-ds-aggregate
use aaa-policy esaf01_AAA
use captive-portal Portal
captive-portal-enforcement
!
smart-rf-policy smartrfbasico
group-by area
!
radius-group Esaf01
guest
policy vlan 2074
policy ssid ESAF-Visitantes
policy day mo
policy day tu
policy day we
policy day th
policy day fr
policy day sa
policy day su
!
radius-group Esaf02
policy vlan 2074
!
radius-group helpdesk
policy access web
policy role helpdesk
!
radius-user-pool-policy visitante
user Esaf password 0 esaf group Esaf02
user helpdesk password 0 helpdesk group helpdesk
user esaf password 0 esaf group Esaf02
!
radius-server-policy radius-esaf
use radius-user-pool-policy visitante
use radius-group Esaf01
!
dhcp-server-policy DHCP-ESAF
dhcp-pool APS
network 10.195.11.0/24
address range 10.195.11.111 10.195.11.130
default-router 10.195.11.1
dns-server 10.12.1.16
dhcp-pool ge
network 192.168.0.0/24
address range 192.168.0.100 192.168.0.120
dhcp-pool ESAF
network 10.195.37.0/24
address range 10.195.37.10 10.195.37.254
lease 0 14 26 40
default-router 10.195.37.1
dns-server 200.198.205.242 161.48.25.38
dhcp-pool ESAF-VISITANTES
network 10.195.40.0/22
address range 10.195.40.50 10.195.43.254
lease 0 14 26 40
default-router 10.195.40.1
dns-server 200.198.205.242 161.48.25.38
!
!
management-policy default
telnet
no http server
https server
no ftp
ssh
user admin password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX role superuser access all
user teste password 1 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX r

4 replies

Alona wrote:

You have defined vlan 2074 both as local and tunneled - that's not supported. You are creating loops. Local VLANs - bridged at the AP. Tunnel VLANs are going to the controller and switched there.

I will do it and post the result. Thank you!
Userlevel 5
Alona wrote:

You have defined vlan 2074 both as local and tunneled - that's not supported. You are creating loops. Local VLANs - bridged at the AP. Tunnel VLANs are going to the controller and switched there.

You need to make the following change on the guest WLAN to match the inactivity-timeout on the captive portal:

Current Captive Portal config> inactivity-timeout 21600 (in seconds)
What the WLAN requires> wireless-client hold-time 21600 (in seconds)

This should resolve your current issue.
Alona wrote:

You have defined vlan 2074 both as local and tunneled - that's not supported. You are creating loops. Local VLANs - bridged at the AP. Tunnel VLANs are going to the controller and switched there.

Hello Alona,
This is a problem, even if the first wlan is set to SHUTDOWN?
Thank you for the answer.
Userlevel 4
You have defined vlan 2074 both as local and tunneled - that's not supported. You are creating loops. Local VLANs - bridged at the AP. Tunnel VLANs are going to the controller and switched there.

Reply