Wing Captive Portal with radius accounting (Access Duration)

cristiannilsson — Wed, 18 Dec 2019 21:24:35 GMT

Hello,

I have setup a lab for testing wing (5.9) using RFS4000 and a small AP7612.

I want to enable captive portal with limited life time of a guest user account - X time from when the user first logins.

I have a working captive portal with radius authentication and only the radius accounting is missing or miss-configured i believe..?

What happens now is i can login but the time showing on splash page is not what i set in access duration.

Configuration:

rfs4000-FB6D71#show run device self 
!
version 2.6
!
!
client-identity-group default
 load default-fingerprints
!
firewall-policy FW-POLICY
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no ip-mac conflict
 no ip-mac routing conflict
 dhcp-offer-convert
 no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
aaa-policy AAA-POLICY
 authentication server 1 onboard controller
 accounting server 1 onboard controller
 accounting type start-interim-stop
 accounting interim interval 60
! 
captive-portal CAPTIVE-PORTAL-POLICY-GUEST
 server host 192.168.2.2
 server mode centralized
 use aaa-policy AAA-POLICY
 bypass captive-portal-detection
 webpage internal registration field city type text enable label "City" placeholder "Enter City"
 webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
 webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
 webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
 webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
 webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
 webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
 webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
 webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
radius-group RADIUS-GROUP-POLICY-GUEST
 guest
 policy ssid THE-KRAKEN
 policy day mo
 policy day tu
 policy day we
 policy day th
 policy day fr
 policy day sa
 policy day su
!
radius-user-pool-policy USER-POOL-GUEST
 user a password 0 a group RADIUS-GROUP-POLICY-GUEST guest expiry-time 14:04 expiry-date 12/19/2019 start-time 14:04 start-date 12/17/2019 access-duration 15
!
radius-server-policy RADIUS-SERVER-POLICY
 use radius-user-pool-policy USER-POOL-GUEST
 chase-referral
!
dhcp-server-policy DHCP
 option AP-adoption 191 ascii
 dhcp-pool WING-MGMT
 network 172.16.7.0/24
 address range 172.16.7.10 172.16.7.50 
 default-router 172.16.7.1
 dns-server 8.8.8.8
 dhcp-pool WING-CLIENTS
 network 192.168.2.0/24
 address range 192.168.2.10 192.168.2.50 
 default-router 192.168.2.1
 dns-server 8.8.8.8
!
!
management-policy MANAGEMENT-POLICY
 no telnet
 http server
 https server
 rest-server
 ssh
 user admin password 1 5bb2c75fdb4404c6fd063a3b939f5507bcc66ba75afcbca97150d60e947e3770 role superuser access all
 user manager password 1 87e8acd35619b384182b2163e81e51ca3c09cc8e0a7136e90f0597cd82eddec6 role web-user-admin 
!
ex3500-management-policy default
 snmp-server community public ro
 snmp-server community private rw
 snmp-server notify-filter 1 remote 127.0.0.1
 snmp-server view defaultview 1 included
!
nsight-policy NSIGHT-POLICY
 server host 172.16.7.200 https
!
rfs4000 B4-C7-99-FB-6D-71
 use rf-domain LABB-NMC
 license AP DEFAULT-6AP-LICENSE
 license ADSEC DEFAULT-ADV-SEC-LICENSE
 country-code se
 use nsight-policy NSIGHT-POLICY
 no wep-shared-key-auth
 no legacy-auto-update ap650
 no service wireless ap650 legacy-auto-update-image
 no legacy-auto-update ap71xx image
 no service wireless ap300 image
 service wireless wispe-controller-port 24576
 service wireless ap300 flush-ps-packet-timeout 86400
 legacy-auto-downgrade
 no radius nas-identifier
 no radius nas-port-id
 no sku-bypass
 service wireless rate-scaling-mode histogram
 neighbor-info-interval 10
 neighbor-inactivity-timeout 30
 meshpoint-monitor-interval 30
 service rss-timeout 300
 no service power-config force-3at
 no service power-config 3af-out
 service wireless cred-cache-sync never
 service wireless cred-cache-sync interval 1200
 no service wireless test min-rate
 no service wireless test max-rate
 service wireless test max-retries 0
 service wireless client tx-deauth on-radar-detect
 service radius dynamic-authorization additional-port 3799
 service global-association-list blacklist-interval 60
 no service wireless reconfig-on-rx-stall
 service wireless reboot-on-rx-stall
 service wireless noise-immunity
 no service wireless inter-ap-key
 no service wireless qos-map-ignore
 otls forward 5GHz disable
 otls forward 2.4GHz disable
 otls server-ip 0.0.0.0
 otls control-port 0
 otls data-port 2.4GHz 0
 otls data-port 5GHz 0
 otls apid 0
 ip name-server 8.8.8.8
 ip default-gateway 172.16.7.1
 ip route 172.16.6.0/24 172.16.7.1
 autoinstall configuration
 autoinstall firmware
 no device-upgrade auto
 use radius-server-policy RADIUS-SERVER-POLICY
 crypto ikev1 policy ikev1-default 
 isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ikev2 policy ikev2-default 
 isakmp-proposal default encryption aes-256 group 2 hash sha 
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto remote-vpn-client
 interface up1
 switchport mode trunk
 switchport trunk allowed vlan 100,102
 switchport trunk native vlan 100
 interface ge1
 switchport mode trunk
 switchport trunk allowed vlan 100,102
 switchport trunk native vlan 100
 interface ge2
 interface ge3
 interface ge4
 interface ge5
 interface vlan100
 description WING-MGMT
 ip address 172.16.7.3/24
 dhcp-relay-incoming
 interface vlan102
 description CLIENTS
 ip address 192.168.2.2/24
 interface wwan1
 interface pppoe1
 use management-policy MANAGEMENT-POLICY
 use dhcp-server-policy DHCP
 use firewall-policy FW-POLICY
 use captive-portal server CAPTIVE-PORTAL-POLICY-GUEST
 use client-identity-group default
 logging on
 logging console debugging
 logging buffered debugging
 logging syslog debugging
 enforce-version adoption none
 service pm sys-restart
 router ospf
 router bgp
 no upgrade opcode auto
 no upgrade opcode path 
 no upgrade opcode reload
 adoption-mode controller
!

I can see guest user info but again it is not working as i expect nor want it with splash screen (portal login) showing far more time left then the set 15 min.

show radius guest-users 
 TIME (DD:HH:MM:SS) DATA (kilobytes) BANDWIDTH (kbps) 
GUEST USER CONFIGURED REMAINING CONFIGURED REMAINING CFGD DN CURR DN CFGD UP CURR UP
a 0:00:15:00 0:00:08:59 unlimited unlimited
Current time: 13:44:01

Any help in this topic is greatly appreciated!

BR,

Cristian

Re: Wing Captive Portal with radius accounting (Access Duration)

a_socias — Thu, 05 Aug 2021 16:24:02 GMT

I have the same problem. Did you solve it?

topic Re: Wing Captive Portal with radius accounting (Access Duration) in ExtremeWireless (WiNG)

Wing Captive Portal with radius accounting (Access Duration)

Re: Wing Captive Portal with radius accounting (Access Duration)