12-18-2019 01:24 PM
Hello,
I have setup a lab for testing wing (5.9) using RFS4000 and a small AP7612.
I want to enable captive portal with limited life time of a guest user account - X time from when the user first logins.
I have a working captive portal with radius authentication and only the radius accounting is missing or miss-configured i believe..?
What happens now is i can login but the time showing on splash page is not what i set in access duration.
Configuration:
rfs4000-FB6D71#show run device self
!
version 2.6
!
!
client-identity-group default
load default-fingerprints
!
firewall-policy FW-POLICY
no ip dos smurf
no ip dos twinge
no ip dos invalid-protocol
no ip dos router-advt
no ip dos router-solicit
no ip dos option-route
no ip dos ascend
no ip dos chargen
no ip dos fraggle
no ip dos snork
no ip dos ftp-bounce
no ip dos tcp-intercept
no ip dos broadcast-multicast-icmp
no ip dos land
no ip dos tcp-xmas-scan
no ip dos tcp-null-scan
no ip dos winnuke
no ip dos tcp-fin-scan
no ip dos udp-short-hdr
no ip dos tcp-post-syn
no ip dos tcphdrfrag
no ip dos ip-ttl-zero
no ip dos ipspoof
no ip dos tcp-bad-sequence
no ip dos tcp-sequence-past-window
no ip-mac conflict
no ip-mac routing conflict
dhcp-offer-convert
no stateful-packet-inspection-l2
!
!
mint-policy global-default
!
aaa-policy AAA-POLICY
authentication server 1 onboard controller
accounting server 1 onboard controller
accounting type start-interim-stop
accounting interim interval 60
!
captive-portal CAPTIVE-PORTAL-POLICY-GUEST
server host 192.168.2.2
server mode centralized
use aaa-policy AAA-POLICY
bypass captive-portal-detection
webpage internal registration field city type text enable label "City" placeholder "Enter City"
webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
radius-group RADIUS-GROUP-POLICY-GUEST
guest
policy ssid THE-KRAKEN
policy day mo
policy day tu
policy day we
policy day th
policy day fr
policy day sa
policy day su
!
radius-user-pool-policy USER-POOL-GUEST
user a password 0 a group RADIUS-GROUP-POLICY-GUEST guest expiry-time 14:04 expiry-date 12/19/2019 start-time 14:04 start-date 12/17/2019 access-duration 15
!
radius-server-policy RADIUS-SERVER-POLICY
use radius-user-pool-policy USER-POOL-GUEST
chase-referral
!
dhcp-server-policy DHCP
option AP-adoption 191 ascii
dhcp-pool WING-MGMT
network 172.16.7.0/24
address range 172.16.7.10 172.16.7.50
default-router 172.16.7.1
dns-server 8.8.8.8
dhcp-pool WING-CLIENTS
network 192.168.2.0/24
address range 192.168.2.10 192.168.2.50
default-router 192.168.2.1
dns-server 8.8.8.8
!
!
management-policy MANAGEMENT-POLICY
no telnet
http server
https server
rest-server
ssh
user admin password 1 5bb2c75fdb4404c6fd063a3b939f5507bcc66ba75afcbca97150d60e947e3770 role superuser access all
user manager password 1 87e8acd35619b384182b2163e81e51ca3c09cc8e0a7136e90f0597cd82eddec6 role web-user-admin
!
ex3500-management-policy default
snmp-server community public ro
snmp-server community private rw
snmp-server notify-filter 1 remote 127.0.0.1
snmp-server view defaultview 1 included
!
nsight-policy NSIGHT-POLICY
server host 172.16.7.200 https
!
rfs4000 B4-C7-99-FB-6D-71
use rf-domain LABB-NMC
license AP DEFAULT-6AP-LICENSE
license ADSEC DEFAULT-ADV-SEC-LICENSE
country-code se
use nsight-policy NSIGHT-POLICY
no wep-shared-key-auth
no legacy-auto-update ap650
no service wireless ap650 legacy-auto-update-image
no legacy-auto-update ap71xx image
no service wireless ap300 image
service wireless wispe-controller-port 24576
service wireless ap300 flush-ps-packet-timeout 86400
legacy-auto-downgrade
no radius nas-identifier
no radius nas-port-id
no sku-bypass
service wireless rate-scaling-mode histogram
neighbor-info-interval 10
neighbor-inactivity-timeout 30
meshpoint-monitor-interval 30
service rss-timeout 300
no service power-config force-3at
no service power-config 3af-out
service wireless cred-cache-sync never
service wireless cred-cache-sync interval 1200
no service wireless test min-rate
no service wireless test max-rate
service wireless test max-retries 0
service wireless client tx-deauth on-radar-detect
service radius dynamic-authorization additional-port 3799
service global-association-list blacklist-interval 60
no service wireless reconfig-on-rx-stall
service wireless reboot-on-rx-stall
service wireless noise-immunity
no service wireless inter-ap-key
no service wireless qos-map-ignore
otls forward 5GHz disable
otls forward 2.4GHz disable
otls server-ip 0.0.0.0
otls control-port 0
otls data-port 2.4GHz 0
otls data-port 5GHz 0
otls apid 0
ip name-server 8.8.8.8
ip default-gateway 172.16.7.1
ip route 172.16.6.0/24 172.16.7.1
autoinstall configuration
autoinstall firmware
no device-upgrade auto
use radius-server-policy RADIUS-SERVER-POLICY
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto remote-vpn-client
interface up1
switchport mode trunk
switchport trunk allowed vlan 100,102
switchport trunk native vlan 100
interface ge1
switchport mode trunk
switchport trunk allowed vlan 100,102
switchport trunk native vlan 100
interface ge2
interface ge3
interface ge4
interface ge5
interface vlan100
description WING-MGMT
ip address 172.16.7.3/24
dhcp-relay-incoming
interface vlan102
description CLIENTS
ip address 192.168.2.2/24
interface wwan1
interface pppoe1
use management-policy MANAGEMENT-POLICY
use dhcp-server-policy DHCP
use firewall-policy FW-POLICY
use captive-portal server CAPTIVE-PORTAL-POLICY-GUEST
use client-identity-group default
logging on
logging console debugging
logging buffered debugging
logging syslog debugging
enforce-version adoption none
service pm sys-restart
router ospf
router bgp
no upgrade opcode auto
no upgrade opcode path
no upgrade opcode reload
adoption-mode controller
!
I can see guest user info but again it is not working as i expect nor want it with splash screen (portal login) showing far more time left then the set 15 min.
show radius guest-users
TIME (DD:HH:MM:SS) DATA (kilobytes) BANDWIDTH (kbps)
GUEST USER CONFIGURED REMAINING CONFIGURED REMAINING CFGD DN CURR DN CFGD UP CURR UP
a 0:00:15:00 0:00:08:59 unlimited unlimited
Current time: 13:44:01
Any help in this topic is greatly appreciated!
BR,
Cristian
08-05-2021 09:24 AM
I have the same problem. Did you solve it?