HI does anybody knows how to setup captive portal on OS6860 switches,
I've being configuring unsing network guide, the configuration guide i use is this
1. Configure a RADIUS server
aaa radius-server "alu-authserver" host 10.242.254.101 hash-key secret retransmit 3 timeout 2 auth-port 1812 acct-port 1813
2. Create an “aaa” profile
aaa profile “ag-aaa-profile”
aaa profile ag-aaa-profile device-authentication captive-portal “alu-authserver”
aaa profile ag-aaa-profile accounting captive-portal “alu-authserver”
aaa profile ag-aaa-profile captive-portal session-timeout enable …very important to enable session timeout
3. Create the required VLANs
vlan 10 admin-state disable name vlan-block
vlan 30 admin-state enable name vlan-guest
4. Create the policy list for post Captive Portal authentication
policy condition cp-default-C1 source ip Any destination ip Any
policy action cp-default-A1
policy rule cp-default-R1 condition cp-default-C1 action cp-default-A1
policy list cp-default-list type unp
policy list cp-default-list rules cp-default-R1
qos apply
5. Create an edge-profile guest
unp edge-profile guest
6. Map the edge-profile to an appropriate VLAN
unp vlan-mapping edge-profile guest vlan 30
7. Create a default profile
unp edge-profile default-profile
8. Map the default edge-profile to vlan 10
unp vlan-mapping edge-profile default-profile vlan 10
9. Create an edge-template
unp edge-template cp-only-template
10. Set the default profile for the edge-template to “guest” so that the clients can get into vlan 30 first using default edge-profile. Then the policy list can be updated based on Captive Portal authentication.
unp edge-template cp-only-template default-edge-profile guest
11. Assign the edge-template to a port
unp port 1/1/2 edge-template cp-only-template
12. Create Captive Portal profile
captive-portal-profile cp-profile
captive-portal-profile cp-profile aaa-profile ag-aaa-profile
13. Add Captive Portal authentication pass policy list, the success url. Captive Portal IP address by default is set to 10.123.0.1
captive-portal-profile cp-profile mode internal /*NOTE: this is the only mode supported in 8.1.1*/
captive-portal-profile cp-profile authentication pass policy-list cp-default-list
captive-portal-profile cp-profile success-redirect-url http://test-cp.com/success.html
14. Enable edge-profile with Captive Portal and assign the Captive Portal profile
unp edge-profile guest captive-portal-authentication enable
unp edge-profile guest captive-portal-profile cp-profile
but after configurating the switch with this steps nothing happend...
any ideas
captive portal configuration
-
jmcastellanos
- Member
- Posts: 15
- Joined: 10 Apr 2012 11:15
Re: captive portal configuration
Hi let me tell you how I solved this problem
first i configured the switch like this
vlan 99 admin-state enable
vlan 99 name "guest"
aaa radius-server "authserver" host 192.168.1.4 hash-key e47ac0f11e9fa869 retransmit 3 timeout 2 auth-port 1812 acct-port 1813
aaa authentication console "local"
aaa profile "aaaprof1"
aaa profile "aaaprof1" device-authentication 802.1x "authserver"
aaa profile "aaaprof1" accounting 802.1x "authserver"
aaa profile "aaaprof1" 802.1x re-authentication enable
aaa profile "aaaprof1" 802.1x re-authentication trust-radius enable
aaa profile "aaaprof1" device-authentication captive-portal "authserver"
aaa profile "aaaprof1" accounting captive-portal "authserver"
aaa profile "aaaprof1" captive-portal session-timeout enable
policy condition cp-default-C1 source ip Any destination ip Any
policy action cp-default-A1
policy rule cp-default-R1 condition cp-default-C1 action cp-default-A1
policy list cp-default-list type unp
policy list cp-default-list rules cp-default-R1
qos apply
unp edge-profile guest
unp edge-profile guest captive-portal-authentication enable
unp edge-profile guest captive-portal-profile captiveprof
unp vlan-mapping edge-profile guest vlan 99
unp edge-template template1
unp edge-template template1 802.1x-authentication enable
unp edge-template template1 classification enable
unp edge-template template1 default-edge-profile guest
unp edge-template template1 aaa-profile aaaprof1
unp port 1/1/1-20 port-type edge
unp port 1/1/1-20 edge-template template1
captive-portal authentication-pass policy-list cp-default-list
captive-portal authentication-pass realm prefix domain alcatel policy-list cp-default-list
captive-portal-profile captiveprof
captive-portal-profile captiveprof aaa-profile aaaprof1
second you have to configure a DHCP on a server because the OS 8 doesn't have this option.
third you have to configure your DNS to resolve this address "captive-portal.com" to the ip 10.123.0.1
and then when you connect to the switch your computer ir set to vlan 99 and you have to open your browser and try to access the url http://captive-portal.com after that you have to enter your user and pass and wait for autentication.
you can check that using this command
show unp user
User Learning
Port Username Mac address IP Vlan Profile Type Status Source
------+--------------------+-----------------+---------------+----+--------------------------------+---------+-----------+-----------
1/1/1 a0:2b:b8:46:67:23 a0:2b:b8:46:67:23 172.16.99.12 99 guest Edge Active Local
and when you autenticate its shows you the username that you use.
hope this can help others.
first i configured the switch like this
vlan 99 admin-state enable
vlan 99 name "guest"
aaa radius-server "authserver" host 192.168.1.4 hash-key e47ac0f11e9fa869 retransmit 3 timeout 2 auth-port 1812 acct-port 1813
aaa authentication console "local"
aaa profile "aaaprof1"
aaa profile "aaaprof1" device-authentication 802.1x "authserver"
aaa profile "aaaprof1" accounting 802.1x "authserver"
aaa profile "aaaprof1" 802.1x re-authentication enable
aaa profile "aaaprof1" 802.1x re-authentication trust-radius enable
aaa profile "aaaprof1" device-authentication captive-portal "authserver"
aaa profile "aaaprof1" accounting captive-portal "authserver"
aaa profile "aaaprof1" captive-portal session-timeout enable
policy condition cp-default-C1 source ip Any destination ip Any
policy action cp-default-A1
policy rule cp-default-R1 condition cp-default-C1 action cp-default-A1
policy list cp-default-list type unp
policy list cp-default-list rules cp-default-R1
qos apply
unp edge-profile guest
unp edge-profile guest captive-portal-authentication enable
unp edge-profile guest captive-portal-profile captiveprof
unp vlan-mapping edge-profile guest vlan 99
unp edge-template template1
unp edge-template template1 802.1x-authentication enable
unp edge-template template1 classification enable
unp edge-template template1 default-edge-profile guest
unp edge-template template1 aaa-profile aaaprof1
unp port 1/1/1-20 port-type edge
unp port 1/1/1-20 edge-template template1
captive-portal authentication-pass policy-list cp-default-list
captive-portal authentication-pass realm prefix domain alcatel policy-list cp-default-list
captive-portal-profile captiveprof
captive-portal-profile captiveprof aaa-profile aaaprof1
second you have to configure a DHCP on a server because the OS 8 doesn't have this option.
third you have to configure your DNS to resolve this address "captive-portal.com" to the ip 10.123.0.1
and then when you connect to the switch your computer ir set to vlan 99 and you have to open your browser and try to access the url http://captive-portal.com after that you have to enter your user and pass and wait for autentication.
you can check that using this command
show unp user
User Learning
Port Username Mac address IP Vlan Profile Type Status Source
------+--------------------+-----------------+---------------+----+--------------------------------+---------+-----------+-----------
1/1/1 a0:2b:b8:46:67:23 a0:2b:b8:46:67:23 172.16.99.12 99 guest Edge Active Local
and when you autenticate its shows you the username that you use.
hope this can help others.
-
narayanan88
- Member
- Posts: 1
- Joined: 22 May 2019 03:35
Re: captive portal configuration
For captive portal internal DHCP.
I got ip from captive portal, but http / captive portal login page does nt appear in PC which I have connected.
OS6860_VC2-> sh unp user details
Port: 1/1/22
MAC-Address: e4:11:5b:28:bb:a3
SAP = -,
Service ID = 0,
VNID = 0 ( 0. 0. 0),
VPNID = 0 ( 0. 0. 0),
ISID = 0,
Access Timestamp = 05/21/2019 10:42:22,
User Name = e4:11:5b:28:bb:a3,
IP-Address = 10.123.0.2,
Vlan = 10,
Authentication Type = Mac,
Authentication Status = Authenticated,
Authentication Failure Reason = -,
Authentication Retry Count = 0,
Authentication Server IP Used = 135.254.171.141,
Authentication Server Used = rad1,
Server Reply-Message = -,
Profile = test123,
Profile Source = Auth - Pass - Server UNP,
Profile From Auth Server = test123,
Session Timeout = 0,
Classification Profile Rule = -,
Role = built-in,
Role Source = Initial CP,
User Role Rule = -,
Restricted Access = No,
Location Policy Status = -,
Time Policy Status = -,
QMR Status = Passed,
Redirect Url = -,
SIP Call Type = Not in a call,
SIP Media Type = None,
Applications = None,
Encap Value = -
Total users : 1
Do I need to customise anything in my PC ?
I got ip from captive portal, but http / captive portal login page does nt appear in PC which I have connected.
OS6860_VC2-> sh unp user details
Port: 1/1/22
MAC-Address: e4:11:5b:28:bb:a3
SAP = -,
Service ID = 0,
VNID = 0 ( 0. 0. 0),
VPNID = 0 ( 0. 0. 0),
ISID = 0,
Access Timestamp = 05/21/2019 10:42:22,
User Name = e4:11:5b:28:bb:a3,
IP-Address = 10.123.0.2,
Vlan = 10,
Authentication Type = Mac,
Authentication Status = Authenticated,
Authentication Failure Reason = -,
Authentication Retry Count = 0,
Authentication Server IP Used = 135.254.171.141,
Authentication Server Used = rad1,
Server Reply-Message = -,
Profile = test123,
Profile Source = Auth - Pass - Server UNP,
Profile From Auth Server = test123,
Session Timeout = 0,
Classification Profile Rule = -,
Role = built-in,
Role Source = Initial CP,
User Role Rule = -,
Restricted Access = No,
Location Policy Status = -,
Time Policy Status = -,
QMR Status = Passed,
Redirect Url = -,
SIP Call Type = Not in a call,
SIP Media Type = None,
Applications = None,
Encap Value = -
Total users : 1
Do I need to customise anything in my PC ?
