zywall atp100w - external captive + radius

smoke88888888
smoke88888888 Posts: 5  Freshman Member
First Comment Friend Collector
edited February 27 in Security

Hi all.

I really need help from the community on setting up zywall atp100w. I read a lot of information on setting up, but I still couldn’t set it up correctly.

Task: I have an atp100w router on which an open wifi network is configured on LAN1. Internet access is configured via WAN. NAT is configured. Wifi users access the Internet without any problems.

Now I need to redirect all LAN1 users when connecting to the external Captive Portal, where users enter their login and password and click the Login button.

After this, a redirect to the atp100w router of the following type is triggered: http://192.0.2.1/?username=user1&password=pass1&mp_idx=1739964423039729&original_url=www.com.

Next, atp100w must contact RADIUS with these credentials.

This is a common interaction algorithm that works well on other devices, but I can’t configure it on the zywall atp100w.

Please help!

All Replies

  • smoke88888888
    smoke88888888 Posts: 5  Freshman Member
    First Comment Friend Collector
    edited March 4

    Well, I did it! Everything that I described in the task above was possible to implement using the RADIUS and Web-authentication settings.

    However, one problem remains unresolved. After entering the credentials on the captive portal, the user is redirected to ATP100W at:

    http://192.0.2.1/?username=user1&password=pass1&mp_idx=1739964423039729&original_url=www.com

    ATP100W contacts the RADIUS server and receives permission to allow the user to access the Internet.

    It was expected that at this point the user would be redirected to the "original_url" address. But this does not happen. If anyone can suggest the cause of the problem, I would be very grateful!

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,019  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @smoke88888888 ,

    It was expected that at this point the user would be redirected to the "original_url" address. But this does not happen.

    Could you share more detail about "original_url" address? Do you mean "captive portal URL" or something else?

  • smoke88888888
    smoke88888888 Posts: 5  Freshman Member
    First Comment Friend Collector

    Hi @Zyxel_Judy,

    This is the address to which the user should be redirected after authorization on the RADIUS. I attached a diagram of the interaction between the user, RADIUS and the captive portal via Cisco.

    In this diagram, I highlighted the receipt of an http OK message from the captive portal with a redirect to the controller, which should contain a parameter transmitting the URL of the site to redirect the user after authorization. At the bottom of the diagram, I also added a line indicating the redirection of the user to the site after authorization.

    In order for Cisco to correctly redirect the user to a website on the Internet, the captive portal must send the user the following URL GET request:

    http://1.1.1.1/login.html?username=9999999&password=11111&buttonClicked=4&redirect_url=google.com

    and the WLC Cisco after authorization will redirect the user to Google.
    I would like to implement the same on Zyxel ATP100w

  • Zyxel_Judy
    Zyxel_Judy Posts: 2,019  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security Zyxel Certified Network Engineer Level 1 - Nebula

    Hi @smoke88888888 ,

    Regrettably, we do not support this feature currently and have no plans to add it.