zywall atp100w - external captive + radius




Hi all.
I really need help from the community on setting up zywall atp100w. I read a lot of information on setting up, but I still couldn’t set it up correctly.
Task: I have an atp100w router on which an open wifi network is configured on LAN1. Internet access is configured via WAN. NAT is configured. Wifi users access the Internet without any problems.
Now I need to redirect all LAN1 users when connecting to the external Captive Portal, where users enter their login and password and click the Login button.
After this, a redirect to the atp100w router of the following type is triggered: http://192.0.2.1/?username=user1&password=pass1&mp_idx=1739964423039729&original_url=www.com.
Next, atp100w must contact RADIUS with these credentials.
This is a common interaction algorithm that works well on other devices, but I can’t configure it on the zywall atp100w.
Please help!
All Replies
-
Well, I did it! Everything that I described in the task above was possible to implement using the RADIUS and Web-authentication settings.
However, one problem remains unresolved. After entering the credentials on the captive portal, the user is redirected to ATP100W at:
http://192.0.2.1/?username=user1&password=pass1&mp_idx=1739964423039729&original_url=www.com
ATP100W contacts the RADIUS server and receives permission to allow the user to access the Internet.
It was expected that at this point the user would be redirected to the "original_url" address. But this does not happen. If anyone can suggest the cause of the problem, I would be very grateful!
0 -
Hi @smoke88888888 ,
It was expected that at this point the user would be redirected to the "original_url" address. But this does not happen.
Could you share more detail about "original_url" address? Do you mean "captive portal URL" or something else?
0 -
Hi @Zyxel_Judy,
This is the address to which the user should be redirected after authorization on the RADIUS. I attached a diagram of the interaction between the user, RADIUS and the captive portal via Cisco.
In this diagram, I highlighted the receipt of an http OK message from the captive portal with a redirect to the controller, which should contain a parameter transmitting the URL of the site to redirect the user after authorization. At the bottom of the diagram, I also added a line indicating the redirection of the user to the site after authorization.
In order for Cisco to correctly redirect the user to a website on the Internet, the captive portal must send the user the following URL GET request:
http://1.1.1.1/login.html?username=9999999&password=11111&buttonClicked=4&redirect_url=google.com
and the WLC Cisco after authorization will redirect the user to Google.
I would like to implement the same on Zyxel ATP100w0 -
Hi @smoke88888888 ,
Regrettably, we do not support this feature currently and have no plans to add it.
0
Categories
- All Categories
- 417 Beta Program
- 2.5K Nebula
- 160 Nebula Ideas
- 108 Nebula Status and Incidents
- 5.9K Security
- 331 USG FLEX H Series
- 286 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 259 Service & License
- 402 News and Release
- 86 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.8K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 80 Security Highlight