WeChat is a popular messaging app used in China with more than 500 million installations. WeChat‘s WiFi hotspot solution allows businesses to provide Internet access to their customers. The WiNG captive portal can be configured to incorporate the WeChat WiFi hotspot, so that WeChat users, on their first connect to a WiNG access point, can automatically authenticate with the WeChat server through an intermediate server.
This section provides an example that shows the configurations required to be made on the WiNG portal to enable WeChat Wi-Fi hotspot.
nx9500-6C8809(config)#aaa-policy cloud2
nx9500-6C8809(config-aaa-policy-cloud2)#authentication server 1 host cloud2.synchroweb.com secret 0 firmware
nx9500-6C8809(config-aaa-policy-cloud2)#show context aaa-policy cloud2 authentication server 1 host cloud2.synchroweb.com secret 0 firmware nx9500-6C8809(config-aaa-policy-cloud2)#
Note
Synchroweb is an independent software vendor (ISV), whose third-party software is being used as the intermediate server. The AAA server and RADIUS accounting server configured in AAA policy must be as per the specification provided by the ISV.nx9500-6C8809(config-captive-portal-wxCP)#access-time 10
nx9500-6C8809(config-captive-portal-wxCP)#server host guest.extreme.com
nx9500-6C8809(config-captive-portal-wxCP)#webpage-location external
nx9500-6C8809(config-captive-portal-wxCP)#webpage external login http://cloud2.synchroweb.com/wechat.nx/index.phpc=WING_TAG_CLIENT_MAC
nx9500-6C8809(config-captive-portal-wxCP)#)#show context captive-portal wxCP access-time 10 server host guest.extreme.com webpage-location external webpage external login http://cloud2.synchroweb.com/wechat.nx/index.phpc=WING_TAG_CLIENT_MAC use aaa-policy cloud2 use dns-whitelist wxWL --More-- nx9500-6C8809(config-captive-portal-wxCP)#
Note
The login URL configured here must be as per the specifications provided by the ISV.Note
The access-type remains unchanged (i.e. radius, which is the default setting). The access-time is set to a minimum value (10 minutes in this example) in order to avoid the default value of 24 hours being applied, in case the RADIUS response does not contain the session-timeout attribute.nx9500-6C8809(config)#wlan wxOpen
nx9500-6C8809(config-wlan-wxOpen)#ssid wxOpen
nx9500-6C8809(config-wlan-wxOpen)#vlan 200
nx9500-6C8809(config-wlan-wxOpen)#use captive-portal wxCP
nx9500-6C8809(config-wlan-wxOpen)#captive-portal-enforcement
nx9500-6C8809(config-wlan-wxOpen)#show context wlan wxOpen ssid wxOpen vlan 200 bridging-mode local encryption-type none authentication-type none use captive-portal wxCP captive-portal-enforcement nx9500-6C8809(config-wlan-wxOpen)#
Note
The modes of authentication and encryption remain unchanged (i.e. none, which is the default setting for both parameters). Ensure captive-portal-enforcement is enabled on the WLAN.| AAA Policy | Documents AAA policy configuration mode commands |
| dns-whitelist | Documents DNS whitelist configuration mode commands |
| captive-portal | Documents captive portal configuration mode commands |
| wlan | Documents WLAN configuration mode commands |