Ruijie Community

Title: How do I configure the local authentication account to not ask for re-authentication when leaving ? [Print this page]

Author: pminhduc90@gmai Time: 2023-2-12 18:19
Title: How do I configure the local authentication account to not ask for re-authentication when leaving ?
Can you guide me how to configure with Gateway EG-3230 & AP system RAP-2260, RAP-1200(P) so that the local account for employees after authenticated access will still be maintained when leaving the workplace job.

Currently, after logging in to work in the morning, taking a lunch break, I will stay at another place and start working again in the afternoon, the system requires login to verify the account again to access the internet. find it very time consuming.
So please let me know if there is a way to set if a device is not accessible after a certain period of time (e.g. 5 days) to force access to authenticate the account again. Thank you and look forward to receiving your support.

Author: GTAC-Steve Time: 2023-2-13 10:49
Dear sir.

You can refer this link:https://community.ruijienetworks.com/forum.php?mod=viewthread&tid=1923&extra=page%3D1

Best regards,
Steve

Author: pminhduc90@gmai Time: 2023-2-13 12:30

Steve replied at 2023-2-13 10:49
Dear sir.

You can refer this link:https://community.ruijienetworks.com/forum.php?mod=viewthread&tid ...

Thank you. You can ask yourself, because this local authentication SSID is used by about 200 employees. And the staff will use the same username and password to access, what is the value they need to stay on the mac.
I tried configuring the settings, but I don't know if it'ssuitable, the system gives an error of configuration failure. Hope you help me.

Author: GTAC-Steve Time: 2023-2-13 14:29

Đức Phạm replied at 2023-2-13 12:30
Thank you. You can ask yourself, because this local authentication SSID is used by about 200 empl ...

Dear sir,

You can configure more accounts, because MAC Address Limit
is the limitation of EG. For the reason about configuration failure is display problem, but it has actually taken effect. You can check it. R&D is dealing with this problem, and the new version will solve the display problem. Sorry for the inconvenience.

Best regards,

Steve

Author: pminhduc90@gmai Time: 2023-2-13 16:28
Edited by Đức Phạm at 2023-2-13 17:02

Steve replied at 2023-2-13 14:29
Dear sir,

You can configure more accounts, because MAC Address Limit

Thank you. So I just need to create more user accounts (eg staff_1, staff_2....) each user account will give a mac value of 30 how to have enough employees of the agency?
One last question I want to ask you to help me answer, in the local auth section as shown, I have two policies: one for customers that will integrate authentication via the portal cloud and one for employees who will use the local server.

So if I apply MAC address limit in advanced settings, will it take effect on running local auth template policy or will it affect both cloud & local portal types?
Sincerely thanks !!!

Author: GTAC-Steve Time: 2023-2-13 18:28

Đức Phạm replied at 2023-2-13 16:28
Steve replied at 2023-2-13 14:29
Dear sir,

Dear sir,
MAC address limit in advanced settings will only take effect on running local auth,integrate authentication via the portal cloud is configurated by cloud as follows:

Best regards,
Steve

Author: pminhduc90@gmai Time: 2023-2-14 13:24

Steve replied at 2023-2-13 18:28
Dear sir,
MAC address limit in advanced settings will only take effect on running local auth,inte ...

Hi, from what you said, I am currently creating the wrong user account between the portal cloud and the local server. I have attached 2 pictures 1 cloud and 1 local.

Can you help me see if I have to add a user as root in user local as "admin & staff" and set the ip range that I give internally as such.

Thank you very much!!!

Author: GTAC-Steve Time: 2023-2-14 13:31

Đức Phạm replied at 2023-2-14 13:24
Hi, from what you said, I am currently creating the wrong user account between the portal cloud a ...

Dear sir,
For the local authentication, you need to set the user name and password, but do not need to set the IP range.
Best regards,
Steve

Author: pminhduc90@gmai Time: 2023-2-14 15:11
Edited by Đức Phạm at 2023-2-14 15:12

Steve replied at 2023-2-14 13:31
Dear sir,
For the local authentication, you need to set the user name and password, but do not n ...

So I will add the user in the local user section. Go to the root folder right? And create multiple users in the staff tree eg staff_1, staff_2...

Author: GTAC-Steve Time: 2023-2-14 16:17

Đức Phạm replied at 2023-2-14 15:11
Steve replied at 2023-2-14 13:31
Dear sir,
For the local authentication, you need to set the user ...

Dear sir,

You can create multiple users
in the root directly as follows:

Author: pminhduc90@gmai Time: 2023-2-15 16:14

Steve replied at 2023-2-14 16:17
Dear sir,

You can create multiple users

Thanks Steve, I have successfully configured local authentication and am no longer asked to sign in again. But there is a problem that the bandwidth limit that I set for the employee's internal network of 200mbps per ip is not running correctly anymore, but the bandwidth is running at maximum.

I am using 3 wan lines: two 1Gpbs lines and one 200Mbps line of two different carriers. Sincerely thanks !!!

Author: GTAC-Steve Time: 2023-2-15 18:10

Đức Phạm replied at 2023-2-15 16:14
Thanks Steve, I have successfully configured local authentication and am no longer asked to sign i ...

Dear sir,

Could you please configure it refer this link:https://community.ruijienetworks.com/forum.php?mod=viewthread&tid=3611&extra=page%3D1
If you apply the speed limit to authenticated users, you should note the following configuration:

Best regards,

Steve

Author: pminhduc90@gmai Time: 2023-2-16 11:06

Steve replied at 2023-2-15 18:10
Dear sir,

Could you please configure it refer this link:https://community.ruijienetworks.com/foru ...

Dear Steve,
I want to ask what if my system wants to limit the bandwidth in the local authentication server like the picture.

In VLAN2 I have an SSID of "Wifi Noi Bo" to use local authentication as I asked you the other day and will be ip range 10.100.20.1-10.100.21.254, I will give the employee account as "Noibo1 - Noibo8" the bandwidth per ip is 200 Mbps, and my admin account will not limit the bandwidth.

So how do I configure it properly, above is a picture of some configurations that I have installed on the office template in the smart flow control section, but the network speed of the employee account is not correct at the speed I have limited.

Because if I configure like the tutorial, it will work with the ip range that I only have one type of account. Please help me add this part. Thank you so much!

Author: GTAC-Steve Time: 2023-2-16 13:36

Đức Phạm replied at 2023-2-16 11:06
Dear Steve,
I want to ask what if my system wants to limit the bandwidth in the local authenticati ...

Dear sir,

You can create a new group under root which use for authen and flow control
, then create accounts in the new group, and then apply this group to the policy.

Best regards,

Steve

Author: pminhduc90@gmai Time: 2023-2-16 16:48
Edited by Đức Phạm at 2023-2-16 17:05

Steve replied at 2023-2-16 13:36
Dear sir,

You can create a new group under root which use for authen and flow control

Thanks Steve, so I just need to create one more group as root and move the created users into that new group right?
So what about the ip range I give to all 8 employee accounts, how will I declare it, or do I have to redistribute the ip for each account?
Could you please let me know if I can use the office template instead of the expert template.

Author: GTAC-Steve Time: 2023-2-16 17:07

Đức Phạm replied at 2023-2-16 16:48
Thanks Steve, so I just need to create another group as root and move the created users into that ...

Dear sir,
Yes, sir. If you want to limit the bandwidth in the local authentication for some client ,
you need creat group for the client under root group as follows:

Then you can then add this group to the flow control.

Could you please let me know if I can use the office template instead of the expert template.------->May I know your mean is that change it on cloud? Could you please send me the screenshot about this?

Best regards,

Steve

Author: pminhduc90@gmai Time: 2023-2-17 13:46
Edited by Đức Phạm at 2023-2-17 16:05

Steve replied at 2023-2-16 17:07
Dear sir,
Yes, sir. If you want to limit the bandwidth in the local authentication for some client ...

Dear Steve,
This is my entire configuration process, you can take a look at the scenario and help me get the most out of it. I divided 4 VLAN networks, in which VLAN 1 is a wired connection between devices as shown in the topology shown in the image below.

1) VLAN 2 I will have ip range from 10.110.20.1 - 10.100.21.254 to use for staff and administrators with only one SSID, authenticated by local server template. In which the admin will have full rights and no speed limit, my staff will limit the speed to 200 Mbps per ip, and use the account "Noibo_1 to Noibo_8" to log in for the first time to maintain the connection without asking log in again, if there is no connection in 7 days, then on the 8th day, it will ask to log in again.
This is the main problem that I am still struggling with because the employee account is not running according to the bandwidth that I have limited.
Configure policies for 2 user groups: customers and staff.

Create accounts for employees, because in advanced settings the limit by mac address is 30, so I have to create 8 usernames.

I use the office template here, and this article is on the expert template.
https://community.ruijienetworks.com/forum.php?mod=viewthread&tid=3611&extra=page%3D1

Configure flow control policy by user account. Select user under root, set limit bandwidth.

2) I also have another problem that when using the wifi network, it often says busy or overloaded on broadcast channels. Even though I have auto optimized, it still happens on half of all APs. So how can I tweak it so that this error doesn't happen again. Can you guide me?

3) In addition, I would like to send you a reference through the configuration section on the cloud account for the customer that I have set up.
VLAN 3 I use to test the features, so I don't use it now. VLAN 4 I will have 1 SSID for customers with 2 ways to access authentication via the capitive portal template available on the cloud that I have synced:
- Visitors will have free one-click access with a speed limit of 6 Mbps per ip and 10 minutes will automatically log out of the network.
- Guests using my service will have an account and access password provided by the reception. The speed limit is 200 Mbps.

Account for customer

Synchronize the captive portal from the cloud and run authentication in the local system to limit the download when having to load data from the cloud at the login authentication step.

Config limit bandwidth one click access & account customer

Configure flow control policy by user account customer & one click access. Select Oneclickuser &
group cloud account under root. Set limit bandwidth

Above is the entire configuration for the user group that I have installed. Please help me see if this is correct for the scenarios I need.

Thanks for support. Best regard !

Author: GTAC-Steve Time: 2023-2-17 18:19

Đức Phạm replied at 2023-2-17 13:46
Steve replied at 2023-2-16 17:07
Dear sir,
Yes, sir. If you want to limit the bandwidth in the local ...

Dear sir,
May I know what is the speed you are testing for users who need the speed limit. Btw, 200Mbps per user is a lot of speed.

For the captive portal on cloud, you need configure on cloud as follows:

Because account and password needs to be synchronized from the cloud.

Best regards,
Steve

Author: pminhduc90@gmai Time: 2023-2-18 16:00

Steve replied at 2023-2-17 18:19
Dear sir,
May I know what is the speed you are testing for users who need the speed limit. Btw, 20 ...

Dear Steve,
I already have a pool and a speed limit in the cloud. What I still have problems with is in VLAN 2, for staff and admin accounts. The admin account has no speed limit and the employee limits the speed to 200 Mbps per ip, but it doesn't run as the policy I have set.

Thank you !!!

Author: GTAC-Sophia Time: 2023-2-20 10:33

Steve replied at 2023-2-13 10:49
Dear sir.

You can refer this link:https://community.ruijienetworks.com/forum.php?mod=viewthread&tid ...

good！

Author: GTAC-Sophia Time: 2023-2-20 10:33

Steve replied at 2023-2-13 10:49
Dear sir.

You can refer this link:https://community.ruijienetworks.com/forum.php?mod=viewthread&tid ...

good！

Author: GTAC-Sophia Time: 2023-2-20 11:44

Đức Phạm replied at 2023-2-18 16:00
Dear Steve,
I already have a pool and a speed limit in the cloud. What I still have problems with ...

Dear sir,
Your problem now is that only local authentication does not meet the requirements, right?
You can configure it as follows:
1.Creat different user groups for staff and administrators

2.Add authentication accounts to different groups

3. Speed limits for staff

4.Enable local authentication, select the IP address range to be authenticated

Btw, you can set the speed limit of Staff to 2M to do a test, since the effect is more obvious.

Best regards,
Sophia

Author: pminhduc90@gmai Time: 2023-2-20 17:20
Edited by Đức Phạm at 2023-2-20 17:37

GTAC-Sophia replied at 2023-2-20 11:44
Dear sir,
Your problem now is that only local authentication does not meet the requirements, right ...

Dear Sophia
If I set the staff speed limit to 2M for testing, will the bandwidth of 1 staff network ip load be 2 Mbps every second? If so, I just need to adjust the speed limit at Max Downlink/Upload Per IP: 102,400 Kbps equivalent to 100 Mbps is very fast, right? Mainly I want to prevent users from using large data packets in the public network.
Thank you !

Author: GTAC-Steve Time: 2023-2-21 16:33

Đức Phạm replied at 2023-2-20 17:20
GTAC-Sophia replied at 2023-2-20 11:44
Dear sir,
Your problem now is that only local authentication ...

Dear sir,

You are right. If you want to prevent users from using large data packets in the public network, you should reduce the speed since 100Mbps is fast.

Best regards,

Steve

Author: pminhduc90@gmai Time: 2023-2-22 13:11

Steve replied at 2023-2-21 16:33
Dear sir,

You are right. If you want to prevent users from using large data packets in the public ...

Hi Sophia,
If I want users to be able to watch youtube videos in full hd quality, how much should I set the speed limit for each ip?
Thank you !

Author: GTAC-Steve Time: 2023-2-22 14:43

Đức Phạm replied at 2023-2-22 13:11
Hi Sophia,
If I want users to be able to watch youtube videos in full hd quality, how much should ...

Hi bro,
Normally, you can set it to 2Mbps.

Welcome to Ruijie Community (https://community.ruijienetworks.com/)