How to configure authentication on Ruijie AC eWeb?

Ruijie AC supports the following types of authentication configuration on eWeb:



A. Web Authentication

Web authentication includes ePortal authentication and iPortal authentication based on the location of the authentication server.

1.        ePortal:

When the portal (authentication webpage) is configured on an independent device other than the AC, ePortal authentication is used.

Note: in the 1st generation web authentication, the AC is only responsible for redirection. Authentication packet interaction is implemented between the Portal server and the Radius server. In the 2nd generation web authentication, the AC is responsible for redirection as well as authentication packet interaction with the Portal server and the Radius server. In a VAC scenario, only 2nd generation web authentication is supported.


•        ePortalv1:



When identifying that an STA is offline, the device notifies the portal server that the STA is offline. The server instructs the device to delete user information via SNMP. The portal server displays the offline page to the STA.

Therefore, ePortalv1 authentication requires an SNMP server.


•        ePortalv2:



Note: The AAA Authentication server and Accounting server must be configured so that the ePortalv2 Web authentication function is applied successfully. The authentication server list associates Web authentication requests with the RADIUS server. The device selects the authentication mode and server from the authentication server list. The accounting server is used to associate accounting mode with the server. The accounting function is required to record user information or fees for Web authentication.


2.        iPortal:

When the portal (authentication webpage) is embedded in the AC, iPortal authentication is used.

The authentication page provided by the device is used by default. You can use the default portal page or customize a portal page. The portal page can be partially customized with a custom logo and custom title. You may also upload a fully customized portal page based on the default authentication template.



Note: When One-Click Auth is enabled, the user does not need to enter the username and password, and the user can pass the authentication by clicking the "Login" button on the authentication page. This One-Click Auth function will only take effect when the Auth Page Settings is set to the Default or Partially Custom mode.


Advanced Settings:





•        Redirection HTTP Port:

When detecting that an unauthenticated user is accessing network resources, the device prevents the user from accessing the network resources and displays the portal page to the user. By default, the network device detects whether the user is accessing network resources by intercepting the HTTP message sent by the user with port number 80. After the redirection HTTP port is set, the network device can redirect HTTP requests with the specified port number from users.

•        MAC Authentication Bypass:

MAC-based authentication exemption is generally used to exempt devices such as printers from authentication. Select the Wi-Fi network to which the MAC Authentication Bypass (MAB) is to be applied.

•        Anti-jitter Interval:

Authenticated users do not need to be authenticated again within the anti-jitter interval, to enhance user experience. Specify the anti-jitter Wi-Fi network and time.

•        Escape:

New users are exempted from authentication when the configured portal server is unavailable.

•        Kick Inactive Users Off:

After the online detection function is configured, if the traffic of a user is lower than the threshold within a period of the specified time, the device automatically kicks the user offline to avoid economic loss caused by continuous accounting.

•        Whitelisted Network Resource:

Enter the IP address of the network resource server. All users, including unauthenticated users, can access this IP address. A maximum of 50 entries can be configured.

•        Whitelisted User IP:

Users with whitelisted IP addresses can access the Internet without authentication. A maximum of 50 entries can be configured.

•        Whitelisted MAC:

Users with whitelisted MAC addresses can access the Internet without authentication. A maximum of 50 entries can be configured.

•        Whitelisted URL:

Users can access these URLs without authentication. A maximum of 50 entries can be configured.


B. WiFiDog Authentication

Unauthenticated users can be redirected to the authentication page for authentication.



Click 'More' to add multiple WiFiDog authentication servers.