Portal Direct Authentication Configuration Example - Huawei Quidway S3500 Series Operation Manual

Operation Manual - Security
Quidway S3500 Series Ethernet Switches
Enable
authentication on VLAN
interface
Display
configuration information
and counting information
Clear
information
Caution:
When configuring Portal servers for the first time, you must configure their IP
addresses.
If a Portal server is enabled on a VLAN interface, you can modify the parameters for
the Portal server until you cancel this Portal server.
When Portal authentication is enabled, the 802.1x protocol needs to be disabled
globally.
The name of the specified Portal server must exist.
If in the operating mode of Layer 3 Portal authentication, a default route should be
configured on a Layer3 device between the portal user and the switch which can
enable Portal, and its next hop points to the switch.
If in the re-DHCP operating mode, the switch can be only configured as a DHCP
Relay instead of a DHCP Server.

2.2.3 Portal Direct Authentication Configuration Example

I. Network requirements
Configure the switch to enable Portal authentication. Set Portal operating mode to
direct authentication.
The switch uses the RADIUS server to implement authentication and accounting.
Before passing the Portal authentication, the user PC can only access the Portal
server.
Steps
Portal
portal server-name
display portal [ acm
statistics
auth-network
[ auth-vlan-id ] | server
the Portal
[
statistics ] | tcp-cheat
statistics | user [ ip
ipaddress
portIndex
[ vlan-id ] ]
reset portal { acm |
Portal counting
server | tcp-cheat }
statistics
Huawei Technologies Proprietary
Command
Required
|
|
server-name
—
|
port
] |
vlan
—
2-6
Chapter 2 Portal Configuration
Description