Enabling Strict-Checking On Portal Authorization Information - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
•
Portal users access the network through a subinterface of the portal-enabled interface.
•
The subinterface does not have an IP address.
•
Portal users need to obtain IP addresses through DHCP.
After a user connects to a portal-enabled interface, the user uses an IP address for portal
authentication according to the following rules:
•
If the interface is configured with a preauthentication IP address pool, the user uses the
following IP address:
If the client is configured to obtain an IP address automatically through DHCP, the user
obtains an address from the specified IP address pool.
If the client is configured with a static IP address, the user uses the static IP address.
However, if the interface does not have an IP address, users using static IP addresses
cannot pass authentication.
•
If the interface has an IP address but no preauthentication IP pool specified, the user uses the
static IP address or the IP address obtained from a DHCP server.
•
If the interface has no IP address or preauthentication IP pool specified, the user cannot
perform portal authentication.
After the user passes portal authentication, the AAA server authorizes an IP address pool for
re-assigning an IP address to the user. If no authorized IP address pool is deployed, the user
continues using the previous IP address.
If the portal user does not perform authentication or fails to pass authentication, the assigned IP
address is still retained.
When you specify a preauthentication IP address pool, follow these guidelines and restrictions:
•
This configuration takes effect only when the direct IPv4 portal authentication is enabled on the
interface.
•
Make sure the specified IP address pool exists and is complete. Otherwise, the user cannot
obtain the IP address and cannot perform portal authentication.
To specify an IP address pool before portal authentication:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Specify a preauthentication
IP address pool for portal
users.
Enabling strict-checking on portal authorization information
The strict checking mode allows a portal user to stay online only when the authorized information for
the user is successfully deployed on the interface.
You can enable strict checking on authorized ACLs. If you enable ACL checking, the user will be
logged out if either checking fails.
An ACL checking fails when the authorized ACL does not exist on the device or the ACL fails to be
deployed.
To enable strict-checking on portal authorization information:
Command
system-view
interface interface-type
interface-number
portal [ ipv6 ] pre-auth ip-pool
pool-name
168
Remarks
N/A
N/A
By default, no preauthentication
IP address pool is specified on an
interface.
Advertisement
Table of Contents
Troubleshooting
