Configuring Bas-Ip For Unsolicited Portal Packets Sent To The Portal Authentication Server; Enabling Portal Roaming - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Configuring BAS-IP for unsolicited portal packets
sent to the portal authentication server
If the device runs Portal 2.0, the unsolicited packets sent to the portal authentication server must
carry the BAS-IP attribute. If the device runs Portal 3.0, the unsolicited packets sent to the portal
authentication server must carry the BAS-IP or BAS-IPv6 attribute.
If IPv4 portal authentication is enabled on an interface, you can configure the BAS-IP attribute on the
interface. If IPv6 portal authentication is enabled on an interface, you can configure the BAS-IPv6
attribute on the interface.
The device uses the configured BAS-IP or BAS-IPv6 address as the source IP address of the portal
notifications sent to the portal authentication server. If you do not configure the BAS-IP or BAS-IPv6
attribute, the source IP address is the IP address of the packet's output interface.
During a re-DHCP portal authentication or mandatory user logout process, the device sends portal
notification packets to the portal authentication server. For the authentication or logout process to
complete, make sure the BAS-IP/BAS-IPv6 attribute is the same as the device IP or IPv6 address
specified on the portal authentication server.
To configure the BAS-IP attribute for unsolicited portal packets sent to the portal authentication
server:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Configure BAS-IP for IPv4
portal packets sent to the
portal authentication
server.
4.
Configure BAS-IPv6 for
IPv6 portal packets sent to
the portal authentication
server.
Enabling portal roaming
Portal roaming takes effect only on portal users logging in from VLAN interfaces. It does not take
effect on portal users logging in from common Layer 3 interface.
If portal roaming is enabled on a VLAN interface, an online portal user can access resources from
any Layer 2 port in the VLAN without re-authentication.
Command
system-view
interface interface-type
interface-number
portal bas-ip ipv4-address
portal bas-ipv6 ipv6-address
174
Remarks
N/A
N/A
By default:
•
The BAS-IP attribute of an IPv4
portal response packet sent to the
portal authentication server is the
source IPv4 address of the packet.
•
The BAS-IP attribute of an IPv4
portal notification packet sent to the
portal authentication server is the
IPv4 address of the packet's output
interface.
By default:
•
The BAS-IPv6 attribute of an IPv6
portal response packet sent to the
portal authentication server is the
source IPv6 address of the packet.
•
The BAS-IPv6 attribute of an IPv6
portal notification packet sent to the
portal authentication server is the
IPv6 address of the packet's output
interface.
Advertisement
Table of Contents
Troubleshooting
