Configuring a portal authentication server·················································································································· 70

Configuring a portal Web server ································································································································· 71

Enabling portal authentication on an interface ··········································································································· 71

Configuration restrictions and guidelines ··········································································································· 71

Configuration procedure ······································································································································ 72

Referencing a portal Web server for an interface ······································································································ 72

Controlling portal user access ······································································································································ 73

Configuring a portal-free rule······························································································································· 73

Configuring an authentication source subnet ····································································································· 73

Configuring an authentication destination subnet ····························································································· 74

Setting the maximum number of portal users ····································································································· 75

Specifying a portal authentication domain ········································································································ 75

Configuring portal detection functions ························································································································· 76

Configuring online detection of portal users ······································································································ 76

Configuring portal authentication server detection ···························································································· 77

Configuring portal Web server detection ··········································································································· 78

Configuring portal user synchronization ············································································································· 79

Configuring the portal fail-permit function ··················································································································· 80

Configuring BAS-IP for unsolicited portal packets sent to the portal authentication server ···································· 80

Logging out portal users ················································································································································ 81

Displaying and maintaining portal ······························································································································ 81

Portal configuration examples ······································································································································ 82

Configuring direct portal authentication ············································································································· 82

Configuring re-DHCP portal authentication ········································································································ 87

Configuring cross-subnet portal authentication ·································································································· 90

Configuring extended direct portal authentication ···························································································· 93

Configuring extended re-DHCP portal authentication ······················································································· 97

Configuring extended cross-subnet portal authentication ··············································································· 100

Configuring portal server detection and portal user synchronization ··························································· 104

Troubleshooting portal ················································································································································· 109

No portal authentication page is pushed for users ························································································· 109

Cannot log out portal users on the access device ··························································································· 109

Cannot log out portal users on the RADIUS server ·························································································· 110

Users logged out by the access device still exist on the portal authentication server ·································· 110

Re-DHCP portal authenticated users cannot log in successfully······································································ 110

Configuring password control ································································································································ 112

Overview ······································································································································································· 112

Password setting ·················································································································································· 112

Password updating and expiration ··················································································································· 113

User login control ················································································································································ 114

Password not displayed in any form ················································································································· 114

Logging ································································································································································· 114

FIPS compliance ··························································································································································· 115

Password control configuration task list ····················································································································· 115

Enabling password control ········································································································································· 115

Setting global password control parameters ············································································································ 116

Setting user group password control parameters ····································································································· 117

Setting local user password control parameters ······································································································· 118

Setting super password control parameters ·············································································································· 119

Displaying and maintaining password control ········································································································· 119

Password control configuration example ·················································································································· 120

Network requirements ········································································································································· 120

Verifying the configuration ································································································································· 121