Specifying the portal server
Perform this task to specify portal server parameters for Layer 3 portal authentication, including the portal
server IP address, shared encryption key, server port, and the URL address for Web authentication.
To specify a portal server for Layer 3 authentication:
Step
1.
Enter system view.
2.
Specify a portal server and
configure related parameters.
NOTE:
The specified parameters of a portal server can be modified or deleted only if the portal server is not
referenced on any interface.
Enabling portal authentication
You must enable portal authentication on an access interface before it can perform portal authentication
for connected clients.
Configuration guidelines
The destination port number that the access device uses for sending unsolicited packets to the portal
•
server must be the same as the port number that the remote portal server actually uses.
The portal server and its parameters can be deleted or modified only when the portal server is not
•
referenced by any interface.
•
Cross-subnet authentication mode (portal server server-name method layer3) does not require
Layer 3 forwarding devices between the access device and the authentication clients. However, if
Layer 3 forwarding devices exist between the authentication client and the access device, you must
select the cross-subnet portal authentication mode.
In re-DHCP authentication mode, a client can use a public IP address to send packets before
•
passing portal authentication. However, responses to the packets are restricted.
An IPv6 portal server does not support the re-DHCP portal authentication mode.
•
You can enable both an IPv4 portal server and an IPv6 portal server for Layer 3 portal
•
authentication on an interface, but you cannot enable two IPv4 or two IPv6 portal servers on the
interface.
Configuration prerequisites
Before enabling Layer 3 portal authentication on an interface, make sure:
An IP address is configured for the interface.
•
The portal server to be referenced on the interface exists.
•
Command
system-view
portal server server-name ip
ip-address [ key [ cipher | simple ]
key-string | port port-id | url
url-string | vpn-instance
vpn-instance-name ] * | ipv6
ipv6-address [ key [ cipher |
simple ] key-string | port port-id |
url url-string ] * }
133
Remarks
N/A
By default, no portal server is
specified.
If the portal server is in an MPLS
VPN, specify the VPN instance
when specifying the portal server
on the device, so the device can
send packets to the portal server.