recommends using the IP address of a loopback interface rather than a physical Layer 3 interface,
because:
The status of a loopback interface is stable. There will be no authentication page access failures
•
caused by interface failures.
A loopback interface does not forward received packets to any network, avoiding impact on system
•
performance when there are many network access requests.
Follow these steps to specify the local portal server for Layer 2 portal authentication:
To do...
Enter system view
Specify the listening IP address of
the local portal server for Layer 2
portal authentication
NOTE:
The specified listening IP address can be changed or deleted only if Layer 2 portal authentication is not
enabled on any port.
Specifying a portal server for Layer 3 portal authentication
This task allows you to specify the portal server parameters for Layer 3 portal authentication, including
the portal server IP address, shared encryption key, server port, and the URL address for web
authentication. According to the networking environment, you can configure a remote portal server or a
local portal server as needed.
•
To configure a remote portal server, specify the IP address of the remote portal server.
To use the local portal server of the access device, specify the IP address of a Layer 3 interface on
•
the device as the portal server's IP address. The specified interface must be reachable to the client.
Follow these steps to specify a portal server for Layer 3 authentication:
To do...
Enter system view
Specify a portal server and
configure related parameters
NOTE:
The specified parameters of a portal server can be modified or deleted only if the portal server is not
•
referenced on any interface.
•
For local portal server configuration, the keywords key, port, and url are usually not required and, if
configured, do not take effect.
When a local portal server is used, the re-DHCP portal authentication mode (redhcp) can be configured
•
but, if configured, does not take effect.
To make sure that the device can send packets to the portal server in an MPLS VPN, specify the VPN
•
instance to which the portal server belongs when specifying the portal server on the device.
Use the command...
system-view
portal local-server ip ip-address
Use the command...
system-view
portal server server-name ip
ip-address [ key key-string | port
port-id | url url-string |
vpn-instance vpn-instance-name ] *
137
Remarks
—
Required
By default, no listening IP address
is specified.
Remarks
—
Required
By default, no portal server is
specified.