Configuring Layer 2 Portal Authentication To Support Web Proxy; Enabling Support For Portal User Moving - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
To specify an authentication domain for portal users on an interface:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Specify an authentication
domain for portal users on the
interface.
The switch selects the authentication domain for a portal user on an interface in this order: the
authentication domain specified for the interface, the authentication domain carried in the username,
and the system default authentication domain. For information about the default authentication domain,
see
"Configuring
Configuring Layer 2 portal authentication to support Web
proxy
By default, proxied HTTP requests cannot trigger Layer 2 portal authentication but are silently dropped.
To allow such HTTP requests to trigger portal authentication, configure the port numbers of the Web
proxy servers on the switch.
If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover Web proxy servers,
add the port numbers of the Web proxy servers on the switch, and configure portal-free rules to allow
user packets destined for the IP address of the WPAD server to pass without authentication.
You must add the port numbers of the Web proxy servers on the switch and users must make sure their
browsers that use a Web proxy server do not use the proxy server for the listening IP address of the local
portal server. Thus, HTTP packets that the portal user sends to the local portal server are not sent to the
Web proxy server.
To configure Layer 2 portal authentication to support a Web proxy:
Step
1.
Enter system view.
2.
Add a Web proxy server
port number.
Enabling support for portal user moving
Only Layer 2 portal authentication supports this feature.
In scenarios where there are hubs, Layer 2 switches, or APs between users and the access devices, if an
authenticated user moves from the current access port to another Layer 2-portal-authentication-enabled
port of the device without logging off, the user cannot get online when the original port is still up. The
reason is that the original port is still maintaining the authentication information of the user and the
device does not permit such a user to get online from another port by default.
Command
system-view
interface interface-type
interface-number
portal domain [ ipv6 ]
domain-name
AAA."
Command
system-view
portal web-proxy port port-number
140
Remarks
N/A
N/A
By default, no authentication
domain is specified for portal
users.
Remarks
N/A
By default, no Web proxy
server port number is
configured and proxied HTTP
requests cannot trigger portal
authentication.
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
