Table of Contents
Advertisement
Step
3.
Configure a user attribute in
the portal preauthentication
policy.
4.
Return to system view.
5.
Enter interface view.
6.
Apply a portal
preauthentication policy to
the interface.
Specifying a preauthentication IP address pool
About preauthentication IP address pools
You must specify a preauthentication IP address pool on a portal-enabled interface in the following
situation:
•
Portal users access the network through a subinterface of the portal-enabled interface.
•
The subinterface does not have an IP address.
•
Portal users need to obtain IP addresses through DHCP.
After a user connects to a portal-enabled interface, the user uses an IP address for portal
authentication according to the following rules:
•
If the interface is configured with a preauthentication IP address pool, the user uses the
following IP address:
If the client is configured to obtain an IP address automatically through DHCP, the user
obtains an address from the specified IP address pool.
If the client is configured with a static IP address, the user uses the static IP address.
However, if the interface does not have an IP address, users using static IP addresses
cannot pass authentication.
•
If the interface has an IP address but no preauthentication IP pool specified, the user uses the
static IP address or the IP address obtained from a DHCP server.
•
If the interface has no IP address or preauthentication IP pool specified, the user cannot
perform portal authentication.
After the user passes portal authentication, the AAA server authorizes an IP address pool for
re-assigning an IP address to the user. If no authorized IP address pool is deployed, the user
continues using the previous IP address.
Restrictions and guidelines
When you specify a preauthentication IP address pool, follow these guidelines and restrictions:
•
This configuration takes effect only when the direct IPv4 portal authentication is enabled on the
interface.
•
Make sure the specified IP address pool exists and is complete. Otherwise, the user cannot
obtain the IP address and cannot perform portal authentication.
•
If the portal user does not perform authentication or fails to pass authentication, the assigned IP
address is still retained.
Command
user-attribute { acl acl-number |
car { inbound | outbound } cir
committed-information-rate [ pir
peak-information-rate ] |
user-profile profile-name }
quit
interface interface-type
interface-number
portal [ ipv6 ] apply
pre-auth-policy policy-name
309
Remarks
By default, no user attributes are
configured for a portal
preauthentication policy.
N/A
N/A
By default, no portal
preauthentication policy is applied
to an interface.
Advertisement
Table of Contents
Troubleshooting
