Table of Contents
Advertisement
Procedure
To specify a preauthentication IP address pool:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Specify a preauthentication
IP address pool on the
interface.
Enabling portal authentication on an interface
Restrictions and guidelines
General restrictions and guidelines for enabling portal authentication
When you enable portal authentication on an interface, follow these restrictions and guidelines:
•
If the device is connected to the RADIUS and portal servers through interfaces on SPC, CSPC,
and CMPE-1104 cards, set the UDP port numbers as follows:
Set the RADIUS authentication and accounting port numbers to 1812 and 1813,
respectively.
Set the portal listening port number to 2000.
For more information about specifying the port numbers for RADIUS authentication and
RADIUS accounting on the device, see
•
You can enable both IPv4 portal authentication and IPv6 portal authentication on an interface.
•
Portal authentication does not take effect on a tunnel interface.
•
Do not add the Ethernet interface enabled with portal authentication to an aggregation group.
Otherwise, portal authentication does not take effect.
•
As a best practice, do not apply a QoS policy to an interface enabled with portal authentication
by using the qos apply policy command. If you need to apply a QoS policy on the interface, do
it under the guidance of the technical support.
For more information about the qos apply policy command, see ACL and QoS Command
Reference.
•
If you assign an Ethernet interface enabled with portal authentication to an aggregation group,
portal authentication takes effect on the aggregate interface instead of aggregation member
ports.
Restrictions and guidelines for enabling cross-subnet portal authentication
When you configure cross-subnet portal authentication (layer3) on an interface, follow these
restrictions and guidelines:
•
IPv6 portal users that pass cross-subnet portal authentication on the interface cannot receive
IPv6 multicast data after the users join IPv6 multicast groups. For more information about users'
joining IPv6 multicast groups, see MLD configuration in IP Multicast Configuration Guide.
•
Cross-subnet portal authentication does not require Layer 3 forwarding devices between the
access device and the portal authentication clients. However, if a Layer 3 forwarding device
exists between the authentication client and the access device, you must use the cross-subnet
portal authentication mode.
Command
system-view
interface interface-type
interface-number
portal [ ipv6 ] pre-auth ip-pool
pool-name
"Configuring
310
Remarks
N/A
N/A
By default, no preauthentication
IP address pool is specified on an
interface.
AAA."
Advertisement
Table of Contents
Troubleshooting
