Blocking Portal Users That Fail Portal Authentication; Enabling Portal Roaming - H3C SR8800-F Configuration Manual

Comware 7 user access
Hide thumbs Also See for SR8800-F:
Table of Contents

Advertisement

Configure portal-free rules to allow user packets destined for the WPAD server to pass without
authentication.
If portal users enable Web proxy in their browsers, the users must add the IP address of the portal
authentication server as a proxy exception in their browsers. Thus, HTTP packets that the users
send to the portal authentication server will not be sent to Web proxy servers.
You cannot specify Web proxy server port 443 on the device.
You can execute this command multiple times to specify multiple port numbers of Web proxy servers.
Procedure
To configure support of Web proxy for portal authentication:
Step
1.
Enter system view.
2.
Specify the port number of a
Web proxy server.

Blocking portal users that fail portal authentication

This feature prevents exhaustive password cracking. It blocks a portal user if the user consecutively
fails authentication for the specified times within the failure detection period. All authentication
requests from the user are dropped by the device till the blocking times out. The blocked portal user
can perform portal authentication again when the blocking timeout time expires.
This feature does not block preauthentication portal users.
To block portal users that fail portal authentication:
Step
1.
Enter system view.
2.
Configure the device to block
portal users that fail portal
authentication for the
specified times within the
specified period.
3.
Set the portal user blocking
timeout time.

Enabling portal roaming

About portal roaming
If portal roaming is enabled on a VLAN interface, an online portal user can access resources from
any Layer 2 port in the VLAN without re-authentication.
Command
system-view
portal web-proxy port
port-number
Command
system-view
portal user-block failed-times
failed-times period period
portal user-block reactive
period
317
Remarks
N/A
By default, no port numbers of
Web proxy servers are specified.
Proxied HTTP requests are
dropped.
Remarks
N/A
By default, the device does not
block portal users that fail portal
authentication.
If you set the failed-times
argument to 0, the device does
not block portal users that fail
portal authentication.
By default, the portal user
blocking timeout time is 30
minutes.
If you set the portal user blocking
timeout time to 0 minutes, blocked
portal users cannot perform portal
authentication.

Advertisement

Table of Contents
loading

Table of Contents