1858
C
98: P
HAPTER
ORTAL
Configuration Procedure
Configuring an
Authentication-Free
Rule
C
ONFIGURATION
For portal+ authentication, you need to install and configure the security policy
■
server while ensuring that the ACL configured on the access device
corresponds to the ACL for restricted resources and the ACL for unrestricted
resources on the security policy server. For detailed configuration of the security
policy server, refer to
1751.
n
For configuration about security policy server, refer to CAMS EAD Security
■
Policy Component User Manual.
The ACL of restricted resources and the ACL of unrestricted resources represent
■
isolation ACL and security ACL on the security policy server respectively.
Follow these steps to perform basic portal configuration:
To do...
Enter system view
Configure a portal
server
Enter interface view
Enable portal
authentication on the
interface
c
CAUTION:
The destination port number that the device uses for sending packets to the
■
portal server on its own must be the same as that the remote portal server
actually uses.
The parameters of a portal server are modifiable. If a portal server is applied to
■
an interface, it cannot be deleted or modified.
When a portal is enabled on an interface, the portal server applied to the
■
interface must exist.
Only Layer 3 authentication mode is applicable for the applications which
■
support portal authentication in the presence of Layer-3 forwarding devices.
However, Layer-3 authentication does not require deploying Layer-3 forwarding
devices between the access device and the portal client.
In re-DHCP authentication mode, a user is allowed to send out packets in a
■
manually configured public IP address before portal authentication, but the
corresponding response packets are restricted.
An authentication-free rule allows the specific users to access external websites,
depending on the source and destination information specified in the
authentication-free rule. Packets in compliance with the authentication-free rule
will not trigger the portal authentication so that the users can directly access the
Internet.
Follow these steps to configure an authentication-free rule:
"AAA/RADIUS/HWTACACS Configuration" on page
Use the command...
system-view
portal server server-name ip ip-address
[ key key-string | port port-id | url
url-string ] *
interface interface-type interface-number
portal server server-name method { direct
| layer3 | redhcp } [ service-type { normal |
plus } ]
Remarks
-
Required
By default, no portal
server is configured.
-
Required
Disabled by default