Configuring A Portal-Free Rule - HP 830 Series Configuration Manual

Table 112 Configuration items
Item
Web Proxy Server
Ports
Redirection URL
Wait-Time
Enable Support for
Portal User Moving

Configuring a portal-free rule

1. Select Authentication > Portal from the navigation tree
Description
Configure the web proxy server ports to allow HTTP requests proxied by the specified
proxy servers to trigger portal authentication. By default, only HTTP requests that are not
proxied can trigger portal authentication.
To make sure that a user using a web proxy server can trigger portal authentication, you
need to add the port number of the proxy server on the device and the user needs to
specify the listening IP address of the local portal server as a proxy exception in the
browser. Thus, HTTP packets that the portal user sends to the local portal server are not
sent to the proxy server.
IMPORTANT:
•
Only Layer 2 portal authentication supports this feature.
•
If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover
web proxy servers, add the port numbers of the web proxy servers on the device, and
configure portal-free rules to allow user packets destined for the IP address of the
WPAD server to pass without authentication.
Specify the auto redirection URL to which users will be automatically redirected after they
pass portal authentication.
To access the network, an unauthenticated user either goes to or is automatically forced
to the portal authentication page for authentication. If the user passes portal
authentication and the access device is configured with an auto redirection URL, the
access device redirects the user to the URL after a specific period of time.
Set the time that the device must wait before redirecting an authenticated portal user to
the auto redirection URL.
Specify whether to enable support for portal user moving.
In scenarios where there are hubs, Layer 2 switches, or APs between users and the access
devices, if an authenticated user moves from an access port to another Layer
2-portal-authentication-enabled port of the device without logging off, the user cannot get
online when the original port is still up. The reason is that the original port is still
maintaining the authentication information of the user and the device does not permit
such a user to get online from another port by default.
To solve the problem described above, enable support for portal user moving on the
device. Then, when a user moves from a port of the device to another, the device
provides services in either of the following two ways:
•
If the original port is still up and the two ports belong to the same VLAN, the device
allows the user to continue to access the network without re-authentication, and uses
the new port information for accounting of the user.
•
If the original port is down or the two ports belong to different VLANs, the device
removes the authentication information of the user from the original port and
authenticates the user on the new port.
IMPORTANT:
For a user with authorization information (such as authorized VLAN) configured, after the
user moves from a port to another, the device tries to assign the authorization information to
the new port. If the operation fails, the device deletes the user's information from the original
port and re-authenticates the user on the new port.
365