146
Configuration prerequisites
Different clients may have different web proxy configurations. For these clients to trigger portal
authentication, you must satisfy the following prerequisites:
Web
rox
confi
uration on clients
Confi
uration
rere
uisites
Scenario 1:
All or some clients use a web proxy, and
the portal server’s IP address is not a
proxy exception.
• If an iMC portal server is used, perform the following
configurations on the iMC portal server:
{ Select NAT as the type of the IP group associated with the
portal device.
{ Specify the proxy server’s IP address as the IP address after
NAT.
{ Configure the port group to support NAT
• The portal server and the web proxy server have IP connectivity
to each other.
Scenario 2:
All or some clients use a web proxy, and
the portal server’s IP address is a proxy
exception.
If an iMC portal server is used, configure the IP group and port
group to not support NAT.
Scenario 3:
All clients use a web proxy server but only
some clients specify the portal server’s IP
address as a proxy exception.
• If an iMC portal server is used, add the client IP addresses to
two IP groups according to whether the portal server’s IP
address is a proxy exception, and then configure the IP groups
and the port group according to scenarios 1 and 2.
• The portal server and the web proxy server have IP connectivity
to each other.
Configuration procedure
Follow these steps to configure Layer 3 portal authentication to support a web proxy:
To do… Use the command…
Remarks
Enter system view system-view —
Add a web proxy server port
number
portal web-proxy port port-number
Required
By default, no web proxy server
port number is configured and
proxied HTTP requests cannot
trigger portal authentication.
NOTE:
• If a user’s browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover web proxy servers,
add the port numbers of the web proxy servers on the device, and configure portal-free rules to allow
user packets destined for the IP address of the WPAD server to pass without authentication.
• If the web proxy server port 80 is added on the device, clients that do not use a proxy server can tri
er
portal authentication only when they access a reachable host enabled with the HTTP service.
• Authorized ACLs to be assigned to users who have passed portal authentication must contain a rule tha
permits the web proxy server’s IP address. Otherwise, the users cannot receive heartbeat packets from
the remote portal server.
Enabling support for portal user moving
To Next Page
Loading...
Need help?
General