146
To configure a portal Web server:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Create a portal Web server
and enter its view.
portal web-server
server-name
By default, no portal Web servers
exist.
3. Specify the VPN instance to
which the portal Web server
belongs.
vpn-instance
vpn-instance-name
By default, the portal Web server
belongs to the public network.
4. Specify the URL of the portal
Web server.
url
url-string
By default, no URL is specified.
5. Configure the parameters to
be carried in the URL when
the device redirects it to
users.
url-parameter
param-name
{
nas-id
|
nas-port-id
|
original-url
|
source-address
|
source-mac
[
encryption
{
aes
|
des
}
key
{
cipher
|
simple
}
string ] |
value
expression
}
By default, no redirection URL
parameters are configured.
6. (Optional.) Specify the portal
Web server type.
server-type imc
By default, the portal Web server
type is IMC.
7. (Optional.) Enable the
captive-pass feature.
captive-bypass enable
By default, the captive-bypass
feature is disabled. The device
automatically pushes the portal
authentication page to the iOS
devices and some Android
devices when they are connected
to the network.
8. (Optional.) Configure a
match rule for URL
redirection.
if-match
{
original-url
url-string
redirect-url
url-string
[
url-param-encryption
{
aes
|
des
}
key
{
cipher
|
simple
}
string ] |
user-agent
string
redirect-url
url-string }
By default, no URL redirection
match rules exist.
Enabling portal authentication
You must first enable portal authentication on an access interface before it can perform portal
authentication for connected clients.
With portal authentication enabled, the device searches for a portal authentication server for a
received portal packet according to the source IP address and VPN information of the packet.
• If the packet matches a locally configured portal authentication server, the device regards the
packet valid and sends an authentication response packet to the portal authentication server.
After a user logs in to the device, the user interacts with the portal authentication server as
needed.
• If the packet does not match a portal authentication server, the device drops the packet.
Configuration restrictions and guidelines
When you enable portal authentication on an interface, follow these restrictions and guidelines:
• Make sure the interface has a valid IP address before you enable re-DHCP portal
authentication on the interface.
• Do not add the Ethernet interface enabled with portal authentication to an aggregation group.
Otherwise, portal authentication does not take effect.
To Next Page
Loading...
Need help?
General