169
-- -- --
Layer3 source network:
IP address Prefix length
Destination authenticate subnet:
IP address Prefix length
Before a user performs portal authentication by using the HPE iNode client, the user can access only
the authentication page http://192.168.0.111:8080/portal. All Web requests the user initiates will be
redirected to the authentication page.
• If the user passes the authentication but fails the security check, the user can access only the
resources that match ACL 3000.
• After passing both the authentication and the security check, the user can access Internet
resources that match ACL 3001.
# After the user passes authentication, use the following command to display information about the
portal user.
[SwitchA] display portal user interface vlan-interface 4
Total portal users: 1
Username: abc
Portal server: newpt
State: Online
Authorization ACL: 3001
VPN instance: --
MAC IP VLAN Interface
0015-e9a6-7cfe 8.8.8.2 4 Vlan-interface4
Configuring portal server detection and portal user
synchronization
Network requirements
As shown in Figure 58, the host is directly connected to the switch (the access device). The host is
assigned with a public IP address either manually or through DHCP. A portal server acts as both a
portal authentication server and a portal Web server. A RADIUS server acts as the
authentication/accounting server.
Configure direct portal authentication on the switch, so the host can access only the portal server
before passing the authentication and access Internet resources after passing the authentication.
Configure the switch to do the following:
• Detect the reachability state of the portal authentication server.
• Send log messages upon state changes.
• Disable portal authentication when the authentication server is unreachable.
• Synchronize portal user information with the portal server periodically.
To Next Page
Loading...
Need help?
General