293
Layer 2 portal authentication uses the local portal server. Specify the IP address of a Layer 3
interface on the device that is routable to the portal client as the listening IP address of the local
portal server. Hewlett Packard Enterprise recommends using the IP address of a loopback interface
rather than a physical Layer 3 interface, because:
• The status of a loopback interface is stable. There will be no authentication page access
failures caused by interface failures.
• A loopback interface does not forward received packets to any network, avoiding impact on
system performance when there are many network access requests.
To specify the local portal server for Layer 2 portal authentication:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Specify the listening IP
address of the local portal
server for Layer 2 portal
authentication.
portal local-server ip
ip-address
By default, no listening IP address
is specified.
The specified listening IP address can be changed or deleted only if Layer 2 portal authentication is
not enabled on any port.
Specifying a portal server for Layer 3 portal authentication
Perform this task to specify portal server parameters for Layer 3 portal authentication, including the
portal server IP address, shared encryption key, server port, and the URL address for Web
authentication. According to the networking environment, you can configure a remote portal server or,
if supported, a local portal server as needed.
• To configure a remote portal server, specify the IP address of the remote portal server.
• To use the local portal server of the access device, specify the IP address of a Layer 3 interface
on the device as the portal server's IP address. The specified interface must be reachable to the
client.
Follow these guidelines when you specify a portal server for Layer 3 authentication:
• The specified parameters of a portal server can be modified or deleted only if the portal server is
not referenced on any interface.
• For local portal server configuration, the keywords key, port, and url are usually not required
and, if configured, do not take effect.
• When a local portal server is used, the re-DHCP portal authentication mode (redhcp) can be
configured but, if configured, does not take effect.
• To make sure the device can send packets to the portal server in an MPLS VPN, specify the
VPN instance to which the portal server belongs when specifying the portal server on the
device.
To specify a portal server for Layer 3 authentication:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Specify a portal server and
configure related
parameters.
portal server
server-name
ip
ip-address
[
key
[
cipher
|
simple
] key-string
|
port
port-id
|
url
url-string |
vpn-instance
vpn-instance-name
] *
By default, no portal server is
specified.
You can specify up to four portal
servers on the access device.
To Next Page
Loading...
Need help?
General
