Enabling Portal Authentication On An Interface; Configuration Restrictions And Guidelines; Configuration Procedure - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
Step
2.
Create a portal Web server
and enter its view.
3.
Specify the VPN instance to
which the portal Web server
belongs.
4.
Specify the URL of the portal
Web server.
5.
Configure the parameters to
be carried in the URL when
the device redirects it to
users.
Enabling portal authentication on an interface
You must first enable portal authentication on an access interface before it can perform portal
authentication for connected clients.
When a portal-enabled interface receives a portal packet, it checks the source IP address and VPN
information of the packet. If the packet matches a locally configured portal authentication server, the
interface regards the packet valid and sends an authentication response packet to the portal
authentication server. Otherwise, the interface drops the packet. After a user logs in to the device,
the user interacts with the portal authentication server as needed.
Configuration restrictions and guidelines
When you enable portal authentication on an interface, follow these restrictions and guidelines:
•
Make sure the interface has a valid IP address before you enable re-DHCP portal
authentication on the interface.
•
Cross-subnet authentication mode (layer3) does not require Layer 3 forwarding devices
between the access device and the portal authentication clients. However, if a Layer 3
forwarding device exists between the authentication client and the access device, you must use
the cross-subnet portal authentication mode.
•
With re-DHCP portal authentication, configure authorized ARP on the interface as a best
practice to make sure only valid users can access the network. With authorized ARP configured
on the interface, the interface learns ARP entries only from the users who have obtained a
public address from DHCP.
•
An IPv6 portal server does not support the re-DHCP portal authentication mode.
•
You can enable both IPv4 portal authentication and IPv6 portal authentication on an interface.
Configuration procedure
To enable portal authentication on an interface:
Step
1.
Enter system view.
2.
Enter VLAN interface view.
Command
portal web-server server-name
vpn-instance vpn-instance-name
url url-string
url-parameter param-name
{ original-url | source-address |
source-mac | value expression }
Command
system-view
interface interface-type
interface-number
142
Remarks
By default, no portal Web server
is created.
By default, the portal Web server
belongs to the public network.
By default, no URL is specified.
By default, no redirection URL
parameters are configured.
Remarks
N/A
N/A
Advertisement
Table of Contents
Troubleshooting
