No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Extended Functions Related to Portal Authentication

Configuring Extended Functions Related to Portal Authentication

Configuring the CNA Adaptive Function for iOS Terminals

Context

Since WLANs are widely provided, users have a demand for quick and convenient authentication by using applications on mobile terminals, without entering user names and passwords. In such authentication mode, mobile terminals need to automatically display the application-based Portal authentication page and the applications need to communicate with the background server. Therefore, the mobile terminals must be connected to the WLANs during authentication.

iOS terminals such as iPhones, iPads, and iMac computers provide the Captive Network Assistant (CNA) function. This function automatically detects the network connection status after iOS terminals connect to WLANs. If the network is disconnected, the iOS terminals display a page prompting users to enter user names and passwords. If users do not enter the user names and passwords, the iOS terminals automatically disconnect from the WLANs. As a result, users cannot use applications on iOS terminals for authentication.

To solve the problem, enable the CNA adaptive function so that iOS terminals are redirected to the application-based Portal authentication page when they connect to WLANs. Users can click the link on the page to start specified applications to perform Portal authentication. If users do not start applications to perform authentication, they can still access authentication-free resources on the WLANs.

NOTE:

Authentication-free resources accessed by users cannot contain the URL captive.apple.com; otherwise, terminals cannot automatically display the Portal authentication page.

If the Portal authentication page is of the HTTPS type, terminals can automatically display the Portal authentication page only when an HTTPS URL is used and the domain name certificate is valid.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run portal captive-adaptive enable

    The CNA adaptive function is enabled for iOS terminals.

    By default, the CNA adaptive function is disabled for iOS terminals.

    If you run both the portal captive-adaptive enable and portal captive-bypass enable commands, the command executed later takes effect.

Configuring CNA Bypass for iOS Terminals

Context

The iOS operating system provides the Captive Network Assistant (CNA) function. With the CNA function, the iOS terminals (including iPhone, iPad, and iMAC) automatically detects wireless network connectivity after associating with a wireless network. If the network connection cannot be set up, the iOS terminals ask users to enter user names and passwords. If users do not enter the user names and passwords, the iOS terminals automatically disconnect from the wireless network.

However, Portal authentication allows users to access certain resources before authentication is successful. If the iOS terminals are disconnected, users cannot access the specified resources. The CNA bypass function addresses this problem. If the users do not enter user names and passwords immediately, the CNA bypass function keeps the iOS terminals online before the Portal authentication is successful. Therefore, the iOS users are allowed to access authentication-free resources.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run portal captive-bypass enable

    The CNA bypass function is enabled for iOS terminals.

    By default, the CNA bypass function is disabled for iOS terminals.

Configuring the Maximum Number of Portal Authentication Users Allowed on the Device

Context

You can perform the following configurations to restrict the maximum number of Portal authentication users allowed on the device.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run portal max-user user-number

    The maximum number of Portal authentication users allowed on the device is configured.

    By default, the maximum number of Portal authentication users allowed on the device is not restricted within the device's capacity.

  3. (Optional) Run portal user-alarm percentage percent-lower-value percent-upper-value

    The alarm thresholds for the Portal authentication user count percentage are configured.

    By default, the lower alarm threshold for the Portal authentication user count percentage is 50, and the upper alarm threshold for the Portal authentication user count percentage is 100.

    When the percentage of online Portal authentication users against the maximum number of users allowed on the device exceeds the upper alarm threshold, the device generates an alarm. When the percentage reaches or falls below the lower alarm threshold, the device clears the alarm.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 118118

Downloads: 55

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next