No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R010C00 Command Reference

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
web-auth-server (Portal access profile view)

web-auth-server (Portal access profile view)

Function

The web-auth-server command configures the Portal server profile used by a Portal access profile.

The undo web-auth-server command restores the default setting.

By default, a Portal access profile does not use any Portal server profile.

Format

web-auth-server server-name [ bak-server-name ] direct

undo web-auth-server

Parameters

Parameter Description Value
server-name Specifies the name of a Portal server profile.

The value must be an existing Portal server profile name.

bak-server-name

Specifies the name of a backup Portal server profile.

NOTE:

The name of the backup Portal server profile cannot be configured to the command-line keyword direct.

The value must be an existing Portal server profile name.

direct Sets the Portal authentication mode to Layer 2 authentication. -

Views

Portal access profile view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After a Portal server profile is configured on the device, this profile must be bound to a Portal access profile. When users who use the Portal access profile attempt to access charged network resources, the HTTP requests are forcibly redirected to the authentication page of the Portal server to implement Portal authentication.

To improve Portal authentication reliability, the backup Portal server profile can also be bound to the Portal access profile. When the primary Portal server is disconnected, the users are redirected to the backup Portal server for authentication. This function can take effect only when the Portal server detection function is enabled using the server-detect command and heartbeat detection is enabled on the Portal server.

The device supports only Layer 2 Portal authentication. In Layer 2 Portal authentication, it is required that no Layer 3 forwarding device exist between user clients and the device. The device can learn the clients' MAC addresses and identify the clients based on IP addresses and MAC addresses.

Prerequisites

A Portal server profile has been created using web-auth-server (system view) and the IP address of the Portal server has been configured using server-ip (Portal server profile view).

Precautions

  • After a Portal access profile is bound to an authentication profile, the Portal server profile used in the Portal access profile cannot be deleted, but can be modified.
  • This command does not take effect on the VLANIF interface corresponding to the super VLAN.
  • If ARP entries are deleted (for example, after a VLANIF interface address bound to a portal server template is deleted, the ARP entry of the user going online through this VLANIF interface ages out) after a user goes online through external portal authentication, the user cannot go online again. To solve this problem, enable DHCP snooping or reconfigure redirection on the device. That is, enter the IP address of a web page other than the portal authentication page on the browser, and then the device pushes the authentication page to you.

  • Wireless users are authenticated using Layer 2 Portal authentication. The layer3 parameter is set for upgrade compatibility of the portal auth-network command that configures a source subnet for Portal authentication.

Example

# Bind the Portal access profile p1 to the Portal server profiles server1 and server2 (backup Portal server profile), and configure the Layer 2 authentication mode.

<Huawei> system-view
[Huawei] web-auth-server server1
[Huawei-web-auth-server-server1] server-ip 10.10.1.1
[Huawei-web-auth-server-server1] quit
[Huawei] web-auth-server server2
[Huawei-web-auth-server-server2] server-ip 10.10.2.1
[Huawei-web-auth-server-server2] quit
[Huawei] portal-access-profile name p1
[Huawei-portal-access-profile-p1] web-auth-server server1 server2 direct
Translation
Download
Updated: 2019-11-21

Document ID: EDOC1100064352

Views: 210473

Downloads: 122

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next