No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R013C00 Configuration Guide - User Access and Authentication

This document describes the configurations of User Access and Authentication Configuration, including AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Parameters for Information Exchange with the Portal server

(Optional) Configuring Parameters for Information Exchange with the Portal server

Context

In Portal authentication network deployment, if the Portal server is an external Portal server, you can configure parameters for information exchange between the device and the Portal server to improve communication security.
NOTE:

This function applies only to external Portal servers.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run web-auth-server version v2 [ v1 ]

    Portal protocol versions supported by the device are configured.

    By default, the device uses Portal of v1 and v2.

    NOTE:

    To ensure smooth communication, use the default setting so that the device uses both versions.

  3. Run web-auth-server listening-port port-number

    The port number through which the device listens to Portal protocol packets is set.

    By default, the device listens to the Portal protocol packets through port 2000.

  4. Run web-auth-server reply-message

    The device is enabled to transparently transmit the authentication responses sent by the authentication server to the Portal server.

    By default, the device transparently transmits the authentication responses sent by the authentication server to the Portal server.

  5. Run web-auth-server server-name

    The Portal server template view is displayed.

  6. Run source-ip ip-address

    The source IP address for communication with a Portal server is configured.

    By default, no source IP address is configured for the device.

  7. Run port port-number [ all ]

    The destination port number through which the device sends packets to the Portal server is set.

    By default, port 50100 is used as the destination port when the device sends packets to the Portal server.

    NOTE:

    Ensure that the port number configured on the device is the same as that used by the Portal server.

  8. Run vpn-instance vpn-instance-name

    The VPN instance used by the device to communicate with the Portal server is configured.

    By default, no VPN instance is configured for communication between the device and Portal server.

  9. Run the quit command to return to the system view.
  10. After disconnecting a Portal authentication user, the device sends a user logout packet (NTF-LOGOUT) to instruct the Portal server to delete the user information. If the network between the device and Portal server is not stable or packets are lost, the Portal server may fail to receive the user logout packet from the device after the Portal authentication user is disconnected. In this case, the user is displayed as disconnected on the device but still as online on the Portal server. To enable the Portal server to receive the user logout packet and ensure that the online user information on the Portal server is correct, the administrator can enable the user logout packet re-transmission function on the device and configure the re-transmission times and interval.

    Run portal logout resend times timeout period

    The re-transmission times and interval for the Portal authentication user logout packet are configured.

    By default, the Portal authentication user logout packet can be re-transmitted three times within five seconds.

  11. Run portal logout different-server enable

    The device is enabled to process user logout requests sent by a Portal server other than the one from which users log in.

    By default, a device does not process user logout requests sent by Portal servers other than the one from which users log in.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100066170

Views: 23323

Downloads: 6

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next