Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
919293949596979899100
92
Configuration procedure
This task allows you to specify the portal server IP address and enable portal authentication on an
interface.
Follow these steps to perform basic portal configuration:
To do… Use the command…
Remarks
Enter system view system-view
Specify a portal server and
configure related parameters
portal server server-name ip ip-address
[ key key-string | port port-id | url
url-string ] *
Required
By default, no portal server is
specified.
Enter interface view interface interface-type interface-number
Enable portal authentication
on the interface
portal server server-name method
{ direct | layer3 | redhcp }
Required
Disabled by default
NOTE:
You cannot enable portal authentication on a Layer 3 port added to an a
gg
re
g
ation
g
roup, nor can you
add a portal-enabled Layer 3 port to an aggregation group.
The destination port number that the access device uses for sending unsolicited packets to the portal
server must be the same as the one that the remote portal server actually uses.
The portal server and its parameters can be deleted or modified only when the portal server is not
referenced by any interface.
The portal server to be referenced must exist.
Layer 3 portal authentication mode (portal server
server-name
method layer3) does not require Layer
3 forwarding devices between the access device and the authentication clients. However, if there are
Layer 3 forwarding devices between the authentication client and the access device, you must select the
Layer 3 authentication mode.
In re-DHCP authentication mode, a client can use a public IP address to send packets before passing
portal authentication. However, responses to the packets are restricted.
Configuring a portal-free rule
A portal-free rule allows specified users to access specified external websites without portal
authentication.
The matching items in a portal free rule include the IP address, MAC address, source interface, and
VLAN. Packets matching a portal-free rule will not trigger portal authentication, so that users sending the
packets can directly access the specified external websites.
Follow these steps to configure a portal-free rule:
To do… Use the command…
Remarks
Enter system view system-view