Manualshelf

R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router
321322323324325326327328329330
308
Ste
p
Command
Remarks
3. Specify an authentication
domain for portal users on the
interface.
portal domain domain-name
By default, no authentication
domain is specified for portal
users.
The device selects the authentication domain for a portal user on an interface in this order: the
authentication domain specified for the interface, the authentication domain carried in the username,
and the system default authentication domain. For information about the default authentication domain,
see "Configuring AAA."
Configuring Layer 2 portal authentication to support Web
proxy
The following matrix shows the feature and router compatibility:
Feature
MSR9
00
MSR9
3
X
MSR2
0-1
X
MSR2
0
MSR30 MSR50
MSR10
00
Adding a Web
proxy server port
number
No No No No
Supported on MIM-FSW
modules, MSR30-11E,
and MSR30-11F
No No
By default, proxied HTTP requests cannot trigger Layer 2 portal authentication but are silently dropped.
To allow such HTTP requests to trigger portal authentication, configure the port numbers of the Web
proxy servers on the device.
To configure Layer 2 portal authentication to support a Web proxy:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Add a Web proxy server port
number.
portal web-proxy port port-number
By default, no Web proxy server
port number is configured and
proxied HTTP requests cannot
trigger portal authentication.
If a user's browser uses the WPAD protocol to discover Web proxy servers, add the port numbers of the
Web proxy servers on the device, and configure portal-free rules to allow user packets destined for the
IP address of the WPAD server to pass without authentication.
You must add the port numbers of the Web proxy servers on the device and users must make sure their
browsers that use a Web proxy server do not use the proxy server for the listening IP address of the local
portal server. Thus, HTTP packets that the portal user sends to the local portal server are not sent to the
Web proxy server.
Enabling support for portal user moving
Only Layer 2 portal authentication supports this feature.
The following matrix shows the feature and router compatibility: