R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

121

122

123

124

125

126

127

128

129

130

117

Configuring a portal Web server

Perform this task to configure the following portal Web server parameters:

• VPN instance of the portal Web server

• URL of the portal Web server

• Parameters carried in the URL when the device redirects the URL to users

The device supports multiple portal Web servers.

To configure a portal Web server:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a portal Web server

and enter its view.

portal web-server server-name

By default, no portal Web server is

created.

3. Specify the VPN instance to

which the portal Web server

belongs.

vpn-instance vpn-instance-name

By default, the portal Web server

belongs to the public network.

4. Specify the URL of the portal

Web server.

url url-string By default, no URL is specified.

5. Configure the parameters to be

carried in the URL when the

device redirects it to users.

url-parameter param-name

{ original-url | source-address |

source-mac | value expression }

By default, no redirection URL

parameters are configured.

Enabling portal authentication on an interface

You must first enable portal authentication on an access interface before it can perform portal

authentication for connected clients.

When a portal-enabled interface receives a portal packet, it checks the source IP address and VPN

information of the packet. If the packet matches a locally configured portal authentication server, the

interface regards the packet valid and sends an authentication response packet to the portal

authentication server. Otherwise, the interface drops the packet. After a user logs in to the device, the

user interacts with the portal authentication server.

Configuration restrictions and guidelines

When you enable portal authentication on an interface, follow these restrictions and guidelines:

• Make sure the interface has a valid IP address before you enable portal authentication on the

interface.

• Make sure the device supports IPv6 ACL and IPv6 forwarding before you enable IPv6 portal

authentication.

• Do not add the interface enabled with portal authentication to an aggregation group. Otherwise,

portal authentication does not take effect.

• Cross-subnet authentication mode (layer3) does not require Layer 3 forwarding devices between

the access device and the portal authentication clients. However, if a Layer 3 forwarding device

exists between the authentication client and the access device, you must use the cross-subnet portal

authentication mode.