R0106-HP MSR Router Series Security Configuration Guide(V7)
158
[RouterA-portal-server-newpt] port 50100
[RouterA-portal-server-newpt] quit
# Configure a portal Web server.
[RouterA] portal web-server newpt
[RouterA-portal-websvr-newpt] url http://192.168.0.111:8080/portal
[RouterA-portal-websvr-newpt] vpn-instance vpn3
[RouterA-portal-websvr-newpt] quit
# Enable cross-subnet portal authentication on interface GigabitEthernet 2/1/1.
[RouterA] interface gigabitethernet 2/1/1
[RouterA–GigabitEthernet2/1/1] portal enable method layer3
# Reference the portal Web server newpt on GigabitEthernet 2/1/1.
[RouterA–GigabitEthernet2/1/1] portal apply web-server newpt
# Configure the BAS-IP as 3.3.0.3 for portal packets sent from GigabitEthernet 2/1/1 to the portal
authentication server.
[RouterA–GigabitEthernet2/1/1] portal bas-ip 3.3.0.3
[RouterA–GigabitEthernet2/1/1] quit
Verifying the configuration
# Verify the portal configuration by executing the display portal interface command. (Details not shown.)
# After the user passes authentication, execute the display portal user command to display the portal
user information.
[RouterA] display portal user all
Total portal users: 1
Username: abc
Portal server: newpt
State: Online
Authorization ACL: None
VPN instance: vpn3
MAC IP VLAN Interface
000d-88f7-c268 3.3.0.1 -- GigabitEthernet2/1/1
Troubleshooting portal
No portal authentication page is pushed for users
Symptom
When a user is redirected to the portal Web server for authentication, no portal authentication page or
error message is prompted for the user. The login page is blank.
Analysis
The key configured on the portal access device and that configured on the portal authentication server
are inconsistent. As a result, packet verification fails, and the portal authentication server refuses to push
the authentication page.
Solution
Use the display portal server command on the access device to check whether a key is configured for the
portal authentication server.