How to configure external Portal authentication

64

The external Portal server with independent hardware provides external Portal authentication. The configuration is as follows:
1. Configure the Portal server template abc.
[Huawei] web-auth-server abc
[Huawei-web-auth-server-abc] server-ip 192.168.2.20
[Huawei-web-auth-server-abc] port 50200 //Ensure that the configured port number is the same as the port number of the Portal server.
[Huawei-web-auth-server-abc] url http://192.168.2.20:8080/webagent
[Huawei-web-auth-server-abc] quit
2. Enable Portal authentication.
[Huawei] interface vlanif 10
[Huawei-Vlanif10] web-auth-server abc direct
[Huawei-Vlanif10] quit
3. Set the shared key that the AR uses to exchange information with the Portal server to Huawei@123 in cipher text.
[Huawei] web-auth-server abc
[Huawei-web-auth-server-abc] shared-key cipher Huawei@123
[Huawei-web-auth-server-abc] quit
You also need to perform the following configurations:
- Configure VLANs and interfaces.
- Configure a domain that users belong to and AAA schemes.
- If local authentication is used, add the user name and password on the access device.
- If remote authentication is used, configure the RADIUS server template, route to the RADIUS server, user name, password, and shared key.

Other related questions:
How to configure external Portal authentication
The external Portal server with independent hardware provides external Portal authentication. The configuration is as follows: 1. Configure the Portal server template abc. [Huawei] web-auth-server abc [Huawei-web-auth-server-abc] server-ip 192.168.2.20 [Huawei-web-auth-server-abc] port 50200 //Ensure that the configured port number is the same as the port number of the Portal server. [Huawei-web-auth-server-abc] url http://192.168.2.20:8080/webagent [Huawei-web-auth-server-abc] quit 2. Enable Portal authentication. [Huawei] interface vlanif 10 [Huawei-Vlanif10] web-auth-server abc direct [Huawei-Vlanif10] quit 3. Set the shared key that the AR uses to exchange information with the Portal server to Huawei@123 in cipher text. [Huawei] web-auth-server abc [Huawei-web-auth-server-abc] shared-key cipher Huawei@123 [Huawei-web-auth-server-abc] quit You also need to perform the following configurations: - Configure VLANs and interfaces. - Configure a domain that users belong to and AAA schemes. - If local authentication is used, add the user name and password on the access device. - If remote authentication is used, configure the RADIUS server template, route to the RADIUS server, user name, password, and shared key.

S series switches' support for Portal authentication
Portal authentication is also called web authentication. For S series switches (except the S1700), Portal authentication can be classified into built-in Portal authentication and external Portal authentication. S series switches' support for external Portal authentication is as follows: - In V100R006: Switches except the S2700SI, S2710SI, S2700EI, S2752EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R001: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R002: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R003: Switches except the S2750EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R005 and later versions: All switch models support external Portal authentication. In versions earlier than V200R007C00, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC support built-in Portal authentication only. In V200R007C00 and later versions, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC that have Layer 3 hardware forwarding of IPv4 packets enabled support external Portal authentication. Only S series fixed switches support built-in Portal authentication.

Do I need to configure VLANIF interfaces for external Portal authentication
Yes. You need to configure the Portal server on VLANIF interfaces and enable Portal authentication.

How to configure built-in Portal authentication
The built-in Portal server of the access device provides built-in Portal authentication. The configuration is as follows: 1. Create a loopback interface and assign an IP address to the loopback interface. [Huawei] interface loopback 1 [Huawei-LoopBack1] ip address 192.168.1.30 32 [Huawei-LoopBack1] quit 2. Configure an IP address for the built-in Portal server. [Huawei] portal local-server ip 192.168.1.30 3. Enable Portal authentication. [Huawei] portal local-server https ssl-policy huawei //Ensure that the SSL policy named huawei has been configured. [Huawei] portal local-server enable interface ethernet 2/0/0 You also need to perform the following configurations: - Configure VLANs and interfaces. - Configure a domain that users belong to and AAA schemes. - If local authentication is used, add the user name and password on the access device. - If remote authentication is used, configure the RADIUS server template, route to the RADIUS server, user name, password, and shared key.

Configure Portal authentication on S series switch
Portal authentication is also called web authentication. Generally, portal authentication websites are referred to as portal websites. In Portal authentication, users do not need a specific client and can access some free services and portal website without being authenticated. Among S series switches (except S1700), modular switches support only external Portal servers; fixed switches support both external Portal servers and built-in Portal servers (access devices provide the Portal server function).

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top