Can the FW interwork with an external portal server

7

The FW provides an embedded Portal authentication page through port 8887. Users can proactively access the authentication page (https://interface IP address:8887) or be directed to the page through the HTTP direction function.

In addition, the FW allows you to set the address of an external Portal server as the address of the authentication page. The external Portal server must interwork with the FW to complete authentication. Currently, the Portal servers that can interwork with the FW include Huawei Agile Controller and Policy Center.

The commands for specifying a Portal authentication page are as follows:
system-view
[sysname] user-manage portal-template test
[sysname-portal-template-test] portal-url http://10.2.0.50:8080/portal

Other related questions:
S series switches' support for Portal authentication
Portal authentication is also called web authentication. For S series switches (except the S1700), Portal authentication can be classified into built-in Portal authentication and external Portal authentication. S series switches' support for external Portal authentication is as follows: - In V100R006: Switches except the S2700SI, S2710SI, S2700EI, S2752EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R001: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R002: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R003: Switches except the S2750EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R005 and later versions: All switch models support external Portal authentication. In versions earlier than V200R007C00, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC support built-in Portal authentication only. In V200R007C00 and later versions, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC that have Layer 3 hardware forwarding of IPv4 packets enabled support external Portal authentication. Only S series fixed switches support built-in Portal authentication.

How to configure external Portal authentication
The external Portal server with independent hardware provides external Portal authentication. The configuration is as follows: 1. Configure the Portal server template abc. [Huawei] web-auth-server abc [Huawei-web-auth-server-abc] server-ip 192.168.2.20 [Huawei-web-auth-server-abc] port 50200 //Ensure that the configured port number is the same as the port number of the Portal server. [Huawei-web-auth-server-abc] url http://192.168.2.20:8080/webagent [Huawei-web-auth-server-abc] quit 2. Enable Portal authentication. [Huawei] interface vlanif 10 [Huawei-Vlanif10] web-auth-server abc direct [Huawei-Vlanif10] quit 3. Set the shared key that the AR uses to exchange information with the Portal server to Huawei@123 in cipher text. [Huawei] web-auth-server abc [Huawei-web-auth-server-abc] shared-key cipher Huawei@123 [Huawei-web-auth-server-abc] quit You also need to perform the following configurations: - Configure VLANs and interfaces. - Configure a domain that users belong to and AAA schemes. - If local authentication is used, add the user name and password on the access device. - If remote authentication is used, configure the RADIUS server template, route to the RADIUS server, user name, password, and shared key.

How to configure external Portal authentication on S series switches
In external Portal authentication, an independent external Portal server implements Portal authentication. Both modular and fixed switches support external Portal authentication. For switches running V200R003C10 and earlier versions, NAC can be configured only in common mode. For switches running V200R005C00 and later versions, NAC can be configured in common or unified mode. Accordingly, external Portal authentication can be configured in common or unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only. - See "NAC Configuration (Common Mode) - Example for Configuring External Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. - See "NAC Configuration (Unified Mode) - Example for Configuring External Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. - See "NAC Configuration (Unified Mode) - Example for Configuring External Portal Authentication" in S1720&S2700&S5700&S6720 V200R009C00 Configuration Guide - User Access and Authentication.

Can an S series switch perform Portal authentication if the Portal server is on the extranet
If the Portal server is on the extranet, you can configure static NAT on the egress device to map the Portal server's port number required for Portal authentication to the intranet, and configure the Portal server to communicate with intranet devices and users. An S series switch (a non-S1700 switch) then can perform Portal authentication.

How do I configure interworking with an LDAP server on the SMC2.0?
For details about how to configure interworking with an LDAP server on the SMC2.0: 1. Log in to Huawei Enterprise Technical Support Website. 2. Search for SMC2.0. 3. Select the version number to obtain the product documentation. 4. View section "Service Configuration > Configuring LDAP Settings" in the product documentation.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top