Configure Portal authentication on S series switch

13

Portal authentication is also called web authentication. Generally, portal authentication websites are referred to as portal websites. In Portal authentication, users do not need a specific client and can access some free services and portal website without being authenticated.
Among S series switches (except S1700), modular switches support only external Portal servers; fixed switches support both external Portal servers and built-in Portal servers (access devices provide the Portal server function).

Other related questions:
Configure Portal authentication on S series switch
Portal authentication is also called web authentication. Generally, portal authentication websites are referred to as portal websites. In Portal authentication, users do not need a specific client and can access some free services and portal website without being authenticated. Among S series switches (except S1700), modular switches support only external Portal servers; fixed switches support both external Portal servers and built-in Portal servers (access devices provide the Portal server function).

How to configure built-in Portal authentication on S series switches
In built-in Portal authentication, the access device uses the built-in Portal server to implement Portal authentication. Only fixed switches support built-in Portal authentication. For fixed switches (except the S1700) running V200R003C10 and earlier versions, NAC can be configured only in common mode. For switches running V200R005C00 and later versions, NAC can be configured in common or unified mode. By default, the unified mode is used. Accordingly, built-in Portal authentication can be configured in common or unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only. - See "NAC Configuration (Common Mode) - Example for Configuring Built-in Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. - See "NAC Configuration (Unified Mode) - Example for Configuring Built-in Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. - See "NAC Configuration (Unified Mode) - Example for Configuring Built-in Portal Authentication" in S1720&S2700&S5700&S6720 V200R009C00 Configuration Guide - User Access and Authentication.

S series switches' support for Portal authentication
Portal authentication is also called web authentication. For S series switches (except the S1700), Portal authentication can be classified into built-in Portal authentication and external Portal authentication. S series switches' support for external Portal authentication is as follows: - In V100R006: Switches except the S2700SI, S2710SI, S2700EI, S2752EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R001: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R002: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R003: Switches except the S2750EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R005 and later versions: All switch models support external Portal authentication. In versions earlier than V200R007C00, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC support built-in Portal authentication only. In V200R007C00 and later versions, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC that have Layer 3 hardware forwarding of IPv4 packets enabled support external Portal authentication. Only S series fixed switches support built-in Portal authentication.

How to configure an authentication-free rule for Portal authentication users on S series switch
For S series switches (except the S1700) running all versions, NAC can be configured in common mode. For switches running V200R005C00 and later versions, NAC can be configured in unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only. In NAC common mode, configure an authentication-free rule to allow all Portal authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] portal free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Common Mode) - (Optional) Setting Access Control Parameters for Portal Authentication Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] authentication free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authentication Free Rules to Assign Network Access Rights to Users" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. In NAC unified mode, configure an authentication-free rule to allow all NAC authentication users to access the network segment 10.1.1.1/24 without authentication. [HUAWEI] free-rule-template name default_free_rule [HUAWEI-free-rule-default_free_rule] free-rule 1 destination ip 10.1.1.1 mask 24 source ip any For details, see "NAC Configuration (Unified Mode) - (Optional) Configuring Authorization Information for Authentication-free Users" in .

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top