How to configure built-in Portal authentication on S series switches

3

In built-in Portal authentication, the access device uses the built-in Portal server to implement Portal authentication. Only fixed switches support built-in Portal authentication.
For fixed switches (except the S1700) running V200R003C10 and earlier versions, NAC can be configured only in common mode. For switches running V200R005C00 and later versions, NAC can be configured in common or unified mode. By default, the unified mode is used. Accordingly, built-in Portal authentication can be configured in common or unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only.
- See "NAC Configuration (Common Mode) - Example for Configuring Built-in Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication.
- See "NAC Configuration (Unified Mode) - Example for Configuring Built-in Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication.
- See "NAC Configuration (Unified Mode) - Example for Configuring Built-in Portal Authentication" in S1720&S2700&S5700&S6720 V200R009C00 Configuration Guide - User Access and Authentication.

Other related questions:
How to configure built-in Portal authentication
The built-in Portal server of the access device provides built-in Portal authentication. The configuration is as follows: 1. Create a loopback interface and assign an IP address to the loopback interface. [Huawei] interface loopback 1 [Huawei-LoopBack1] ip address 192.168.1.30 32 [Huawei-LoopBack1] quit 2. Configure an IP address for the built-in Portal server. [Huawei] portal local-server ip 192.168.1.30 3. Enable Portal authentication. [Huawei] portal local-server https ssl-policy huawei //Ensure that the SSL policy named huawei has been configured. [Huawei] portal local-server enable interface ethernet 2/0/0 You also need to perform the following configurations: - Configure VLANs and interfaces. - Configure a domain that users belong to and AAA schemes. - If local authentication is used, add the user name and password on the access device. - If remote authentication is used, configure the RADIUS server template, route to the RADIUS server, user name, password, and shared key.

S series switches' support for Portal authentication
Portal authentication is also called web authentication. For S series switches (except the S1700), Portal authentication can be classified into built-in Portal authentication and external Portal authentication. S series switches' support for external Portal authentication is as follows: - In V100R006: Switches except the S2700SI, S2710SI, S2700EI, S2752EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R001: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R002: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R003: Switches except the S2750EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R005 and later versions: All switch models support external Portal authentication. In versions earlier than V200R007C00, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC support built-in Portal authentication only. In V200R007C00 and later versions, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC that have Layer 3 hardware forwarding of IPv4 packets enabled support external Portal authentication. Only S series fixed switches support built-in Portal authentication.

Configure Portal authentication on S series switch
Portal authentication is also called web authentication. Generally, portal authentication websites are referred to as portal websites. In Portal authentication, users do not need a specific client and can access some free services and portal website without being authenticated. Among S series switches (except S1700), modular switches support only external Portal servers; fixed switches support both external Portal servers and built-in Portal servers (access devices provide the Portal server function).

How to configure external Portal authentication on S series switches
In external Portal authentication, an independent external Portal server implements Portal authentication. Both modular and fixed switches support external Portal authentication. For switches running V200R003C10 and earlier versions, NAC can be configured only in common mode. For switches running V200R005C00 and later versions, NAC can be configured in common or unified mode. Accordingly, external Portal authentication can be configured in common or unified mode. For switches running V200R009C00, the configuration model of NAC unified mode changes. Query the appropriate product manual based on the switch model and version. The following links are for reference only. - See "NAC Configuration (Common Mode) - Example for Configuring External Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. - See "NAC Configuration (Unified Mode) - Example for Configuring External Portal Authentication to Control Internal User Access" in S2750&S5700&S6720 V200R008C00 Configuration Guide - User Access and Authentication. - See "NAC Configuration (Unified Mode) - Example for Configuring External Portal Authentication" in S1720&S2700&S5700&S6720 V200R009C00 Configuration Guide - User Access and Authentication.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top