Portal authentication cannot be enabled on an interface of an S series switch

3

When configuring Portal authentication using an external Portal server on S series switches (except the S1700) in NAC common mode (applicable to switches running all versions), you do not need to enable Portal authentication on an interface, but only need to bind the configured Portal server template to a VLANIF interface.
For example, perform the following operations to bind the Portal server template Server1 to VLANIF 10:
[HUAWEI] vlan batch 10
[HUAWEI] web-auth-server Server1
[HUAWEI-web-auth-server-Server1] server-ip 11.10.1.1
[HUAWEI-web-auth-server-Server1] quit
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] web-auth-server Server1

Other related questions:
S series switches' support for Portal authentication
Portal authentication is also called web authentication. For S series switches (except the S1700), Portal authentication can be classified into built-in Portal authentication and external Portal authentication. S series switches' support for external Portal authentication is as follows: - In V100R006: Switches except the S2700SI, S2710SI, S2700EI, S2752EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R001: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R002: Switches except the S5700LI and S5700S-LI support external Portal authentication. - In V200R003: Switches except the S2750EI, S5700LI, and S5700S-LI support external Portal authentication. - In V200R005 and later versions: All switch models support external Portal authentication. In versions earlier than V200R007C00, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC support built-in Portal authentication only. In V200R007C00 and later versions, the S2720EI, S2750EI, S5700-10P-LI-AC, and S5700-10P-PWR-LI-AC that have Layer 3 hardware forwarding of IPv4 packets enabled support external Portal authentication. Only S series fixed switches support built-in Portal authentication.

Configure Portal authentication on S series switch
Portal authentication is also called web authentication. Generally, portal authentication websites are referred to as portal websites. In Portal authentication, users do not need a specific client and can access some free services and portal website without being authenticated. Among S series switches (except S1700), modular switches support only external Portal servers; fixed switches support both external Portal servers and built-in Portal servers (access devices provide the Portal server function).

Why cannot the authentication page be pushed during portal authentication on AR1220-S
Possible causes: The tunnel forwarding function has not been enabled on the router for HTTP authentication packets. Recommended solution: Run the following commands to enable the tunnel forwarding function for HTTP authentication packets: service-set name portal id 2 service-vlan 14 tunnel-forward protocol http By default, the tunnel forwarding function is not enabled for HTTP authentication packets. This function is enabled by default on AC6605 V200R003 and later versions. For details, see the URL: The authentication page can not be pushed when the AR1220-S router is authenticated .

Can an S series switch perform Portal authentication if the Portal server is on the extranet
If the Portal server is on the extranet, you can configure static NAT on the egress device to map the Portal server's port number required for Portal authentication to the intranet, and configure the Portal server to communicate with intranet devices and users. An S series switch (a non-S1700 switch) then can perform Portal authentication.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top