Must I configure a shared key for Portal authentication

25

To implement Portal authentication using an external Portal server, you must configure a shared key on switches running V100R006 and later versions to exchange information with the Portal server. The shared key configured on the switch must be the same as that configured on the Portal server.

Other related questions:
How to configure the RADIUS authentication shared key on an S series switch
The RADIUS shared key is used to encrypt packets exchanged between an access device and a RADIUS server, ensuring security of packet transmission. The RADIUS shared key configured on the access device must be the same as that configured on the RADIUS server. If an S series switch (a non-S1700 switch) functions as an access device, configure the RADIUS shared key as follows: [HUAWEI] radius-server template shiva [HUAWEI-radius-shiva] radius-server shared-key cipher Huawei@2012

Configuring the pre-shared IPSec key on the firewall
You can configure the IPSec pre-shared key on the USG as follows: Run the pre-shared command in the IKE peer view to configure the pre-shared key or run the undo pre-shared-key command to cancel the pre-shared key. Requirements: The pre-shared key is a string of 1-128 characters.It supports special characters(such as !,@ ,#,$,and %)instead of spaces.It is case-sensitive.The system converts the character string as cipher-text key,saved in the configuration file.Authentication keys on both ends of a security connection must be consistent. Configuration example: #Set the authentication key of IKE peer1 to Test!123. system-view //Enter the system view. [sysname] ike peer peer1 //Enter the IKE peer view. [sysname-ike-peer-peer1] pre-shared-key Test!123 //Set the pre-shared key.

Configure Portal authentication on S series switch
Portal authentication is also called web authentication. Generally, portal authentication websites are referred to as portal websites. In Portal authentication, users do not need a specific client and can access some free services and portal website without being authenticated. Among S series switches (except S1700), modular switches support only external Portal servers; fixed switches support both external Portal servers and built-in Portal servers (access devices provide the Portal server function).

How to configure built-in Portal authentication
The built-in Portal server of the access device provides built-in Portal authentication. The configuration is as follows: 1. Create a loopback interface and assign an IP address to the loopback interface. [Huawei] interface loopback 1 [Huawei-LoopBack1] ip address 192.168.1.30 32 [Huawei-LoopBack1] quit 2. Configure an IP address for the built-in Portal server. [Huawei] portal local-server ip 192.168.1.30 3. Enable Portal authentication. [Huawei] portal local-server https ssl-policy huawei //Ensure that the SSL policy named huawei has been configured. [Huawei] portal local-server enable interface ethernet 2/0/0 You also need to perform the following configurations: - Configure VLANs and interfaces. - Configure a domain that users belong to and AAA schemes. - If local authentication is used, add the user name and password on the access device. - If remote authentication is used, configure the RADIUS server template, route to the RADIUS server, user name, password, and shared key.

How to configure external Portal authentication
The external Portal server with independent hardware provides external Portal authentication. The configuration is as follows: 1. Configure the Portal server template abc. [Huawei] web-auth-server abc [Huawei-web-auth-server-abc] server-ip 192.168.2.20 [Huawei-web-auth-server-abc] port 50200 //Ensure that the configured port number is the same as the port number of the Portal server. [Huawei-web-auth-server-abc] url http://192.168.2.20:8080/webagent [Huawei-web-auth-server-abc] quit 2. Enable Portal authentication. [Huawei] interface vlanif 10 [Huawei-Vlanif10] web-auth-server abc direct [Huawei-Vlanif10] quit 3. Set the shared key that the AR uses to exchange information with the Portal server to Huawei@123 in cipher text. [Huawei] web-auth-server abc [Huawei-web-auth-server-abc] shared-key cipher Huawei@123 [Huawei-web-auth-server-abc] quit You also need to perform the following configurations: - Configure VLANs and interfaces. - Configure a domain that users belong to and AAA schemes. - If local authentication is used, add the user name and password on the access device. - If remote authentication is used, configure the RADIUS server template, route to the RADIUS server, user name, password, and shared key.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top