Portal authentication can be classified into the following types based on authentication points:
1. Gateway Layer 2 Portal authentication -vlanif interface authentication
2. Gateway Layer 2 Portal authentication-physical port authentication
3. Non-gateway Layer 2 Portal authentication-physical port authentication
4. Layer 3 Portal authentication-physical port /vlanif authentication
Application scenarios of each authentication mode
Authentication Type | Application Scenario | Merit | Disadvantages or Limitations |
Gateway Layer 2 Portal Authentication -vlanif Authentication | The device is a gateway to many subnets. Some subnets need to be authenticated. Some subnets do not need to be authenticated. Therefore, portal authentication is performed on the gateway based on the subnet VLANIF interface. | The configuration is flexible and can be configured as required. | If there are too many subnets and the authentication parameters are the same, the configuration is complex. |
Gateway Layer 2 Portal Authentication-Physical Port Authentication | The device is a gateway to many subnets. All the buttons on the port need to be authenticated. | Based on physical port authentication, the networking planning of ports is irrelevant, and policy association is supported. Some authentication performance is delegated to access devices or APs. | If some subnets need to be authenticated and some do not need to be authenticated, configure free-rule for the subnets that do not need to be authenticated. |
Non-gateway Layer 2 Portal authentication-physical port authentication | The device performs Layer 2 forwarding only. The gateway may be a third-party device or centralized VXLAN network. The gateway cannot perform Portal authentication. | Third-party devices can be used as gateways, and Huawei devices can be used for access or aggregation. | Too many authentication points and complex management |
Layer 3 portal authentication-physical port /vlanif authentication | The subnet gateway is on a third-party device. The third-party device accesses Huawei devices through Layer 3. Portal authentication is required for these users. | Compatible with third-party devices as gateways and Huawei devices as egress devices | Authentication packets are usually processed on a physical interface, and the authentication is weak. |