The system view is displayed.
Run web-auth-server server-name
A Portal server template is created and the Portal server template view is displayed.
By default, no Portal server template is created.
Run protocol portal
The protocol used in Portal authentication is set to Portal.
By default, the Portal protocol is used in Portal authentication.
Run server-ip { server-ip-address &<1-10> | ipv6 server-ipv6-address &<1-3> }
The IP address of a Portal server is configured.
By default, no IP address of a Portal server is configured.
(Optional) Configure a source IP address for the device to communicate with the Portal server.
Run source-ip ip-address
A source IP address is configured for the device to communicate with the Portal server.
Run source-interface interface-type interface-number
An IP address of the specified interface is configured for the device to communicate with the Portal server.
By default, no source IP address is configured for the device.
(Optional) Run port port-number [ all ]
A destination port number is configured for the device to send packets to the Portal server.
By default, the device uses the destination port number 50100 to send packets to the Portal server.
A shared key is configured for the device to exchange information with the Portal server.
By default, no shared key is configured.
A VPN instance is configured for the device to communicate with the Portal server.
By default, no VPN instance is configured for the device to communicate with the Portal server.
(Optional) Run web-redirection disable
The Portal authentication redirection function is disabled.
By default, the Portal authentication redirection function is enabled.
The device redirects all unauthenticated users to the Portal authentication page when the users send access requests to external networks. However, in some special scenarios (for example, users need to manually enter the URL of the authentication page), you can run the web-redirection disable command to disable the Portal authentication redirection function.
Configure the URL of the Portal server.
You can bind a URL or a URL template to a Portal server template. Compared with URL binding, URL template binding allows you to configure the redirect URL of the Portal server and configure the URL to carry parameters related to users or the access device. The Portal server then can obtain user terminal information based on parameters carried in the URL and provide different Portal authentication pages for different users. You can choose URL binding mode or URL template binding mode based on actual requirements.
URL binding mode
Run url url-string
A URL is configured for the Portal server.
By default, no URL is configured for the Portal server.
URL template binding mode
Create and configure a URL template.
Return to the system view.
A URL template is created and the URL template view is displayed.
By default, no URL template is created on the device.
A redirect URL is configured for the Portal server.
By default, no redirect URL is configured for the Portal server.
Parameters carried in the URL are configured.
By default, a URL does not carry parameters.
The MAC address format in the URL is configured.
By default, the MAC address format in a URL is XXXXXXXXXXXX.
Characters in the URL are configured.
By default, the start character in a URL is a question mark (?), the assignment character is an equal sign (=), and the delimiter between parameters is an ampersand (&).
Redirection parameter values are set.
By default, the device automatically obtains redirection parameter values.
Return to the system view.
The Portal server template view is displayed.
The URL template is bound to the Portal server template.
By default, no URL template is bound to a Portal server template.
The device support encryption of parameter information in the URL template only when it connects to the Huawei Agile Controller-Campus or iMaster NCE-Campus.
Run system-view
The system view is displayed.
Portal protocol versions supported by the device are configured.
By default, the device supports Portal protocol v1 and v2.
The default setting is recommended to ensure proper communication; that is, the device supports both versions.
The number of the port through which the device listens to Portal packets is configured.
By default, the device listens to Portal packets through port 2000.
The device is enabled to transparently transmit user authentication information received from the authentication server to the Portal server.
By default, the device transparently transmits users' authentication responses sent by the authentication server to the Portal server.
Run portal redirect-http-port port-number &<1-10>
A user-defined destination port number of HTTP packets that trigger Portal redirection is configured.
By default, the device redirects users to the Portal authentication page only when their browsers send HTTP packets with the destination port number 80.
Run authentication https-redirect enable
HTTPS redirection for Portal or 802.1X authentication is enabled.
By default, HTTPS redirection for wireless Portal or 802.1X authentication is enabled, and HTTPS redirection for wired Portal or 802.1X authentication is disabled.
To enable HTTPS redirection for wired Portal authentication, run the authentication https-redirect enable command and then the portal https-redirect wired enable command.
(Optional) Run portal redirect js enable
The function of inserting a JavaScript file during Portal redirection is enabled.
By default, the function of inserting a JavaScript file during Portal redirection is disabled.
(Optional) Run portal redirect-302 enable
Redirection based on the status code 302 is enabled for Portal authentication.
By default, redirection based on the status code 302 is disabled for Portal authentication.
(Optional) Run portal https-redirect blacklist { ip start-ip-address [ end-ip-address ] | ipv6 start-ipv6-address [ to end-ipv6-address ] }
An address or an address range is added to the HTTPS redirection blacklist. After an address is added to the HTTPS redirection blacklist, HTTPS redirection is not performed for HTTPS access to this address.
By default, no address is added to the HTTPS redirection blacklist.
(Optional) Run portal https-redirect whitelist { ip start-ip-address [ end-ip-address ] | ipv6 start-ipv6-address [ to end-ipv6-address ] }
An address or an address range is added to the HTTPS redirection whitelist.
By default, no address is added to the HTTPS redirection whitelist.
(Optional) Run portal https-redirect blacklist aging-time aging-time
The aging time of addresses in the HTTPS redirection blacklist is configured.
By default, the aging time of addresses in the HTTPS redirection blacklist is 259200 seconds, that is, 72 hours.
(Optional) Run portal https-redirect blacklist packet-rate packet-rate
The maximum rate at which a Portal user accesses an address through HTTPS. If the user access rate reaches the maximum, the switch adds the destination address to the HTTPS redirection blacklist.
By default, the maximum rate at which a Portal user accesses an address through HTTPS is 40 times per minute.
(Optional) Run portal https-redirect blacklist retry-times retry-times interval interval
The maximum number of times and the detection period are configured. Within the detection period, if the number of times an address is added to the provisional HTTPS redirection blacklist reaches the maximum, the address is added to the HTTPS redirection blacklist.
By default, the maximum number of times is 10, the detection period is 3 minutes.
Run portal logout resend times timeout period
The number of times that the device retransmits offline packets of Portal authentication users and the retransmission interval are configured.
By default, the device retransmits offline packets of Portal authentication users for three times at an interval of five seconds.
Run portal logout different-server enable
The device is enabled to process user logout requests sent by a Portal server other than the one from which users log in.
By default, a device does not process user logout requests sent by Portal servers other than the one from which users log in.