< Home

Configuring a Built-in Portal Server

Context

Compared with an external Portal server, a built-in Portal server is easy to use, cost-effective, and easy to maintain. When configuring the built-in Portal server function, you need to specify the IP address of the built-in Portal server and enable the built-in Portal server function globally.

If the time on a client differs from that on the built-in Portal server, the client cannot pass authentication or cannot go offline after passing authentication. Therefore, ensure that the time zone and time on the device are correct when configuring the built-in Portal server function.

VPN users do not support the built-in Portal server function.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run portal local-server ip ip-address

    An IP address is configured for the built-in Portal server.

    By default, no IP address is configured for the built-in Portal server.

    The IP address of the built-in Portal server is the IP address of a Layer 3 interface that has a reachable route to the user.

  3. Run portal local-server https ssl-policy policy-name [ port port-num ]

    The built-in Portal server function is enabled globally.

    By default, the built-in Portal server function is disabled globally.

    Ensure that an SSL policy exists and the digital certificate has been successfully loaded.

  4. (Optional) Run portal local-server authentication-method { chap | pap }

    The authentication mode of the built-in Portal server is configured.

    By default, the CHAP authentication mode is used.

  5. (Optional) Many well-known websites such as Google and Baidu use Hypertext Transfer Protocol Secure (HTTPS). When users visit these websites, it is required that users should be redirected to the Portal authentication page so that Portal authentication can be performed and the users can normally access the network. If unauthenticated Portal users visit websites using HTTPS after HTTPS redirection of Portal authentication is enabled, the device can redirect the users to the Portal authentication page.

    Run authentication https-redirect enable

    HTTPS redirection for Portal or 802.1X authentication is enabled.

    By default, HTTPS redirection for wireless Portal or 802.1X authentication is enabled, and HTTPS redirection for wired Portal or 802.1X authentication is disabled.

    • When Portal authentication is triggered while a user accesses an HTTPS website, the browser displays a security prompt, requiring the user to click Continue to complete Portal authentication.
    • Redirection is not supported if the browser or website runs HTTP Strict Transport Security (HSTS).
    • If the destination port number of the HTTPS request packet sent by the user is not a well-known port number (443), redirection cannot be performed.

    • To enable HTTPS redirection for wired Portal authentication, run the authentication https-redirect enable command and then the portal https-redirect wired enable command.

    • This function takes effect only for new Portal or 802.1X authentication users.
    • This function takes effect only after a Portal server template is created or the IP address of the built-in Portal server is configured.

  6. (Optional) Run portal redirect js enable

    The function of inserting a JavaScript file during Portal redirection is enabled.

    By default, the function of inserting a JavaScript file during Portal redirection is disabled.

Parent Topic: Configuring a Portal Access Profile (for a Built-in Portal Server)
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >