web-auth-server (interface view)

Function

The web-auth-server command binds a Portal server template to an interface.

The undo web-auth-server command unbinds a Portal server template from an interface.

By default, no Portal server template is bound to an interface.

Format

VLANIF interface view:

web-auth-server server-name [ bak-server-name ] { direct | layer3 }

undo web-auth-server [ server-name [ bak-server-name ] ] { direct | layer3 }
Layer 3 Ethernet interface view: (Only the S5720-EI, S5720-HI, S5730-HI, S5731-H,?S5731S-H, S5731-S, S5731S-S, S6720-HI, S5732-H, S6730-H, S6730S-H, S6730-S, S6730S-S, S6720-EI, and S6720S-EI support this)

web-auth-server server-name [ bak-server-name ] layer3

undo web-auth-server [ server-name [ bak-server-name ] layer3 ]

Parameters

Parameter	Description	Value
server-name	Specifies the name of the Portal server template.	The value must be an existing Portal server template name.
bak-server-name	Specifies the name of the secondary Portal server template. NOTE: The name of the secondary Portal server template cannot be configured to the command-line keywords direct and layer3.	The value must be an existing Portal server template name.
direct	Indicates Layer 2 authentication.	-
layer3	Indicates Layer 3 authentication.	-

Views

VLANIF interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A configured Portal server template must be bound to the interface. In this way, the users connected to this interface can be authenticated by the Portal server.

When the Portal server template is bound to the interface using the web-auth-server command and a user attempts to access charged network resources, the user is forcibly redirected to the configured Portal authentication page for Portal authentication.

After the primary and secondary Portal server templates are configured, the users who send HTTP requests are redirected to the network access page provided by the secondary Portal server when the primary Portal server is faulty or cannot be accessed. This meets the users' network access requirements. This function can take effect only when the primary Portal server detection function is enabled using the server-detect command and heartbeat detection is enabled on the Portal server.

Portal authentication modes are as follows:

direct: When there is no Layer 3 forwarding device between the user and device, the device can learn the user's MAC address. The device identifies the user using the MAC address.
layer3: When there are Layer 3 forwarding devices between the user and device, the device cannot learn the user's MAC address. The device identifies the user using the IP address uniquely.

Prerequisites

A Portal server template has been created using the web-auth-server command and an IP address has been configured for the Portal server using the server-ip command.

Precautions

You can bind only one Portal server template to an interface. To modify a Portal server template that has been bound to an interface, remove the template from the interface, modify the template, and bind the modified template to the interface again.
If 802.1X authentication, MAC address authentication, MAC address bypass authentication or built-in Portal authentication is enabled on a Layer 2 interface, this command cannot be executed on the VLANIF interface of a VLAN to which the Layer 2 interface is added.
This command does not take effect on the VLANIF interface corresponding to the super VLAN.

Example

# Bind the Portal server template Server1 to VLANIF10, and set the authentication mode to Layer 2 authentication.

<HUAWEI> system-view
[HUAWEI] vlan batch 10
[HUAWEI] web-auth-server Server1
[HUAWEI-web-auth-server-Server1] server-ip 10.10.1.1
[HUAWEI-web-auth-server-Server1] quit
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] web-auth-server Server1 direct