portal-server

Format

portal-server user-first-url-key { user-number | default-name }

portal-server identical-url

portal-server { ip-address | ipv6-address | redirect-limit limit-value | url url-string | url-parameter }

portal-server url-parameter shared-key-cipher [ shared-key-cipher ]

undo portal-server { [ ip-address | ipv6-address ] | [ redirect-limit [ limit-value ] ] | [ url [ url-string ] ] | [ url-parameter ] }

undo portal-server user-first-url-key [ user-number | default-name ]

undo portal-server identical-url

undo portal-server url-parameter shared-key-cipher

Parameters

Parameter	Description	Value
user-number	Specifies the keyword used in the function of displaying the page at the first URL.	The value is a string of 1 to 31 characters.
default-name	Uses the default keyword wlanuserfirsturl in the function of displaying the page at the first URL.	-
identical-url	Configures portal-server identical url.	-
ip-address	Specifies the IPv4 address of the portal server.	The value is in dotted decimal notation.
ipv6-address	Specifies the IPv6 address of the portal server.	The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
redirect-limit limit-value	Specifies the number of forcible redirection attempts.	The value ranges from 1 to 5. The default value is 2.
url url-string	Indicates the redirected URL address.	The value ranges from 1 to 200, like http://www.portal.com. It is null by default.
url-parameter	Indicates whether the redirected URL carries wlanusername. If url-parameter is specified, the redirected URL carries wlanusername. If url-parameter is not specified, the redirected URL does not carry wlanusername.	-
shared-key-cipher shared-key-cipher	Specifies the keyword for generating ciphertext user MAC address to be displayed. After the portal-server redirect-key command with cipher configured is run, shared-key-cipher generates ciphertext user MAC address to be displayed. Specifies the empty shared-key when only shared-key-cipher, instead of <shared-key-cipher>, is configured.	The value is a string of 1 to 16 or 1 to 128 characters. You can set a character string with 1 to 16 characters. If you enter the ciphertext shared-key-cipher displayed in the configuration file, the value can be a string of 1 to 128 characters
user-first-url-key	Configures the portal server to display the page at the first URL that a user enters.	-

Views

AAA domain view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
aaa-access	write

Usage Guidelines

Usage Scenario

When a user accesses an external network for the first time, the NetEngine 8000 F redirects the access request to the specified server (normally the portal server of carriers). This operation is called mandatory portal. The Internet website that the user first accesses is one of the services of the website specified by carriers.

The IP address of the forcibly-redirected URL should be the same as the IP address of the portal server.

If the HW-Portal-Mode attribute is delivered in a RADIUS authentication packet or CoA message, the default number of forcible redirection attempts is used, and the configured value fails to take effect.

If the portal-server url-parameter command is used, the parameter wlanusername is carried in the URL for redirection. If you have configured the function of redirecting a user to the first URL entered by the user and the portal server supports this function, the portal server displays the page at the URL that the user enters before portal authentication if the user passes the portal authentication. Otherwise, the user is directed to the portal page and has to enter the initial URL again after the portal authentication to access the page.

In IPv6 forcible redirection scenarios, you must run the portal-server identical-url command. This configuration allows IPv4 and IPv6 users to use identical URL and the IPv6 redirection web page to be pushed to users.

When users are forcibly redirected to the portal server, if you do not want the actual user MAC address to be displayed, run the portal-server redirect-key command with cipher configured. Then the user MAC address is displayed in ciphertext. Portal-server url-parameter shared-key-cipher command is used to generate the ciphertext user MAC address to be displayed.

Precautions

In VS mode, this command is supported only by the admin VS.

If the portal-redirect redirect-time command is run in the domain or AAA view, the portal-server redirect-limit command configured in the same view fails to take effect.

Example

# Set the IP address of the mandatory portal server in the domain.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] commit
[*HUAWEI-aaa-domain-huawei] portal-server url http://www.huawei.com

# Configure IPv4 and IPv6 users to use identical URL.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] commit
[*HUAWEI-aaa-domain-huawei] portal-server identical-url

# Set the keyword used in the function of displaying the page at the first URL to userfirsturl.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] commit
[*HUAWEI-aaa-domain-huawei] portal-server user-first-url-key userfirsturl

# Set the mandatory redirection counts to 3.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] commit
[*HUAWEI-aaa-domain-huawei] portal-server redirect-limit 3

# Configure the IP address of the portal server for domain huawei to 10.10.10.1 and enable the mandatory portal.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] commit
[*HUAWEI-aaa-domain-huawei] portal-server 10.10.10.1

# Set URL parameters.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] domain huawei
[*HUAWEI-aaa-domain-huawei] commit
[*HUAWEI-aaa-domain-huawei] portal-server url-parameter