web-auth-server

Format

web-auth-server { ip-address | ipv6-address } [ vpn-instance instance-name ] [ port portnum [ all ] ] [ key { simple simple-key | cipher cipher-key } ] [ nas-ip-address ] [ detect-time time-value ] [ user-query { exclude pre-domain | version1 } ]

undo web-auth-server { ip-address | ipv6-address } [ vpn-instance instance-name ] [ port [ all ] | key | nas-ip-address | detect-time ] [ user-query { exclude pre-domain | version1 } ]

Parameters

Parameter	Description	Value
ip-address	Specifies the IP address of the web authentication server.	The value is in dotted decimal notation.
ipv6-address	Specifies the IPv6 address of the web authentication server.	The value is a 32-bit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
vpn-instance instance-name	Specifies the name of the VPN instance to which the web authentication server belongs.	The value is a string of 1 to 31 case-sensitive characters, spaces not supported.
instance-name	Specifies the VPN instance name.	The value is a string of 1 to 31 case-sensitive characters, spaces not supported.
port portnum	Specifies the number of the port through which the web authentication server receives a notification message from the device.	The value is an integer ranging from 1 to 65535.
all	If the parameter all is configured, the destination port ID of a Web response packet is the specified port ID. If the parameter all is not configured, the destination port ID of a Web response packet is the source port ID of the corresponding Web request packet. By default, the parameter all is not configured.	-
key	Specifies the key type of the web authentication server.	-
simple simple-key	Specifies the shared key of the web authentication server in simple text.	It is a string of 1 to 128 characters. It is case sensitive, excluding special characters of command lines such as space and question mark.
cipher cipher-key	Specifies the shared key of the web authentication server in ciphertext.The value can be in simple text or ciphertext.	The value is a string of 1 to 128 case-sensitive characters in simple text or a string of 1 to 268 case-sensitive characters in ciphertext. The string can contain spaces if it is enclosed in double quotation marks (").
nas-ip-address	Indicates whether the IP address of the device is reported. By default, the IP address of the device is not reported.	-
detect-time time-value	Specifies detection interval of the web authentication server, in minutes.	The value is an integer ranging from 1 to 65535.
user-query	User information query request.	-
exclude pre-domain	After this parameter is configured and the device receives request packets for user information from the web authentication server, the device sends success packets to the web authentication server only if users are online and in the authentication domain. If this parameter is not configured and the device receives request packets for user information from the web authentication server, the device sends success packets to the web authentication server as long as users are online.	-
version1	After this parameter is configured, when the web server uses the query interface to query information, the device provides the user information obtained based on user MAC and IP addresses as well as the user information obtained based on the user name and accounting ID. The user information is queried based on the MAC address, IP address, user name, and session ID in descending order of priority. The information returned includes the accounting ID, user status, user name, user IP address, user MAC address, user gateway, remaining time, online time, and downstream bandwidth. If this parameter is not configured, user information can be queried only based on user MAC and IP addresses, and the information returned includes the MAC and IP addresses, upstream and downstream traffic, and physical information of users.	-

Views

System view

Default Level

3: Management level

Task Name and Operations

Task Name	Operations
portal	write

Usage Guidelines

Usage Scenario

When the web authentication is adopted, you must configure the web authentication server and configure the domain to which the web authentication server belongs.

If the device communicates with the web authentication server through Portal V2.0 or a later Portal version, a shared key must be configured.

Precautions

In VS mode, this command is supported only by the admin VS.

If the ipoe-server multi-sessions per-mac enable command is run to enable one-to-many mapping between one MAC address and multiple sessions and the web-auth-server command is run to configure a web authentication server without the version1 parameter, the device cannot use the MAC addresses carried in packets to match users.

After the ipoe-server multi-sessions per-mac enable command is run to enable one-to-many mapping between one MAC address and multiple sessions and the web-auth-server command is run to configure the web authentication server to carry the version1 parameter, the device cannot use the MAC address carried in the Query messages to match users. After receiving a Query message, the device matches the user with the MAC address carried in the message. If there are multiple users with the same MAC address, the device matches the user with the smallest user index.

Example

# Configure the web server at 192.168.1.2 to query user information based on user MAC address and IP address as well as based on the user name and accounting ID.

<HUAWEI> system-view
[~HUAWEI] web-auth-server 192.168.1.2 user-query version1

# Configure a web authentication server whose IP address is 10.1.1.8.

<HUAWEI> system-view
[~HUAWEI] web-auth-server 10.1.1.8