web-auth-server
Function
The web-auth-server command configures the web authentication server, that is, the external web server.
The undo web-auth-server command deletes the IP address of the configured web authentication server, or restores related parameters to the default values.
By default, there is no shared key between the web authentication server and the device; the IP address of the device is not reported, and the number of the port receiving packets is 50100, and the web authentication server is not detected.
This command is supported only on the NetEngine 8000 F1A.
Format
web-auth-server { ip-address | ipv6-address } [ vpn-instance instance-name ] [ port portnum [ all ] ] [ key { simple simple-key | cipher cipher-key } ] [ nas-ip-address ] [ detect-time time-value ] [ user-query { exclude pre-domain | version1 } ]
undo web-auth-server { ip-address | ipv6-address } [ vpn-instance instance-name ] [ port [ all ] | key | nas-ip-address | detect-time ] [ user-query { exclude pre-domain | version1 } ]
Parameters
| Parameter | Description | Value |
|---|---|---|
| ip-address |
Specifies the IP address of the web authentication server. |
The value is in dotted decimal notation. |
| ipv6-address |
Specifies the IPv6 address of the web authentication server. |
The value is a 32-bit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| vpn-instance instance-name |
Specifies the name of the VPN instance to which the web authentication server belongs. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. |
| instance-name |
Specifies the VPN instance name. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. |
| port portnum |
Specifies the number of the port through which the web authentication server receives a notification message from the device. |
The value is an integer ranging from 1 to 65535. |
| all |
If the parameter all is configured, the destination port ID of a Web response packet is the specified port ID. If the parameter all is not configured, the destination port ID of a Web response packet is the source port ID of the corresponding Web request packet. By default, the parameter all is not configured. |
- |
| key |
Specifies the key type of the web authentication server. |
- |
| simple simple-key |
Specifies the shared key of the web authentication server in simple text. |
It is a string of 1 to 128 characters. It is case sensitive, excluding special characters of command lines such as space and question mark. |
| cipher cipher-key |
Specifies the shared key of the web authentication server in ciphertext.The value can be in simple text or ciphertext. |
The value is a string of 1 to 128 case-sensitive characters in simple text or a string of 1 to 268 case-sensitive characters in ciphertext. The string can contain spaces if it is enclosed in double quotation marks ("). |
| nas-ip-address |
Indicates whether the IP address of the device is reported. By default, the IP address of the device is not reported. |
- |
| detect-time time-value |
Specifies detection interval of the web authentication server, in minutes. |
The value is an integer ranging from 1 to 65535. |
| user-query |
User information query request. |
- |
| exclude pre-domain |
After this parameter is configured and the device receives request packets for user information from the web authentication server, the device sends success packets to the web authentication server only if users are online and in the authentication domain. If this parameter is not configured and the device receives request packets for user information from the web authentication server, the device sends success packets to the web authentication server as long as users are online. |
- |
| version1 |
After this parameter is configured, when the web server uses the query interface to query information, the device provides the user information obtained based on user MAC and IP addresses as well as the user information obtained based on the user name and accounting ID. The user information is queried based on the MAC address, IP address, user name, and session ID in descending order of priority. The information returned includes the accounting ID, user status, user name, user IP address, user MAC address, user gateway, remaining time, online time, and downstream bandwidth. If this parameter is not configured, user information can be queried only based on user MAC and IP addresses, and the information returned includes the MAC and IP addresses, upstream and downstream traffic, and physical information of users. |
- |
Usage Guidelines
Usage Scenario
When the web authentication is adopted, you must configure the web authentication server and configure the domain to which the web authentication server belongs.
If the device communicates with the web authentication server through Portal V2.0 or a later Portal version, a shared key must be configured.Precautions
In VS mode, this command is supported only by the admin VS.
If the ipoe-server multi-sessions per-mac enable command is run to enable one-to-many mapping between one MAC address and multiple sessions and the web-auth-server command is run to configure a web authentication server without the version1 parameter, the device cannot use the MAC addresses carried in packets to match users.After the ipoe-server multi-sessions per-mac enable command is run to enable one-to-many mapping between one MAC address and multiple sessions and the web-auth-server command is run to configure the web authentication server to carry the version1 parameter, the device cannot use the MAC address carried in the Query messages to match users. After receiving a Query message, the device matches the user with the MAC address carried in the message. If there are multiple users with the same MAC address, the device matches the user with the smallest user index.
Example
<HUAWEI> system-view [~HUAWEI] web-auth-server 192.168.1.2 user-query version1
<HUAWEI> system-view [~HUAWEI] web-auth-server 10.1.1.8