web-auth-server source-ip
Function
The web-auth-server source-ip command enables a device to receive the interface IP address in the portal packets sent by the web authentication server.
The undo web-auth-server source-ip command disables a device from receiving the interface IP address in the portal packets sent by the web authentication server.
By default, the device is not enabled to listen for any portal packets received from the web authentication server.
This command is supported only on the NetEngine 8000 F1A.
Format
web-auth-server { source-ip source-ip | source-ipv6 source-ipv6 } [ vpn-instance vpn-instance ]
web-auth-server { source-ip | source-ipv6 } all
undo web-auth-server { source-ip source-ip | source-ipv6 source-ipv6 } [ vpn-instance vpn-instance ]
undo web-auth-server { source-ip | source-ipv6 } all
Parameters
| Parameter | Description | Value |
|---|---|---|
| source-ip source-ip |
Specifies the number of the port through which the device receives packets from the web authentication server. |
The value is in dotted decimal notation. |
| source-ipv6 source-ipv6 |
Specifies source ipv6 address. |
The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X. |
| vpn-instance vpn-instance |
Specifies a VPN instance name. The VPN instance specified must have been configured. |
The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string. |
| all |
Specifies that portal packets can be received from all interface IP addresses of the device. |
- |
Usage Guidelines
Usage Scenario
| Scenario(In English) | Products |
|---|---|
|
In web authentication scenarios, if a device wants to receive the portal packets from a web authentication server, the IP address and port number of the portal packets sent by the web authentication server must be configured. The port number can be configured using the web-auth-server listening-port command. By default, the port number of the portal packets received by the device is 2000. However, by default, no portal packets can be received by interface IP addresses from the web authentication server. Therefore, the following commands need to be run: - If the source-ip parameter is specified, configure the IP address of the interface connecting to the web authentication server. Socket listening needs to be enabled to allow the device to obtain portal packets from the web authentication server based on the interface IP address and port number of the device. - If the web-auth-server { source-ip |
source-ipv6 } all command is run, the device can receive portal packets from the web authentication server from all interface IP addresses. To ensure that the device can properly receive portal packets from the web authentication server, the port number of the portal packets received by the device must be the same as the destination port number in the portal packets sent by the web authentication server. - If the web-auth-server { source-ip |
Precautions
- In web authentication scenarios, the web-auth-server source-ip command must be configured. Otherwise, the device cannot receive portal packets from the web authentication server.
- If the source-ip parameter is specified, a maximum of five IPv4 addresses or five IPv6 addresses can be configured. -There are security risks when the keyword all is specified to allow portal packets to be received from all interface IP addresses.Therefore, do not configure the all parameter. You are advised to configure a specific IP address.
Example
<HUAWEI> system-view [~HUAWEI] web-auth-server source-ip 10.1.1.1
<HUAWEI> system-view [~HUAWEI] web-auth-server source-ipv6 2001:db8:1::1