Troubleshooting portal, Symptom, Analysis – H3C Technologies H3C S7500E Series Switches User Manual

8-30

Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001)

for Internet resources

On the security policy server, you need to specify ACL 3000 as the isolation ACL and ACL 3001

as the security ACL.

[SwitchA] acl number 3000

[SwitchA-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255

[SwitchA-acl-adv-3000] rule deny ip

[SwitchA-acl-adv-3000] quit

[SwitchA] acl number 3001

[SwitchA-acl-adv-3001] rule permit ip

[SwitchA-acl-adv-3001] quit

3) Configure portal authentication

# Configure the portal server as follows:

z

Name: newpt

z

IP address: 192.168.0.111

z

Key: portal

z

Port number: 50100

z

URL: http://192.168.0.111:8080/portal.

[SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting Switch B.

[SwitchA] interface vlan-interface 4

[SwitchA–Vlan-interface4] portal server newpt method layer3

[SwitchA–Vlan-interface4] quit

On Switch B, you need to configure a default route to subnet 192.168.0.0/24, setting the next

hop as 20.20.20.1. The configuration steps are omitted.

Troubleshooting Portal

Inconsistent Keys on the Access Device and the Portal Server

Symptom

When a user is forced to access the portal server, the portal server displays neither the portal

authentication page nor any error message. What the user sees is a blank web page.

Analysis

The keys configured on the access device and the portal server are inconsistent, causing CHAP

message exchange failure. As a result, the portal server does not display the authentication

page.