beautypg.com

Configuration guidelines, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 180

background image

166

Web proxy configuration on clients

Configuration prerequisites

Scenario 1:
All or some clients use a web proxy, and
the portal server's IP address is not

configured as a proxy exception.

If an IMC portal server is used, perform the following
configurations on the IMC portal server:

{

Select NAT as the type of the IP group associated with the
portal device.

{

Specify the proxy server's IP address as the IP address after
NAT.

{

Configure the port group to support NAT

The portal server and the web proxy server have IP connectivity

to each other.

Scenario 2:
All or some clients use a web proxy, and
the portal server's IP address is a proxy

exception.

If an IMC portal server is used, configure the IP group and port
group to not support NAT.

Scenario 3:
All clients use a web proxy server but only
some clients specify the portal server's IP

address as a proxy exception.

If an IMC portal server is used, add the client IP addresses to
two IP groups according to whether the portal server's IP

address is an exception of the proxy server, and then configure

the IP groups and the port group according to scenarios 1 and
2.

The portal server and the web proxy server have IP connectivity

to each other.

Configuration guidelines

If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover web proxy

servers, you must add the port numbers of the web proxy servers on the device and configure

portal-free rules to allow user packets destined for the IP address of the WPAD server to pass without

authentication.

If you add the web proxy server port 80 on the device, clients that do not use a proxy server can
trigger portal authentication only when they access a reachable host enabled with the HTTP service.

Authorized ACLs to be assigned to users who have passed portal authentication must contain a rule
that permits the web proxy server's IP address. Otherwise, the users cannot receive heartbeat

packets from the remote portal server.

Configuration procedure

To configure Layer 3 portal authentication to support a web proxy:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Add a web proxy server port

number.

portal web-proxy port port-number

By default, no web proxy server
port number is configured and

proxied HTTP requests do not

trigger portal authentication.