Configuration guidelines, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 180

166
Web proxy configuration on clients
Configuration prerequisites
Scenario 1:
All or some clients use a web proxy, and
the portal server's IP address is not
configured as a proxy exception.
•
If an IMC portal server is used, perform the following
configurations on the IMC portal server:
{
Select NAT as the type of the IP group associated with the
portal device.
{
Specify the proxy server's IP address as the IP address after
NAT.
{
Configure the port group to support NAT
•
The portal server and the web proxy server have IP connectivity
to each other.
Scenario 2:
All or some clients use a web proxy, and
the portal server's IP address is a proxy
exception.
If an IMC portal server is used, configure the IP group and port
group to not support NAT.
Scenario 3:
All clients use a web proxy server but only
some clients specify the portal server's IP
address as a proxy exception.
•
If an IMC portal server is used, add the client IP addresses to
two IP groups according to whether the portal server's IP
address is an exception of the proxy server, and then configure
the IP groups and the port group according to scenarios 1 and
2.
•
The portal server and the web proxy server have IP connectivity
to each other.
Configuration guidelines
•
If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover web proxy
servers, you must add the port numbers of the web proxy servers on the device and configure
portal-free rules to allow user packets destined for the IP address of the WPAD server to pass without
authentication.
•
If you add the web proxy server port 80 on the device, clients that do not use a proxy server can
trigger portal authentication only when they access a reachable host enabled with the HTTP service.
•
Authorized ACLs to be assigned to users who have passed portal authentication must contain a rule
that permits the web proxy server's IP address. Otherwise, the users cannot receive heartbeat
packets from the remote portal server.
Configuration procedure
To configure Layer 3 portal authentication to support a web proxy:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Add a web proxy server port
number.
portal web-proxy port port-number
By default, no web proxy server
port number is configured and
proxied HTTP requests do not
trigger portal authentication.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000