Configuration guidelines, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 180

166

Web proxy configuration on clients

Configuration prerequisites

Scenario 1:
All or some clients use a web proxy, and
the portal server's IP address is not

configured as a proxy exception.

•

If an IMC portal server is used, perform the following
configurations on the IMC portal server:

{

Select NAT as the type of the IP group associated with the
portal device.

{

Specify the proxy server's IP address as the IP address after
NAT.

{

Configure the port group to support NAT

•

The portal server and the web proxy server have IP connectivity

to each other.

Scenario 2:
All or some clients use a web proxy, and
the portal server's IP address is a proxy

exception.

If an IMC portal server is used, configure the IP group and port
group to not support NAT.

Scenario 3:
All clients use a web proxy server but only
some clients specify the portal server's IP

address as a proxy exception.

•

If an IMC portal server is used, add the client IP addresses to
two IP groups according to whether the portal server's IP

address is an exception of the proxy server, and then configure

the IP groups and the port group according to scenarios 1 and
2.

•

The portal server and the web proxy server have IP connectivity

to each other.

Configuration guidelines

•

If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover web proxy

servers, you must add the port numbers of the web proxy servers on the device and configure

portal-free rules to allow user packets destined for the IP address of the WPAD server to pass without

authentication.

•

If you add the web proxy server port 80 on the device, clients that do not use a proxy server can
trigger portal authentication only when they access a reachable host enabled with the HTTP service.

•

Authorized ACLs to be assigned to users who have passed portal authentication must contain a rule
that permits the web proxy server's IP address. Otherwise, the users cannot receive heartbeat

packets from the remote portal server.

Configuration procedure

To configure Layer 3 portal authentication to support a web proxy:

Step Command

Remarks

Enter system view.

system-view

N/A

Add a web proxy server port

number.

portal web-proxy port port-number

By default, no web proxy server
port number is configured and

proxied HTTP requests do not

trigger portal authentication.

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000