Verifying the configuration, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

213

# Configure the local portal server to support HTTPS and reference the configured SSL server

policy access-policy.

[AC] portal local-server https server-policy access-policy

# Bind client SSID abc with the customized authentication page file ssid1.zip, which is saved in
directory flash:/portal/ of the AC. This configuration is optional. If you do not configure the

binding, the AC pushes the system default authentication pages for users.

[AC] portal local-server bind ssid abc file ssid1.zip

# Configure the local portal server name as newpt and IP address as 192.168.1.1. Other
parameters do not need to be configured.

[AC] portal server newpt ip 192.168.1.1

# On VLAN-interface 2, the interface connected to the client, specify the authentication domain

dm1 and portal server newpt for portal users and enable direct portal authentication.

[AC] interface vlan-interface 2

[AC–Vlan-interface2] portal domain dm1

[AC–Vlan-interface2] portal server newpt method direct

[AC–Vlan-interface2] quit

Verifying the configuration

After the wireless client is connected to the wireless network whose SSID is abc, when the user accesses

subnet 1.1.1.0/24 by using a web browser, the user will be redirected to page

https://192.168.1.1/portal/logon.htm. This page is the authentication page that is bound with SSID abc.

After entering the correct username and password on the web page, the user will pass the authentication.
You can view information about the user by using the display portal user command on the AC.

Configuring portal stateful failover with local portal servers

Network requirements

A failover link is present between AC 1 and AC 2. Both AC 1 and AC 2 support portal authentication.

Configure stateful failover between AC 1 and AC 2 to support portal service backup and use VRRP to

implement traffic switchover between the ACs. More specifically,

•

When AC 1 operates normally, Client accesses AC 1 for portal authentication before accessing the
Internet. When AC 1 fails, Client accesses the Internet through AC 2. Use VRRP uplink/downlink

detection mechanism to ensure non-stop traffic forwarding.

•

Use the RADIUS server as the authentication/accounting server.

•

Use local portal servers on the ACs.

•

AC 1 and AC 2 use the failover link to transmit stateful failover related packets. Specify VLAN 10

on the ACs as the VLAN dedicated for stateful failover related packets.