Verifying the configuration, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 227

213
# Configure the local portal server to support HTTPS and reference the configured SSL server
policy access-policy.
[AC] portal local-server https server-policy access-policy
# Bind client SSID abc with the customized authentication page file ssid1.zip, which is saved in
directory flash:/portal/ of the AC. This configuration is optional. If you do not configure the
binding, the AC pushes the system default authentication pages for users.
[AC] portal local-server bind ssid abc file ssid1.zip
# Configure the local portal server name as newpt and IP address as 192.168.1.1. Other
parameters do not need to be configured.
[AC] portal server newpt ip 192.168.1.1
# On VLAN-interface 2, the interface connected to the client, specify the authentication domain
dm1 and portal server newpt for portal users and enable direct portal authentication.
[AC] interface vlan-interface 2
[AC–Vlan-interface2] portal domain dm1
[AC–Vlan-interface2] portal server newpt method direct
[AC–Vlan-interface2] quit
Verifying the configuration
After the wireless client is connected to the wireless network whose SSID is abc, when the user accesses
subnet 1.1.1.0/24 by using a web browser, the user will be redirected to page
https://192.168.1.1/portal/logon.htm. This page is the authentication page that is bound with SSID abc.
After entering the correct username and password on the web page, the user will pass the authentication.
You can view information about the user by using the display portal user command on the AC.
Configuring portal stateful failover with local portal servers
Network requirements
A failover link is present between AC 1 and AC 2. Both AC 1 and AC 2 support portal authentication.
Configure stateful failover between AC 1 and AC 2 to support portal service backup and use VRRP to
implement traffic switchover between the ACs. More specifically,
•
When AC 1 operates normally, Client accesses AC 1 for portal authentication before accessing the
Internet. When AC 1 fails, Client accesses the Internet through AC 2. Use VRRP uplink/downlink
detection mechanism to ensure non-stop traffic forwarding.
•
Use the RADIUS server as the authentication/accounting server.
•
Use local portal servers on the ACs.
•
AC 1 and AC 2 use the failover link to transmit stateful failover related packets. Specify VLAN 10
on the ACs as the VLAN dedicated for stateful failover related packets.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000