beautypg.com

Enabling layer 3 portal authentication – H3C Technologies H3C SecPath F1000-E User Manual

Page 9

background image

8

CAUTION:

At present, the access device allows you to specify up to four portal servers.

The specified parameters of a portal server can be modified or deleted only if the portal server is not
referenced on any interface.

Enabling Layer 3 Portal Authentication

Only after you enable portal authentication on an access interface, can the access interface perform

portal authentication on connected clients.
Before enabling Layer 3 portal authentication on an interface, make sure that:

An IP address is configured for the interface.

The interface is not added to any port aggregation group.

The portal server to be referenced on the interface exists.

Follow these steps to enable Layer 3 portal authentication:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter interface view

interface interface-type

interface-number

The interface must be a Layer 3
Ethernet interface.

Enable Layer 3 portal
authentication on the interface

portal server server-name
method { direct | layer3 |
redhcp }

Required
Not enabled by default.

NOTE:

You cannot enable portal authentication on a Layer 3 port added to an aggregation group, nor can you
add a portal-enabled Layer 3 port to an aggregation group.

The destination port number that the device uses for sending packets to the portal server unsolicitedly
must be the same as that the remote portal server actually uses.

To ensure that the device can send packets to the portal server in an MPLS VPN, you need to specify the
VPN instance to which the portal server belongs when specifying the portal server on the device.

The portal server and its parameters can be deleted or modified only when the portal server is not
referenced by any interface.

Only cross-subnet authentication mode (portal server

server-name method layer3) can be used in

applications with Layer 3 forwarding devices present between the authentication clients and the access

device. However, cross-subnet authentication does not require any Layer 3 forwarding devices between

the access device and the authentication clients.

In re-DHCP authentication mode, a user is allowed to send packets using a public IP address before
passing portal authentication, but the corresponding response packets are restricted.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: