beautypg.com

Enabling layer 3 portal authentication, Configuration guidelines – H3C Technologies H3C SecPath F1000-E User Manual

Page 128

background image

118

NOTE:

For installation and configuration about the security policy server, see

CAMS EAD Security Policy

Component User Manual or IMC EAD Security Policy Help.

The ACL for resources in the quarantined area and that for restricted resources correspond to isolation
ACL and security ACL on the security policy server respectively.

You can modify the authorized ACLs on the access device. However, your changes take effect only for
portal users logging on after the modification.

Specifying a portal server for Layer 3 portal

authentication

Use this task to specify portal server parameters for Layer 3 portal authentication, including the portal
server IP address, shared encryption key, server port, and the URL address for Web authentication.
To specify a remote portal server for Layer 3 portal authentication:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Specify a portal server and
configure related parameters.

portal server server-name ip
ip-address [ key key-string | port

port-id | url url-string ] *

By default, no portal server is
specified.

NOTE:

You can specify four portal servers on the firewall at most.

The specified parameters of a portal server can be modified or deleted only if the portal server is not
referenced on any interface.

Enabling Layer 3 portal authentication

Before enabling Layer 3 portal authentication on an interface, make sure that:

An IP address is configured for the interface.

The interface is not added to any port aggregation group.

The portal server to be referenced on the interface exists.

Configuration guidelines

You cannot enable portal authentication on a Layer 3 interface added to an aggregation group,

nor can you add a portal-enabled Layer 3 interface to an aggregation group.

The destination port number that the firewall uses for sending unsolicited packets to the portal server
must be the same as that which the remote portal server actually uses.

The portal server and its parameters can be deleted or modified only when the portal server is not
referenced by any interface.

Cross-subnet authentication mode (portal server server-name method layer3) does not require
Layer 3 forwarding devices between the access device and the authentication clients. However, if

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: