web-auth-server (interface view)

Function

The web-auth-server command binds a Portal server template to an interface.

The undo web-auth-server command unbinds a Portal server template from an interface.

By default, no Portal server template is bound to an interface.

Format

web-auth-server server-name { direct | layer3 } (This command does not support the parameter direct in the Layer 3 Ethernet view)

undo web-auth-server [ server-name { direct | layer3 } ] (This command does not support the parameter direct in the Layer 3 Ethernet view)

Parameters

Parameter Description Value
server-name Specifies the name of the Portal server template. The value is a string of 1 to 31 case-sensitive characters without spaces.
direct Indicates Layer 2 authentication. -
layer3 Indicates Layer 3 authentication. -

Views

VLANIF interface view, Ethernet interface view, 40GE interface view, GE interface view, XGE interface view, Eth-Trunk interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A configured Portal server template must be bound to the interface. In this way, the users connected to this interface can be authenticated by the Portal server.

When the Portal server template is bound to the interface using the web-auth-server command and a user attempts to access charged network resources, the user is forcibly redirected to the configured Portal authentication page for Portal authentication.

Portal authentication modes are as follows:
  • direct: When there is no Layer 3 forwarding device between the user and device, the device can learn the user's MAC address. The device identifies the user using the IP address and MAC address.
  • layer3: When there are Layer 3 forwarding devices between the user and device, the device cannot learn the user's MAC address. The device identifies the user using the IP address uniquely.

Prerequisites

A Portal server template has been created using the web-auth-server (system view) command and an IP address has been configured for the Portal server using the server-ip (Portal server template view) command.

Precautions

  • You can bind only one Portal server template to an interface. To modify a Portal server template that has been bound to an interface, remove the template from the interface, modify the template, and bind the modified template to the interface again.

  • A maximum of eight Portal server templates can be configured on the device and a maximum of 128 interfaces can be bound to a Portal server template. However, one Portal server template can be bound to different interfaces.

  • If 802.1x authentication, MAC address authenticationor MAC address bypass authentication is enabled on a Layer 2 interface, this command cannot be executed on the VLANIF interface of a VLAN to which the Layer 2 interface is added.

  • This command does not take effect on the VLANIF interface corresponding to the super VLAN.

Example

# Bind the Portal server template Server1 to VLANIF10, and set the authentication mode to Layer 2 authentication.

<HUAWEI> system-view
[HUAWEI] interface vlanif 10
[HUAWEI-Vlanif10] web-auth-server Server1  direct

# Bind the Portal server template Server1 to GE1/0/1, and set the authentication mode to Layer 3 authentication.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 1/0/1
[HUAWEI-GigabitEthernet1/0/1] undo portswitch
[HUAWEI-GigabitEthernet1/0/1] web-auth-server Server1 layer3
Related Topics
web-auth-server (system view)
server-ip (Portal server template view)
display web-auth-server configuration
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.