Table of Contents

Chapter 1 Portal Configuration Commands. 1-1

1.1 Portal Configuration Commands. 1-1

1.1.1 debugging portal 1-1

1.1.2 display portal 1-1

1.1.3 portal 1-8

1.1.4 portal arp-handshake. 1-8

1.1.5 portal auth-network. 1-9

1.1.6 portal delete-user 1-10

1.1.7 portal free-ip. 1-11

1.1.8 portal free-user 1-11

1.1.9 portal method. 1-13

1.1.10 portal server 1-14

1.1.11 reset portal 1-15

 

Chapter 1  Portal Configuration Commands

1.1  Portal Configuration Commands

1.1.1  debugging portal

Syntax

debugging portal { acm | all | arp-handshake | server | tcp-cheat }

undo debugging portal { acm | all | arp-handshake | server | tcp-cheat }

View

User view

Parameter

acm: Enables the debugging for authentication connection management (ACM), that is to say, enables the debugging for state machines related with authentication, connection and management.

all: Enables all the debugging for Portal.

arp-handshake: Enables the debugging for ARP-handshake.

server: Enables the debugging for Portal server.

tcp-cheat: Enables the debugging for TCP cheat.

Description

Use the debugging portal command to enable the debugging for Portal.

Use the undo debugging portal command to disable the debugging output.

Example

# Enable all the debugging for Portal.

<H3C> debugging portal all

1.1.2  display portal

Syntax

1. display portal { acm | server | tcp-cheat } statistics

2. display portal [ auth-network [ auth-vlan-id ] | free-ip | free-user | server [ server-name ] | vlan [ vlan-id ] ]

3. display portal user [ ip ipaddress | interface interface-type interface-number | vlan vlan-id ]

View

Any View

Parameter

acm statistics: Displays the statistics about ACM, that is to say, displays the statistics about the state machines related with authentication, connection and management.

auth-network auth-vlan-id: Displays the authentication network section. auth-vlan-id is the ID of the VLAN where the access port (where the authentication users access into the switch across the network) lies in.

free-ip: Displays the configured authentication-free IP addresses.

free-user: Displays the configured authentication-free users.

server server-name: Displays the information about the Portal server with the specified name.

server statistics: Displays the statistics about the Portal server.

tcp-cheat statistics: Displays the statistics about TCP cheats.

ipaddress: Information about users using the specified IP address.

interface-type: Port type, whose value is Ethernet or GigabitEthernet.

interface-number: Port number, expressed in the form of slot number/card number/port number.

vlan vlan-id: Displays the information about all the users in a VLAN.

Description

Use the display portal command to display the information about Portal.

Example

# Display the information about Portal.

<H3C> display portal

Run Method:

 Direct

Free IP:

  1)IP = 192.168.80.80        Net Mask = 255.255.255.255

  2)IP = 1.1.1.1              Net Mask = 255.255.255.255

  3)IP = 192.168.80.81        Net Mask = 255.255.255.255

  4)IP = 192.168.2.0          Net Mask = 255.255.255.0

Authenticate network:

  1)IP = 6.6.6.1              Net Mask = 255.255.255.0        VLAN ID = 6

  2)IP = 7.7.0.0              Net Mask = 255.255.0.0          VLAN ID = 7

Free User:

  1)Active=Y MAC=000d-88f6-60e0 IP=7.7.7.7         vlan=7    Intf=Ethernet4/1/2 

Portal Server:

  1)pt:

    IP   = 192.168.80.80

    Key  = hello

    Port = 50100

    URL  = http://192.168.80.80/portal/index_default.jsp

  2)test:

    IP   = 1.1.1.1

    Key  = Not configured

    Port = 50100

    URL  = "http://1.1.1.1"

ARP-HandShake:

 Interval: 60s    Retry Times: 5

VLAN Portal Configuration:

 VLAN 7    : Portal Started    Portal Server: pt

 VLAN 80   : Portal Started    Portal Server: test

Table 1-1 Description on the fields displayed by using the display portal command

 

# Display the statistics about Portal ACM.

<H3C> system-view

System View: return to User View with Ctrl+Z.

[H3C] display portal acm statistics

ACM Statistics            Running State Statistics

 WAIT_MAC_ACK              0

 DISCOVERED                0

 WAIT_AUTH_ACK             0

 WAIT_LOGIN_ACK            0

 WAIT_ACL_ACK              0

 WAIT_NEW_IP               0

 ONLINE                    0

 WAIT_LOGOUT_ACK           0

 WAIT_LEAVING_ACK          0

 Message Statistics :

 MSG NAME                  RCV MSG NUM

 PT_MSG_AUTH_ACK           0

 PT_MSG_LOGIN_ACK          0

 PT_MSG_LOGOUT_ACK         0

 PT_MSG_LEAVING_ACK        0

 PT_MSG_CUT_REQ            0

 PT_MSG_MAC_ACK            0

 PT_MSG_ACL_ACK            0

 PT_MSG_ARPPKT             77

 PT_MSG_TMR_REQAUTH        0

 PT_MSG_TMR_AUT            0

 PT_MSG_TMR_LGN            0

 PT_MSG_TMR_LGT            0

 PT_MSG_TMR_LEV            0

 PT_MSG_TMR_HDS            85249

 PT_MSG_ARP_FAIL           0

 PT_MSG_TMR_ACL            0

 PT_MSG_TMR_MAC            0

 PT_MSG_TMR_NIP            0

 PT_MSG_PORT_REMOVE        0

 PT_MSG_TMR_USERIPCHANGE   0

 ERROR Statistics:

 MEM Error: 0           RCV MSG ERR: 0           SND MSG ERR: 0   

Table 1-2 Description on the fields displayed by using the display portal statistics command

 

# Display information about Portal users.

<H3C> display portal user

 This operation may take a few minutes ,please wait

 VLAN 7      Total users: 1        Online users: 0

 Index  State          MAC             IP        VLAN  ACL   Port

 3      WAIT_LOGIN_ACK     000d-88f6-60e0      7.7.7.7       7       3000     Ethernet4/1/2 

Table 1-3 Description on the fields displayed by using the display portal user command

 

1.1.3  portal

Example

portal server-name

undo portal

View

VLAN interface view.

Parameter

server-name: Name of a Portal server, a string of 1 to 32 characters that must be made up of letters, numbers or underlines.

Description

Use the portal command to enable the Portal authentication function on a VLAN interface.

Use the undo portal command to disable this function.

If the Portal runs in the Layer 3 Portal authentication method, you must configure an authentication section before enabling the Portal authentication function on a VLAN interface.

When you enable the Portal authentication function on a VLAN interface, you must make sure that VLAN IDs are in the range of 2 to 4094 firstly, and furthermore, make sure that a valid IP address is configured for this VLAN interface and the specified Portal server has existed.

Example

# Enable the Portal authentication function on VLAN-interface 10. Specify H3C as the Portal server.

<H3C> system-view

System View: return to User View with Ctrl+Z.  

[H3C] interface Vlan-interface 10

[H3C-Vlan-interface10] portal H3C

1.1.4  portal arp-handshake

Syntax

portal arp-handshake { interval interval | retry-times retry-times }*

undo portal arp-handshake { interval | retry-times }

View

System view

Parameter

interval: Interval of ARP handshakes in seconds, in the range of 10 to 180. Its step is 10. It is 60 seconds by default.

retry-times: Maximum retry times of ARP packets, that is to say, the maximum times of permitted handshake failures. This value is in the range of three times to 10 times. It is five times by default.

Description

Use the portal arp-handshake command to configure the interval of handshakes between the portal server and the host and the maximum retry times.

Use the undo portal arp-handshake command to restore the default value.

When authentications are performed in the Direct method or ReDHCP method, the switch handshakes with the host through ARP packets after the host (user PC) has passed the Portal authentication. The switch sends ARP packets at the interval. If the user PC still does not respond after the sending times exceed the retry times, the switch will regard the handshakes as abnormal, cut the connection with this user actively and notify the Portal server about this case.

This command is ineffective for the Layer 3 Portal authentication method.

Example

# Set the interval of handshakes between the switch and the host to 120 seconds, and set the maximum retry times to six times.

<H3C> system-view

System View: return to User View with Ctrl+Z. 

[H3C] portal arp-handshake interval 120 retry-times 6

1.1.5  portal auth-network

Syntax

portal auth-network network-address net-mask vlan vlan-id

undo portal auth-network { network-address net-mask | vlan vlan-id | all }

View

System view

Parameter

network-address net-mask: Address and subnet mask of the authentication network section.

vlan-id: ID of the VLAN where the access port (where the authentication users access into the switch across the network) lies in.

all: Disables all the configured authentication network sections.

Description

Use the portal auth-network command to configure the authentication network section of a Portal client.

Use the undo portal auth-network command to disable the authentication network section for a Portal client.

No authentications network section is configured by default.

This command is effective only for the Layer 3 Portal authentication method.

Example

# Configure the authentication network section for a Portal client: 192.168.0.200/16.

<H3C> system-view

System View: return to User View with Ctrl+Z. 

[H3C] portal auth-network 192.168.0.200 255.255.0.0 vlan 1

1.1.6  portal delete-user

Syntax

portal delete-user ip-address

View

System view

Parameters

ip-address: Deletes the Portal users using the specified IP address.

Description

Use the portal delete-user command to delete the Portal users using the specified IP address.

Examples

# Delete users using the IP address 10.153.94.8.

<H3C> system-view

System View: return to User View with Ctrl+Z. 

[H3C] portal delete-user 10.153.94.8

1.1.7  portal free-ip

Syntax

portal free-ip ip-address [ mask | mask-length ]

undo portal free-ip ip-address [ mask | mask-length ]

View

System view

Parameters

ip-address: Free IP address of the host.

mask: Mask.

mask-length: Length of a mask.

Description

Use the portal free-ip command to set the free IP addressees for a Portal client.

Use the undo portal free-ip command to delete the specified free IP address.

No free IP address is configured by default. .

Free IP addresses can be the IP addresses of DNS servers or the IP addresses that ISP provides to access free websites. All users can access these free IP addresses unrestrictedly.

Up to 8 free IP addresses can be configured in one system. .A Portal server will use one free IP address automatically.

Examples

# Set the IP address 10.1.1.0 as a free IP address

<H3C> system-view

System View: return to User View with Ctrl+Z. 

[H3C] portal free-ip 10.1.1.0

1.1.8  portal free-user

Syntax

In system view:

portal free-user mac mac-address ip ip-address vlan vlan-id interface interface-type interface-number

undo portal free-user { mac mac-address | all }

In Ethernet port view:

portal free-user mac mac-address ip ip-address vlan vlan-id

undo portal free-user { mac mac-address | all }

View

System view, Ethernet port view

Parameters

mac mac-address: Sets the Mac addresses of authentication-free users.

ip ip-address: Sets the IP addresses of authentication-free users. These addresses cannot be full-zero addresses, loopback addresses, multicast addresses or broadcast addresses.

vlan vlan-id: ID of the VLAN that the authentication-free users belongs to, in the range of 1 to 4094.

interface: Port of the switch that the authentication-free users lie in. This port must belong to the VLAN that this command specifies.

interface-type: Port type, whose value is Ethernet or GigabitEthernet.

interface-number: Port number, expressed in the form of slot number/card number/port number.

all: Deletes all authentication-free users.

Description

Use the portal free-user command to configure the Portal authentication-free users.

Use the undo portal free-user command to delete the specified or all authentication-free users.

In the network practice, you can configure network devices attached to the switch or several servers as authentication-free users, so that they can access all networks without authentication.

The information about authentication-free users includes IP addresses, MAC addresses, and the connected switch ports and VLANs. Only the users who match all the information can access networks without authentication. In direct authentication, the authentication-free users do not need to match the MAC addresses due to the restrictions of the flow template on S9500 series switches.

 

 

Examples

# Configure authentication-free users for the Portal authentication.

<H3C> system-view

System View: return to User View with Ctrl+Z. 

[H3C] portal free-user mac 00e0-fc01-0101 ip 10.110.1.1 vlan 10 interface ethernet 2/1/1

1.1.9  portal method

Syntax

portal method { direct | layer3 | redhcp }

undo portal method

View

System view

Parameters

direct: Adopts the direct authentication method in Portal authentication.

layer3: Adopts the Layer 3 Portal authentication method, namely, accoss-layer-3 Portal authentication method in authentication.

redhcp: Adopts the ReDHCP authentication method in Portal authentication.

Description

Use the portal method command to set the running method of Portal authentication.

Use the undo portal method command to restore the default running method of Portal authentication.

The direct authentication method is adopted in Portal authentication by default.

Examples

# Set to adopt the ReDHCP method in Portal authentication.

<H3C> system-view

System View: return to User View with Ctrl+Z. 

[H3C] portal method redhcp

1.1.10  portal server

Syntax

portal server server-name { ip ip-address | key key-string | port port | url url-string } *

undo portal server server-name [ key | port | url ]

View

System view

Parameters

server-name: Name of a Portal server. It is a string in the range of 1 to 32 characters.

ip-address: IP address of a Portal server. This address cannot be full-zero addresses, loopback addresses, multicast addresses or broadcast addresses.

key-string: Shared keys that the Portal server needs when it communicates with the switch. It is a string in the range of 1 to 16 characters. It is not configured by default.

port: Port that a switch uses to send packets to a Portal server. It is in the range of 1 to 65534. It is 50100 by default.

url-string: URL that HTTP redirects to, which is the string form of the ip-address by default. For example, if the ip-address is 10.110.100.100, the default URL is http://10.110.100.100. The string need not be bracketed when entered.

Description

Use the portal server command to create a Portal server or modify the configuration of a Portal server.

Use the undo portal server command to delete the specified server, or restore the default parameter configuration of the specified server.

 

 

Examples

# Set the IP address of the Portal server named H3C to 10.10.100.100, communication key to lanswitch, port to 50101, and the URL that HTTP redirects to http://www.h3c.com.

<H3C> system-view

System View: return to User View with Ctrl+Z. 

[H3C] portal server H3C ip 10.10.100.100 key lanswitch port 50101 url http://www.h3c.com

1.1.11  reset portal

Syntax

reset portal { acm | server | tcp-cheat } statistics

View

User view

Parameters

acm: Clears the statistics about ACM, that is to say, clears the statistics about the state machines related with authentication, connection and management.

server: Clears the statistics about the Portal server.

tcp-cheat: Clears the statistics about TCP cheats.

Description

Use the reset portal command to clear the related statistics about Portal.

Examples

# Clear the statistics about ACM of the Portal client.

<H3C> reset portal acm statistics