Table of Contents

1 Portal Configuration Commands· 1-1

Portal Configuration Commands· 1-1

display portal acl 1-1

display portal connection statistics· 1-3

display portal free-rule· 1-6

display portal interface· 1-7

display portal server 1-8

display portal server statistics· 1-9

display portal tcp-cheat statistics· 1-11

display portal user 1-12

portal auth-network· 1-13

portal delete-user 1-14

portal free-rule· 1-15

portal server 1-16

portal server method· 1-17

reset portal connection statistics· 1-18

reset portal server statistics· 1-18

reset portal tcp-cheat statistics· 1-19

 

 

 

Portal Configuration Commands

display portal acl

Syntax

display portal acl { all | dynamic | static } interface interface-type interface-number

View

Any view

Default Level

1: Monitor level

Parameters

all: Displays all portal access control lists (ACLs), including dynamic ones and static ones.

dynamic: Displays dynamic portal ACLs, namely, ACLs generated after a user passes portal authentication.

static: Displays static portal ACLs, namely, ACLs generated by related configurations.

interface interface-type interface-number: Displays the ACLs on the specified interface.

Description

Use the display portal acl command to display the ACLs on a specified interface.

Examples

# Display all ACLs on interface Vlan-interface 2.

<Sysname> display portal acl all interface Vlan-interface 2

Vlan-interface2 portal ACL rule:

 Rule 0

 Inbound interface = Vlan-interface2

 Type              = static

 Action            = permit

 Source:

    IP        = 0.0.0.0

    Mask      = 0.0.0.0

    MAC       = 0000-0000-0000

    Interface = any

    VLAN      = 0

    Protocol  = 0

 Destination:

    IP        = 192.168.0.111

    Mask      = 255.255.255.255

 

Rule 1

 Inbound interface = Vlan-interface2

 Type              = static

 Action            = redirect

 Source:

    IP        = 0.0.0.0

    Mask      = 0.0.0.0

    MAC       = 0000-0000-0000

    Interface = any

    VLAN      = 2

    Protocol  = 6

 Destination:

    IP        = 0.0.0.0

    Mask      = 0.0.0.0

 

 Rule 2

 Inbound interface = Vlan-interface2

 Type              = dynamic

 Action            = permit

 Source:

    IP        = 2.2.2.2

    Mask      = 255.255.255.255

    MAC       = 000d-88f8-0eab

    Interface = GigabitEthernet5/0

    VLAN      = 0

    Protocol  = 0

 Destination:

    IP        = 0.0.0.0

    Mask      = 0.0.0.0

Author ACL:

    Number   = 3001

Table 1-1 display portal acl command output description

Field	Description
Rule	Sequence number of the generated ACL, which is numbered from 0 in ascending order
Inbound interface	Interface to which portal ACLs are bound
Type	Type of the portal ACL
Action	Match action in the portal ACL
Source	Source information in the portal ACL
IP	Source IP address in the portal ACL
Mask	Subnet mask of the source IP address in the portal ACL
MAC	Source MAC address in the portal ACL
Interface	Source interface in the portal ACL
VLAN	Source VLAN in the portal ACL
Protocol	Protocol type in the portal ACL
Destination	Destination information in the portal ACL
IP	Destination IP address in the portal ACL
Mask	Subnet mask of the destination IP address in the portal ACL
Author ACL	Authorization ACL of portal ACL. It is displayed only when the Type field has a value of dynamic.
Number	Authorization ACL number assigned by the server. None indicates that the server did not assign any ACL.

 

display portal connection statistics

Syntax

display portal connection statistics { all | interface interface-type interface-number }

View

Any view

Default Level

1: Monitor level

Parameters

all: Specifies all interfaces.

interface interface-type interface-number: Specifies an interface by its type and number.

Description

Use the display portal connection statistics command to display portal connection statistics on a specified interface or all interfaces.

Examples

# Display portal connection statistics on interface Vlan-interface 2.

<Sysname> display portal connection statistics interface Vlan-interface 2

 ---------------Interface: Vlan-interface2-----------------------

 User state statistics:

 State-Name                User-Num

 VOID                       0

 DISCOVERED                0

 WAIT_AUTHEN_ACK          0

 WAIT_AUTHOR_ACK          0

 WAIT_LOGIN_ACK           0

 WAIT_ACL_ACK              0

 WAIT_NEW_IP               0

 WAIT_USERIPCHANGE_ACK   0

 ONLINE                     1

 WAIT_LOGOUT_ACK          0

 WAIT_LEAVING_ACK         0

 

 Message statistics:

 Msg-Name                  Total         Err           Discard

 MSG_AUTHEN_ACK           3              0             0

 MSG_AUTHOR_ACK           3              0             0

 MSG_LOGIN_ACK            3              0             0

 MSG_LOGOUT_ACK           2              0             0

 MSG_LEAVING_ACK          0              0             0

 MSG_CUT_REQ               0              0             0

 MSG_AUTH_REQ              3              0             0

 MSG_LOGIN_REQ             3              0             0

 MSG_LOGOUT_REQ            2              0             0

 MSG_LEAVING_REQ           0              0             0

 MSG_ARPPKT                 0              0             0

 MSG_TMR_REQAUTH           1              0             0

 MSG_TMR_AUTHEN            0              0             0

 MSG_TMR_AUTHOR            0              0             0

 MSG_TMR_LOGIN             0              0             0

 MSG_TMR_LOGOUT            0              0             0

 MSG_TMR_LEAVING           0              0             0

 MSG_TMR_NEWIP             0              0             0

 MSG_TMR_USERIPCHANGE     0              0             0

 MSG_PORT_REMOVE           0              0             0

 MSG_VLAN_REMOVE           0              0             0

 MSG_IF_REMOVE             6              0             0

 MSG_L3IF_SHUT             0              0             0

 MSG_IP_REMOVE             0              0             0

 MSG_ALL_REMOVE            1              0             0

 MSG_IFIPADDR_CHANGE      0              0             0

 MSG_SOCKET_CHANGE        8              0             0

 MSG_NOTIFY                 0             0             0

 MSG_SETPOLICY             0             0             0

 MSG_SETPOLICY_RESULT     0             0             0

Table 1-2 display portal connection statistics command output description

Field	Description
User state statistics	Statistics on portal users
State-Name	Name of a user state
User-Num	Number of users
VOID	Number of users in void state
DISCOVERED	Number of users in discovered state
WAIT_AUTHEN_ACK	Number of users in wait_authen_ack state
WAIT_AUTHOR_ACK	Number of users in wait_author_ack state
WAIT_LOGIN_ACK	Number of users in wait_login_ack state
WAIT_ACL_ACK	Number of users in wait_acl_ack state
WAIT_NEW_IP	Number of users in wait_new_ip state
WAIT_USERIPCHANGE_ACK	Number of users wait_useripchange_ack state
ONLINE	Number of users in online state
WAIT_LOGOUT_ACK	Number of users in wait_logout_ack state
WAIT_LEAVING_ACK	Number of users in wait_leaving_ack state
Message statistics	Statistics on messages
Msg-Name	Message type
Total	Total number of messages
Err	Number of erroneous messages
Discard	Number of discarded messages
MSG_AUTHEN_ACK	Authentication acknowledgment message
MSG_AUTHOR_ACK	Authorization acknowledgment message
MSG_LOGIN_ACK	Accounting acknowledgment message
MSG_LOGOUT_ACK	Accounting-stop acknowledgment message
MSG_LEAVING_ACK	Leaving acknowledgment message
MSG_CUT_REQ	Cut request message
MSG_AUTH_REQ	Authentication request message
MSG_LOGIN_REQ	Accounting request message
MSG_LOGOUT_REQ	Accounting-stop request message
MSG_LEAVING_REQ	Leaving request message
MSG_ARPPKT	ARP message
MSG_TMR_REQAUTH	Authentication request timeout message
MSG_TMR_AUTHEN	Authentication timeout message
MSG_TMR_AUTHOR	Authorization timeout message
MSG_TMR_LOGIN	Accounting-start timeout message
MSG_TMR_LOGOUT	Accounting-stop timeout message
MSG_TMR_LEAVING	Leaving timeout message
MSG_TMR_NEWIP	Public IP update timeout message
MSG_TMR_USERIPCHANGE	User IP change timeout message
MSG_PORT_REMOVE	Users-of-a-Layer-2-port-removed message
MSG_VLAN_REMOVE	VLAN user removed message
MSG_IF_REMOVE	Users-of-a-Layer-3-interface-removed message
MSG_L3IF_SHUT	Layer 3 interface shutdown message
MSG_IP_REMOVE	User-with-an-IP-removed message
MSG_ALL_REMOVE	All-users-removed message
MSG_IFIPADDR_CHANGE	Interface IP address change message
MSG_SOCKET_CHANGE	Socket change message
MSG_NOTIFY	Notification message
MSG_SETPOLICY	Set policy message for assigning security ACL
MSG_SETPOLICY_RESULT	Set policy response message

 

display portal free-rule

Syntax

display portal free-rule [ rule-number ]

View

Any view

Default Level

1: Monitor level

Parameters

rule-number: Number of a portal-free rule. The value range from 0 to 31.

Description

Use the display portal free-rule command to display information about a specified portal-free rule or all portal-free rules.

Related commands: portal free-rule.

Examples

# Display information about portal-free rule 1.

<Sysname> display portal free-rule 1

 Rule-Number  1:

 Source:

   IP        = 2.2.2.0

   Mask      = 255.255.255.0

   MAC       = 0000-0000-0000

   Interface = any

   Vlan      = 0

 Destination:

   IP        = 0.0.0.0

   Mask      = 0.0.0.0

Table 1-3 display portal free-rule command output description

Field	Description
Rule-Number	Number of the portal-free rule
Source	Source information in the portal-free rule
IP	Source IP address in the portal-free rule
Mask	Subnet mask of the source IP address in the portal-free rule
MAC	Source MAC address in the portal-free rule
Interface	Source interface in the portal-free rule
Vlan	Source VLAN in the portal-free rule
Destination	Destination information in the portal-free rule
IP	Destination IP address in the portal-free rule
Mask	Subnet mask of the destination IP address in the portal-free rule

 

display portal interface

Syntax

display portal interface interface-type interface-number

View

Any view

Default Level

1: Monitor level

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Description

Use the display portal interface command to display the portal configuration of an interface.

Examples

# Display the portal configuration of interface Vlan-interface 2.

<Sysname> display portal interface Vlan-interface 2

 Interface portal configuration:

 Vlan-interface2: Portal running

 Portal server: servername

 Authentication type: Direct

 Authentication network:

 address = 0.0.0.0  mask = 0.0.0.0

Table 1-4 display portal interface command output description

Field	Description
Interface portal configuration	Portal configuration on the interface
Vlan-interface 2	Status of the portal feature on the interface, disable, enable, or running.
Portal server	Portal server referenced by the interface
Authentication type	Authentication mode enabled on the interface
Authentication network	Information of the portal authentication subnet
address	IP address of the portal authentication subnet
mask	Subnet mask of the IP address of the portal authentication subnet

 

display portal server

Syntax

display portal server [ server-name ]

View

Any view

Default Level

1: Monitor level

Parameters

server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters.

Description

Use the display portal server command to display information about a specified portal server or all portal servers.

Related commands: portal server.

Examples

# Display information about portal server aaa.

<Sysname> display portal server aaa

 Portal server:

  1)aaa:

    IP   = 192.168.0.111

    Key  = portal

    Port = 50100

    URL  = http://192.168.0.111/portal

Table 1-5 display portal server command output description

Field	Description
1)	Number of the portal server
aaa	Name of the portal server
IP	IP address of the portal server
Key	Key for portal authentication Not configured will be displayed if no key is configured.
Port	Listening port on the portal server
URL	Address the packets are to be redirected to Not configured will be displayed if no address is configured.

 

display portal server statistics

Syntax

display portal server statistics { all | interface interface-type interface-number }

View

Any view

Default Level

1: Monitor level

Parameters

all: Specifies all interfaces.

interface interface-type interface-number: Specifies an interface by its type and name.

Description

Use the display portal server statistics command to display portal server statistics on a specified interface or all interfaces.

Note that with the all keyword specified, the command displays portal server statistics by interface and therefore statistics about a portal server referenced by more than one interface may be displayed repeatedly.

Examples

# Display portal server statistics on Vlan-interface 2.

<Sysname> display portal server statistics interface Vlan-interface 2

 ---------------Interface: Vlan-interface2----------------------

 Server name:  st

 Invalid packets: 0

 Pkt-Name                          Total   Discard  Checkerr

 REQ_CHALLENGE                       3        0        0

 ACK_CHALLENGE                       3        0        0

 REQ_AUTH                             3        0        0

 ACK_AUTH                             3        0        0

 REQ_LOGOUT                           1        0        0

 ACK_LOGOUT                           1        0        0

 AFF_ACK_AUTH                         3        0        0

 NTF_LOGOUT                           1        0        0

 REQ_INFO                              6        0        0

 ACK_INFO                              6        0        0

 NTF_USERDISCOVER                    0        0        0

 NTF_USERIPCHANGE                    0        0        0

 AFF_NTF_USERIPCHANGE               0         0        0

 ACK_NTF_LOGOUT                      1         0        0

Table 1-6 display portal server statistics command output description

Field	Description
Interface	Interface referencing the portal server
Server name	Name of the portal server
Invalid packets	Number of invalid packets
Pkt-Name	Packet type
Total	Total number of packets
Discard	Number of discarded packets
Checkerr	Number of erroneous packets
REQ_CHALLENGE	Challenge request message the portal server sends to the access device
ACK_CHALLENGE	Challenge acknowledgment message the access device sends to the portal server
REQ_AUTH	Authentication request message the portal server sends to the access device
ACK_AUTH	Authentication acknowledgment message the access device sends to the portal server
REQ_LOGOUT	Logout request message the portal server sends to the access device
ACK_LOGOUT	Logout acknowledgment message the access device sends to the portal server
AFF_ACK_AUTH	Affirmation message the portal server sends to the access device after receiving an authentication acknowledgement message
NTF_LOGOUT	Forced logout notification message the access device sends to the portal server
REQ_INFO	Information request message
ACK_INFO	Information acknowledgment message
NTF_USERDISCOVER	User discovery notification message the portal server sends to the access device
NTF_USERIPCHANGE	User IP change notification message the access device sends to the portal server
AFF_NTF_USERIPCHANGE	User IP change success notification message the portal server sends to the access device
ACK_NTF_LOGOUT	Forced logout acknowledgment message from the portal server

 

display portal tcp-cheat statistics

Syntax

display portal tcp-cheat statistics

View

Any view

Default Level

1: Monitor level

Parameters

None

Description

Use the display portal tcp-cheat statistics command to display TCP spoofing statistics.

Examples

# Display TCP spoofing statistics.

<Sysname> display portal tcp-cheat statistics

 TCP Cheat Statistic:

 Total Opens: 0

 Resets Connections: 0

 Current Opens: 0

 Packets Received: 0

 Packets Sent: 0

 Packets Retransmitted: 0

 Packets Dropped: 0

 HTTP Packets Sent: 0

 Connection State:

          SYN_RECVD: 0

          ESTABLISHED: 0

          CLOSE_WAIT: 0

          LAST_ACK: 0

          FIN_WAIT_1: 0

          FIN_WAIT_2: 0

          CLOSING: 0

Table 1-7 display portal tcp-cheat statistics command output description

Field	Description
TCP Cheat Statistic	TCP spoofing statistics
Total Opens	Total number of opened connections
Resets Connections	Number of connections reset through RST packets
Current Opens	Number of connections currently being setting up
Packets Received	Number of received packets
Packets Sent	Number of sent packets
Packets Retransmitted	Number of retransmitted packets
Packets Dropped	Number of dropped packets
HTTP Packets Sent	Number of HTTP packets sent
Connection State	Statistics of connections in various state
ESTABLISHED	Number of connections in ESTABLISHED state
CLOSE_WAIT	Number of connections in CLOSE_WAIT state
LAST_ACK	Number of connections in LAST-ACK state
FIN_WAIT_1	Number of connections in FIN_WAIT_1 state
FIN_WAIT_2	Number of connections in FIN_WAIT_2 state
CLOSING	Number of connections in CLOSING state

 

display portal user

Syntax

display portal user { all | interface interface-type interface-number }

View

Any view

Default Level

1: Monitor level

Parameters

all: Specifies all interfaces.

interface interface-type interface-number: Specifies an interface by its type and name.

Description

Use the display portal user command to display information about portal users on a specified interface or all interfaces.

Examples

# Display information about portal users on all interfaces.

<Sysname> display portal user all

 Index:2

 State:ONLINE

 SubState:INVALID

 ACL:NONE

 MAC                IP                 Vlan   Interface

 ---------------------------------------------------------------------

 000d-88f8-0eab   2.2.2.2           0      Vlan-interface2

 Index:3

 State:ONLINE

 SubState:INVALID

 ACL:3000

 MAC                IP                 Vlan   Interface

 ---------------------------------------------------------------------

 000d-88f8-0eac   2.2.2.3           0      Vlan-interface2

 Total 2 user(s) matched, 2 listed.

Table 1-8 display portal user command output description

Field	Description
Index	Index of the portal user
State	Current status of the portal user
SubState	Current sub-status of the portal user
ACL	Authorization ACL of the portal user
MAC	MAC address of the portal user
IP	IP address of the portal user
Vlan	VLAN to which the portal user belongs
Interface	Interface to which the portal user is attached
Total 2 user(s) matched, 2 listed	Total number of portal users

 

portal auth-network

Syntax

portal auth-network network-address { mask-length | mask }

undo portal auth-network { network-address | all }

View

Interface view

Default Level

2: System level

Parameters

network-address: IP address of the authentication subnet.

mask-length: Length of the subnet mask, in the range of 0 to 32.

mask: Subnet mask, in dotted decimal notation.

all: Specifies all authentication subnets.

Description

Use the portal auth-network command to configure a portal authentication subnet.

Use the undo portal auth-network command to remove a specified portal authentication subnet or all portal authentication subnets.

Note that this command is only applicable for Layer 3 authentication. The portal authentication subnet for direct authentication is any source IP address, and the portal authentication subnet for re-DHCP authentication is the one determined by the private IP address of the interface.

By default, the portal authentication subnet is 0.0.0.0/0, meaning that users in all subnets are to be authenticated.

Examples

# Configure a portal authentication subnet of 10.10.10.0/24.

<Sysname> system-view

[Sysname] interface Vlan-interface 1

[Sysname- Vlan-interface1] portal auth-network 10.10.10.0 24

portal delete-user

Syntax

portal delete-user { ip-address | all | interface interface-type interface-number }

View

System view

Default Level

2: System level

Parameters

ip-address: IP address of a user.

all: Logs out all users.

interface interface-type interface-number: Logs out all users on the specified interface.

Description

Use the portal delete-user command to log out users.

Related commands: display portal user.

Examples

# Log out user 1.1.1.1.

<Sysname> system-view

[Sysname] portal delete-user 1.1.1.1

portal free-rule

Syntax

portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | netmask } | any } } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | netmask } | any } | mac mac-address | vlan vlan-id ] * } } *

undo portal free-rule { rule-number | all }

View

System view

Default Level

2: System level

Parameters

rule-number: Number for the portal-free rule. The value range from 0 to 31.

any: Imposes no limitation on the previous keyword.

ip ip-address: Specifies an IP address.

mask { mask-length | netmask }: Specifies the mask of the IP address, which can be in dotted decimal notation or an integer in the range 0 to 32.

interface interface-type interface-number: Specifies a source interface.

mac mac-address: Specifies a source MAC address in the format of H-H-H.

vlan vlan-id: Specifies a source VLAN ID.

all: Specifies all portal-free rules.

Description

Use the portal free-rule command to configure a portal-free rule and specify the source filtering condition and/or destination filtering condition.

Use the undo portal free-rule command to remove a specified portal-free rule or all portal-free rules.

Note that:

l          If you specify both the source IP address and source MAC address, the IP address must be a host address under a 32-bit mask. Otherwise, the specified MAC address does not take effect.

l          If you specify both a VLAN and interface in a portal-free rule, the interface must belong to the VLAN.

l          You cannot configure a portal-free rule to have the same filtering criteria as that of an existing one. Otherwise, the system prompts that the rule already exists.

l          No matter whether portal authentication is enabled, you can only add or remove a portal-free rule, rather than modifying it.

Related commands: display portal free-rule.

 

 

Examples

# Configure a portal-free rule, allowing any packet whose source IP address is 10.10.10.1/24 and source interface is GigabitEthernet 2/0/1 to bypass portal authentication.

<Sysname> system-view

[Sysname] portal free-rule 15 source ip 10.10.10.1 mask 24 interface GigabitEthernet 2/0/1 destination ip any

portal server

Syntax

portal server server-name ip ip-address [ key key-string | port port-id | url url-string ] *

undo portal server server-name [ key | port | url ]

View

System view

Default Level

2: System level

Parameters

server-name: Name of the portal server, a case-sensitive string of 1 to 32 characters.

ip-address: IP address of the portal server.

key-string: Shared key for communication with the portal server, a case-sensitive string of 1 to 16 characters.

port-id: Destination port number used when the device sends a message to the portal server unsolicitedly, in the range 1 to 65534. The default is 50100.

url-string: Uniform resource locator (URL) to which HTTP packets are to be redirected, in the http://ip-address format. The default of ip-address is the IP address of the portal server.

Description

Use the portal server command to configure a portal server.

Use the undo portal server command to remove a portal server, restore the default destination port number or URL, or delete the shared key.

By default, no portal server is configured.

Note that:

l          Using the undo portal server server-name command, you remove the specified portal server if the specified portal server exists and there is no user on the interfaces referencing the portal server.

l          The configured portal server and its parameters can be removed or modified only when the portal server is not referenced by an interface.

l          To remove or modify the settings of a portal server that has been referenced by an interface, you must remove the portal configuration on the interface using the undo portal command.

Related commands: display portal server.

Examples

# Configure portal server pts, setting the IP address to 192.168.0.111, the key to portal, and the redirection URL to http://192.168.0.111/portal.

<Sysname> system-view

[Sysname] portal server pts ip 192.168.0.111 key portal url http://192.168.0.111/portal

portal server method

Syntax

portal server server-name method { direct | layer3 | redhcp }

undo portal

View

Interface view

Default Level

2: System level

Parameters

server-name: Name of the portal server, a case-sensitive string of 1 to 32 characters.

method: Specifies the authentication mode to be used.

direct: Direct authentication.

layer3: Layer 3 authentication.

redhcp: Re-DHCP authentication.

Description

Use the portal server command to enable portal authentication on an interface, and specify the portal server to be referenced and the authentication mode.

Use the undo portal command to disable portal authentication on an interface.

By default, portal authentication is disabled on an interface.

Note that: The portal server to be referenced must exist.

Related commands: display portal server.

Examples

# Enable portal authentication on interface VLAN-interface 100, setting the portal server to pts, and the authentication mode to direct.

<Sysname> system-view

[Sysname] interface vlan-interface 100

[Sysname–Vlan-interface100] portal server pts method direct

reset portal connection statistics

Syntax

reset portal connection statistics { all | interface interface-type interface-number }

View

User view

Default Level

1: Monitor level

Parameters

all: Specifies all interfaces.

interface interface-type interface-number: Specifies an interface by its type and number.

Description

Use the reset portal connection statistics command to clear portal connection statistics on a specified interface or all interfaces.

Examples

# Clear portal connection statistics on interface Vlan-interface 1.

<Sysname> reset portal connection statistics interface Vlan-interface 1

reset portal server statistics

Syntax

reset portal server statistics { all | interface interface-type interface-number }

View

User view

Default Level

1: Monitor level

Parameters

all: Specifies all interfaces.

interface interface-type interface-number: Specifies an interface by its type and number.

Description

Use the reset portal server statistics command to clear portal server statistics on a specified interface or all interfaces.

Examples

# Clear portal server statistics on interface Vlan-interface 1.

<Sysname> reset portal server statistics interface Vlan-interface 1

reset portal tcp-cheat statistics

Syntax

reset portal tcp-cheat statistics

View

User view

Default Level

1: Monitor level

Parameters

None

Description

Use the reset portal tcp-cheat statistics command to clear TCP spoofing statistics.

Examples

# Clear TCP spoofing statistics.

<Sysname> reset portal tcp-cheat statistics