- Table of Contents
- Related Documents
-
Title | Size | Download |
---|---|---|
04-Portal Commands | 97.68 KB |
1 Portal Configuration Commands
display portal connection statistics
display portal server statistics
display portal tcp-cheat statistics·
reset portal connection statistics
reset portal server statistics
reset portal tcp-cheat statistics·
EA series cards, LSQ1GP12EA and LSQ1TGX1EA for example, do not support Portal authentication.
Portal Configuration Commands
display portal acl
Syntax
display portal acl { all | dynamic | static } interface interface-type interface-number
View
Any view
Default Level
1: Monitor level
Parameters
all: Displays all portal access control lists (ACLs), including dynamic ones and static ones.
dynamic: Displays dynamic portal ACLs, namely, ACLs generated after a user passes portal authentication.
static: Displays static portal ACLs, namely, ACLs generated by related configurations.
interface interface-type interface-number: Displays the ACLs on the specified interface.
Description
Use the display portal acl command to display the ACLs on a specified interface.
Examples
# Display all ACLs on interface Vlan-interface 2.
<Sysname> display portal acl all interface Vlan-interface 2
Vlan-interface2 portal ACL rule:
Rule 0
Inbound interface = Vlan-interface2
Type = static
Action = permit
Source:
IP = 0.0.0.0
Mask = 0.0.0.0
MAC = 0000-0000-0000
Interface = any
VLAN = 0
Protocol = 0
Destination:
IP = 192.168.0.111
Mask = 255.255.255.255
Rule 1
Inbound interface = Vlan-interface2
Type = static
Action = redirect
Source:
IP = 0.0.0.0
Mask = 0.0.0.0
MAC = 0000-0000-0000
Interface = any
VLAN = 2
Protocol = 6
Destination:
IP = 0.0.0.0
Mask = 0.0.0.0
Rule 2
Inbound interface = Vlan-interface2
Type = dynamic
Action = permit
Source:
IP = 2.2.2.2
Mask = 255.255.255.255
MAC = 000d-88f8-0eab
Interface = GigabitEthernet5/0
VLAN = 0
Protocol = 0
Destination:
IP = 0.0.0.0
Mask = 0.0.0.0
Author ACL:
Number = 3001
Table 1-1 display portal acl command output description
Field |
Description |
Rule |
Sequence number of the generated ACL, which is numbered from 0 in ascending order |
Inbound interface |
Interface to which portal ACLs are bound |
Type |
Type of the portal ACL |
Action |
Match action in the portal ACL |
Source |
Source information in the portal ACL |
IP |
Source IP address in the portal ACL |
Mask |
Subnet mask of the source IP address in the portal ACL |
MAC |
Source MAC address in the portal ACL |
Interface |
Source interface in the portal ACL |
VLAN |
Source VLAN in the portal ACL |
Protocol |
Protocol type in the portal ACL |
Destination |
Destination information in the portal ACL |
IP |
Destination IP address in the portal ACL |
Mask |
Subnet mask of the destination IP address in the portal ACL |
Author ACL |
Authorization ACL of portal ACL. It is displayed only when the Type field has a value of dynamic. |
Number |
Authorization ACL number assigned by the server. None indicates that the server did not assign any ACL. |
display portal connection statistics
Syntax
display portal connection statistics { all | interface interface-type interface-number }
View
Any view
Default Level
1: Monitor level
Parameters
all: Specifies all interfaces.
interface interface-type interface-number: Specifies an interface by its type and number.
Description
Use the display portal connection statistics command to display portal connection statistics on a specified interface or all interfaces.
Examples
# Display portal connection statistics on interface Vlan-interface 2.
<Sysname> display portal connection statistics interface Vlan-interface 2
---------------Interface: Vlan-interface2-----------------------
User state statistics:
State-Name User-Num
VOID 0
DISCOVERED 0
WAIT_AUTHEN_ACK 0
WAIT_AUTHOR_ACK 0
WAIT_LOGIN_ACK 0
WAIT_ACL_ACK 0
WAIT_NEW_IP 0
WAIT_USERIPCHANGE_ACK 0
ONLINE 1
WAIT_LOGOUT_ACK 0
WAIT_LEAVING_ACK 0
Message statistics:
Msg-Name Total Err Discard
MSG_AUTHEN_ACK 3 0 0
MSG_AUTHOR_ACK 3 0 0
MSG_LOGIN_ACK 3 0 0
MSG_LOGOUT_ACK 2 0 0
MSG_LEAVING_ACK 0 0 0
MSG_CUT_REQ 0 0 0
MSG_AUTH_REQ 3 0 0
MSG_LOGIN_REQ 3 0 0
MSG_LOGOUT_REQ 2 0 0
MSG_LEAVING_REQ 0 0 0
MSG_ARPPKT 0 0 0
MSG_TMR_REQAUTH 1 0 0
MSG_TMR_AUTHEN 0 0 0
MSG_TMR_AUTHOR 0 0 0
MSG_TMR_LOGIN 0 0 0
MSG_TMR_LOGOUT 0 0 0
MSG_TMR_LEAVING 0 0 0
MSG_TMR_NEWIP 0 0 0
MSG_TMR_USERIPCHANGE 0 0 0
MSG_PORT_REMOVE 0 0 0
MSG_VLAN_REMOVE 0 0 0
MSG_IF_REMOVE 6 0 0
MSG_L3IF_SHUT 0 0 0
MSG_IP_REMOVE 0 0 0
MSG_ALL_REMOVE 1 0 0
MSG_IFIPADDR_CHANGE 0 0 0
MSG_SOCKET_CHANGE 8 0 0
MSG_NOTIFY 0 0 0
MSG_SETPOLICY 0 0 0
MSG_SETPOLICY_RESULT 0 0 0
Table 1-2 display portal connection statistics command output description
Field |
Description |
User state statistics |
Statistics on portal users |
State-Name |
Name of a user state |
User-Num |
Number of users |
VOID |
Number of users in void state |
DISCOVERED |
Number of users in discovered state |
WAIT_AUTHEN_ACK |
Number of users in wait_authen_ack state |
WAIT_AUTHOR_ACK |
Number of users in wait_author_ack state |
WAIT_LOGIN_ACK |
Number of users in wait_login_ack state |
WAIT_ACL_ACK |
Number of users in wait_acl_ack state |
WAIT_NEW_IP |
Number of users in wait_new_ip state |
WAIT_USERIPCHANGE_ACK |
Number of users wait_useripchange_ack state |
ONLINE |
Number of users in online state |
WAIT_LOGOUT_ACK |
Number of users in wait_logout_ack state |
WAIT_LEAVING_ACK |
Number of users in wait_leaving_ack state |
Message statistics |
Statistics on messages |
Msg-Name |
Message type |
Total |
Total number of messages |
Err |
Number of erroneous messages |
Discard |
Number of discarded messages |
MSG_AUTHEN_ACK |
Authentication acknowledgment message |
MSG_AUTHOR_ACK |
Authorization acknowledgment message |
MSG_LOGIN_ACK |
Accounting acknowledgment message |
MSG_LOGOUT_ACK |
Accounting-stop acknowledgment message |
MSG_LEAVING_ACK |
Leaving acknowledgment message |
MSG_CUT_REQ |
Cut request message |
MSG_AUTH_REQ |
Authentication request message |
MSG_LOGIN_REQ |
Accounting request message |
MSG_LOGOUT_REQ |
Accounting-stop request message |
MSG_LEAVING_REQ |
Leaving request message |
MSG_ARPPKT |
ARP message |
MSG_TMR_REQAUTH |
Authentication request timeout message |
MSG_TMR_AUTHEN |
Authentication timeout message |
MSG_TMR_AUTHOR |
Authorization timeout message |
MSG_TMR_LOGIN |
Accounting-start timeout message |
MSG_TMR_LOGOUT |
Accounting-stop timeout message |
MSG_TMR_LEAVING |
Leaving timeout message |
MSG_TMR_NEWIP |
Public IP update timeout message |
MSG_TMR_USERIPCHANGE |
User IP change timeout message |
MSG_PORT_REMOVE |
Users-of-a-Layer-2-port-removed message |
MSG_VLAN_REMOVE |
VLAN user removed message |
MSG_IF_REMOVE |
Users-of-a-Layer-3-interface-removed message |
MSG_L3IF_SHUT |
Layer 3 interface shutdown message |
MSG_IP_REMOVE |
User-with-an-IP-removed message |
MSG_ALL_REMOVE |
All-users-removed message |
MSG_IFIPADDR_CHANGE |
Interface IP address change message |
MSG_SOCKET_CHANGE |
Socket change message |
MSG_NOTIFY |
Notification message |
MSG_SETPOLICY |
Set policy message for assigning security ACL |
MSG_SETPOLICY_RESULT |
Set policy response message |
display portal free-rule
Syntax
display portal free-rule [ rule-number ]
View
Any view
Default Level
1: Monitor level
Parameters
rule-number: Number of a portal-free rule. The value range from 0 to 31.
Description
Use the display portal free-rule command to display information about a specified portal-free rule or all portal-free rules.
Related commands: portal free-rule.
Examples
# Display information about portal-free rule 1.
<Sysname> display portal free-rule 1
Rule-Number 1:
Source:
IP = 2.2.2.0
Mask = 255.255.255.0
MAC = 0000-0000-0000
Interface = any
Vlan = 0
Destination:
IP = 0.0.0.0
Mask = 0.0.0.0
Table 1-3 display portal free-rule command output description
Field |
Description |
Rule-Number |
Number of the portal-free rule |
Source |
Source information in the portal-free rule |
IP |
Source IP address in the portal-free rule |
Mask |
Subnet mask of the source IP address in the portal-free rule |
MAC |
Source MAC address in the portal-free rule |
Interface |
Source interface in the portal-free rule |
Vlan |
Source VLAN in the portal-free rule |
Destination |
Destination information in the portal-free rule |
IP |
Destination IP address in the portal-free rule |
Mask |
Subnet mask of the destination IP address in the portal-free rule |
display portal interface
Syntax
display portal interface interface-type interface-number
View
Any view
Default Level
1: Monitor level
Parameters
interface-type interface-number: Specifies an interface by its type and number.
Description
Use the display portal interface command to display the portal configuration of an interface.
Examples
# Display the portal configuration of interface Vlan-interface 2.
<Sysname> display portal interface Vlan-interface 2
Interface portal configuration:
Vlan-interface2: Portal running
Portal server: servername
Authentication type: Direct
Authentication network:
address = 0.0.0.0 mask = 0.0.0.0
Table 1-4 display portal interface command output description
Field |
Description |
Interface portal configuration |
Portal configuration on the interface |
Vlan-interface 2 |
Status of the portal feature on the interface, disable, enable, or running. |
Portal server |
Portal server referenced by the interface |
Authentication type |
Authentication mode enabled on the interface |
Authentication network |
Information of the portal authentication subnet |
address |
IP address of the portal authentication subnet |
mask |
Subnet mask of the IP address of the portal authentication subnet |
display portal server
Syntax
display portal server [ server-name ]
View
Any view
Default Level
1: Monitor level
Parameters
server-name: Name of a portal server, a case-sensitive string of 1 to 32 characters.
Description
Use the display portal server command to display information about a specified portal server or all portal servers.
Related commands: portal server.
Examples
# Display information about portal server aaa.
<Sysname> display portal server aaa
Portal server:
1)aaa:
IP = 192.168.0.111
Key = portal
Port = 50100
URL = http://192.168.0.111/portal
Table 1-5 display portal server command output description
Field |
Description |
1) |
Number of the portal server |
aaa |
Name of the portal server |
IP |
IP address of the portal server |
Key |
Key for portal authentication Not configured will be displayed if no key is configured. |
Port |
Listening port on the portal server |
URL |
Address the packets are to be redirected to Not configured will be displayed if no address is configured. |
display portal server statistics
Syntax
display portal server statistics { all | interface interface-type interface-number }
View
Any view
Default Level
1: Monitor level
Parameters
all: Specifies all interfaces.
interface interface-type interface-number: Specifies an interface by its type and name.
Description
Use the display portal server statistics command to display portal server statistics on a specified interface or all interfaces.
Note that with the all keyword specified, the command displays portal server statistics by interface and therefore statistics about a portal server referenced by more than one interface may be displayed repeatedly.
Examples
# Display portal server statistics on Vlan-interface 2.
<Sysname> display portal server statistics interface Vlan-interface 2
---------------Interface: Vlan-interface2----------------------
Server name: st
Invalid packets: 0
Pkt-Name Total Discard Checkerr
REQ_CHALLENGE 3 0 0
ACK_CHALLENGE 3 0 0
REQ_AUTH 3 0 0
ACK_AUTH 3 0 0
REQ_LOGOUT 1 0 0
ACK_LOGOUT 1 0 0
AFF_ACK_AUTH 3 0 0
NTF_LOGOUT 1 0 0
REQ_INFO 6 0 0
ACK_INFO 6 0 0
NTF_USERDISCOVER 0 0 0
NTF_USERIPCHANGE 0 0 0
AFF_NTF_USERIPCHANGE 0 0 0
ACK_NTF_LOGOUT 1 0 0
Table 1-6 display portal server statistics command output description
Field |
Description |
Interface |
Interface referencing the portal server |
Server name |
Name of the portal server |
Invalid packets |
Number of invalid packets |
Pkt-Name |
Packet type |
Total |
Total number of packets |
Discard |
Number of discarded packets |
Checkerr |
Number of erroneous packets |
REQ_CHALLENGE |
Challenge request message the portal server sends to the access device |
ACK_CHALLENGE |
Challenge acknowledgment message the access device sends to the portal server |
REQ_AUTH |
Authentication request message the portal server sends to the access device |
ACK_AUTH |
Authentication acknowledgment message the access device sends to the portal server |
REQ_LOGOUT |
Logout request message the portal server sends to the access device |
ACK_LOGOUT |
Logout acknowledgment message the access device sends to the portal server |
AFF_ACK_AUTH |
Affirmation message the portal server sends to the access device after receiving an authentication acknowledgement message |
NTF_LOGOUT |
Forced logout notification message the access device sends to the portal server |
REQ_INFO |
Information request message |
ACK_INFO |
Information acknowledgment message |
NTF_USERDISCOVER |
User discovery notification message the portal server sends to the access device |
NTF_USERIPCHANGE |
User IP change notification message the access device sends to the portal server |
AFF_NTF_USERIPCHANGE |
User IP change success notification message the portal server sends to the access device |
ACK_NTF_LOGOUT |
Forced logout acknowledgment message from the portal server |
display portal tcp-cheat statistics
Syntax
display portal tcp-cheat statistics
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display portal tcp-cheat statistics command to display TCP spoofing statistics.
Examples
# Display TCP spoofing statistics.
<Sysname> display portal tcp-cheat statistics
TCP Cheat Statistic:
Total Opens: 0
Resets Connections: 0
Current Opens: 0
Packets Received: 0
Packets Sent: 0
Packets Retransmitted: 0
Packets Dropped: 0
HTTP Packets Sent: 0
Connection State:
SYN_RECVD: 0
ESTABLISHED: 0
CLOSE_WAIT: 0
LAST_ACK: 0
FIN_WAIT_1: 0
FIN_WAIT_2: 0
CLOSING: 0
Table 1-7 display portal tcp-cheat statistics command output description
Field |
Description |
TCP Cheat Statistic |
TCP spoofing statistics |
Total Opens |
Total number of opened connections |
Resets Connections |
Number of connections reset through RST packets |
Current Opens |
Number of connections currently being setting up |
Packets Received |
Number of received packets |
Packets Sent |
Number of sent packets |
Packets Retransmitted |
Number of retransmitted packets |
Packets Dropped |
Number of dropped packets |
HTTP Packets Sent |
Number of HTTP packets sent |
Connection State |
Statistics of connections in various state |
ESTABLISHED |
Number of connections in ESTABLISHED state |
CLOSE_WAIT |
Number of connections in CLOSE_WAIT state |
LAST_ACK |
Number of connections in LAST-ACK state |
FIN_WAIT_1 |
Number of connections in FIN_WAIT_1 state |
FIN_WAIT_2 |
Number of connections in FIN_WAIT_2 state |
CLOSING |
Number of connections in CLOSING state |
display portal user
Syntax
display portal user { all | interface interface-type interface-number }
View
Any view
Default Level
1: Monitor level
Parameters
all: Specifies all interfaces.
interface interface-type interface-number: Specifies an interface by its type and name.
Description
Use the display portal user command to display information about portal users on a specified interface or all interfaces.
Examples
# Display information about portal users on all interfaces.
<Sysname> display portal user all
Index:2
State:ONLINE
SubState:INVALID
ACL:NONE
MAC IP Vlan Interface
---------------------------------------------------------------------
000d-88f8-0eab 2.2.2.2 0 Vlan-interface2
Index:3
State:ONLINE
SubState:INVALID
ACL:3000
MAC IP Vlan Interface
---------------------------------------------------------------------
000d-88f8-0eac 2.2.2.3 0 Vlan-interface2
Total 2 user(s) matched, 2 listed.
Table 1-8 display portal user command output description
Field |
Description |
Index |
Index of the portal user |
State |
Current status of the portal user |
SubState |
Current sub-status of the portal user |
ACL |
Authorization ACL of the portal user |
MAC |
MAC address of the portal user |
IP |
IP address of the portal user |
Vlan |
VLAN to which the portal user belongs |
Interface |
Interface to which the portal user is attached |
Total 2 user(s) matched, 2 listed |
Total number of portal users |
portal auth-network
Syntax
portal auth-network network-address { mask-length | mask }
undo portal auth-network { network-address | all }
View
Interface view
Default Level
2: System level
Parameters
network-address: IP address of the authentication subnet.
mask-length: Length of the subnet mask, in the range of 0 to 32.
mask: Subnet mask, in dotted decimal notation.
all: Specifies all authentication subnets.
Description
Use the portal auth-network command to configure a portal authentication subnet.
Use the undo portal auth-network command to remove a specified portal authentication subnet or all portal authentication subnets.
Note that this command is only applicable for Layer 3 authentication. The portal authentication subnet for direct authentication is any source IP address, and the portal authentication subnet for re-DHCP authentication is the one determined by the private IP address of the interface.
By default, the portal authentication subnet is 0.0.0.0/0, meaning that users in all subnets are to be authenticated.
Examples
# Configure a portal authentication subnet of 10.10.10.0/24.
<Sysname> system-view
[Sysname] interface Vlan-interface 1
[Sysname- Vlan-interface1] portal auth-network 10.10.10.0 24
portal delete-user
Syntax
portal delete-user { ip-address | all | interface interface-type interface-number }
View
System view
Default Level
2: System level
Parameters
ip-address: IP address of a user.
all: Logs out all users.
interface interface-type interface-number: Logs out all users on the specified interface.
Description
Use the portal delete-user command to log out users.
Related commands: display portal user.
Examples
# Log out user 1.1.1.1.
<Sysname> system-view
[Sysname] portal delete-user 1.1.1.1
portal free-rule
Syntax
portal free-rule rule-number { destination { any | ip { ip-address mask { mask-length | netmask } | any } } | source { any | [ interface interface-type interface-number | ip { ip-address mask { mask-length | netmask } | any } | mac mac-address | vlan vlan-id ] * } } *
undo portal free-rule { rule-number | all }
View
System view
Default Level
2: System level
Parameters
rule-number: Number for the portal-free rule. The value range from 0 to 31.
any: Imposes no limitation on the previous keyword.
ip ip-address: Specifies an IP address.
mask { mask-length | netmask }: Specifies the mask of the IP address, which can be in dotted decimal notation or an integer in the range 0 to 32.
interface interface-type interface-number: Specifies a source interface.
mac mac-address: Specifies a source MAC address in the format of H-H-H.
vlan vlan-id: Specifies a source VLAN ID.
all: Specifies all portal-free rules.
Description
Use the portal free-rule command to configure a portal-free rule and specify the source filtering condition and/or destination filtering condition.
Use the undo portal free-rule command to remove a specified portal-free rule or all portal-free rules.
Note that:
l If you specify both the source IP address and source MAC address, the IP address must be a host address under a 32-bit mask. Otherwise, the specified MAC address does not take effect.
l If you specify both a VLAN and interface in a portal-free rule, the interface must belong to the VLAN.
l You cannot configure a portal-free rule to have the same filtering criteria as that of an existing one. Otherwise, the system prompts that the rule already exists.
l No matter whether portal authentication is enabled, you can only add or remove a portal-free rule, rather than modifying it.
Related commands: display portal free-rule.
l If you specify both the source IP and source MAC address information in a portal-free rule, the IP address must be a host address with a mask of 32 bits; otherwise, the specified MAC address will be neglected.
l You cannot configure two portal-free rules with the same filtering conditions. Otherwise, the device will prompt that the portal-free rule already exists.
Examples
# Configure a portal-free rule, allowing any packet whose source IP address is 10.10.10.1/24 and source interface is GigabitEthernet 2/0/1 to bypass portal authentication.
<Sysname> system-view
[Sysname] portal free-rule 15 source ip 10.10.10.1 mask 24 interface GigabitEthernet 2/0/1 destination ip any
portal server
Syntax
portal server server-name ip ip-address [ key key-string | port port-id | url url-string ] *
undo portal server server-name [ key | port | url ]
View
System view
Default Level
2: System level
Parameters
server-name: Name of the portal server, a case-sensitive string of 1 to 32 characters.
ip-address: IP address of the portal server.
key-string: Shared key for communication with the portal server, a case-sensitive string of 1 to 16 characters.
port-id: Destination port number used when the device sends a message to the portal server unsolicitedly, in the range 1 to 65534. The default is 50100.
url-string: Uniform resource locator (URL) to which HTTP packets are to be redirected, in the http://ip-address format. The default of ip-address is the IP address of the portal server.
Description
Use the portal server command to configure a portal server.
Use the undo portal server command to remove a portal server, restore the default destination port number or URL, or delete the shared key.
By default, no portal server is configured.
Note that:
l Using the undo portal server server-name command, you remove the specified portal server if the specified portal server exists and there is no user on the interfaces referencing the portal server.
l The configured portal server and its parameters can be removed or modified only when the portal server is not referenced by an interface.
l To remove or modify the settings of a portal server that has been referenced by an interface, you must remove the portal configuration on the interface using the undo portal command.
Related commands: display portal server.
Examples
# Configure portal server pts, setting the IP address to 192.168.0.111, the key to portal, and the redirection URL to http://192.168.0.111/portal.
<Sysname> system-view
[Sysname] portal server pts ip 192.168.0.111 key portal url http://192.168.0.111/portal
portal server method
Syntax
portal server server-name method { direct | layer3 | redhcp }
undo portal
View
Interface view
Default Level
2: System level
Parameters
server-name: Name of the portal server, a case-sensitive string of 1 to 32 characters.
method: Specifies the authentication mode to be used.
direct: Direct authentication.
layer3: Layer 3 authentication.
redhcp: Re-DHCP authentication.
Description
Use the portal server command to enable portal authentication on an interface, and specify the portal server to be referenced and the authentication mode.
Use the undo portal command to disable portal authentication on an interface.
By default, portal authentication is disabled on an interface.
Note that: The portal server to be referenced must exist.
Related commands: display portal server.
Examples
# Enable portal authentication on interface VLAN-interface 100, setting the portal server to pts, and the authentication mode to direct.
<Sysname> system-view
[Sysname] interface vlan-interface 100
[Sysname–Vlan-interface100] portal server pts method direct
reset portal connection statistics
Syntax
reset portal connection statistics { all | interface interface-type interface-number }
View
User view
Default Level
1: Monitor level
Parameters
all: Specifies all interfaces.
interface interface-type interface-number: Specifies an interface by its type and number.
Description
Use the reset portal connection statistics command to clear portal connection statistics on a specified interface or all interfaces.
Examples
# Clear portal connection statistics on interface Vlan-interface 1.
<Sysname> reset portal connection statistics interface Vlan-interface 1
reset portal server statistics
Syntax
reset portal server statistics { all | interface interface-type interface-number }
View
User view
Default Level
1: Monitor level
Parameters
all: Specifies all interfaces.
interface interface-type interface-number: Specifies an interface by its type and number.
Description
Use the reset portal server statistics command to clear portal server statistics on a specified interface or all interfaces.
Examples
# Clear portal server statistics on interface Vlan-interface 1.
<Sysname> reset portal server statistics interface Vlan-interface 1
reset portal tcp-cheat statistics
Syntax
reset portal tcp-cheat statistics
View
User view
Default Level
1: Monitor level
Parameters
None
Description
Use the reset portal tcp-cheat statistics command to clear TCP spoofing statistics.
Examples
# Clear TCP spoofing statistics.
<Sysname> reset portal tcp-cheat statistics