CÔNG TY TNHH CÔNG NGHỆ VIỆT THÁI DƯƠNG
Logo CNTTShop.vn

NTT03, Line 1, Thống Nhất Complex, Thanh Xuân, Hà Nội.
Danh mục sản phẩm

Configure L3 Portal Authentication Function

Configuration Condition

To enable the L3 Portal authentication function, it is necessary to meet the following condition:

  • The Portal server is created on the authentication device

Enable Ordinary L3 Portal Authentication Function

On the L3 interface of the authentication device connecting the user, enable the ordinary L3 Portal authentication function. The ordinary L3 authentication mode has two control modes:

  • Control based on the source IP: Permit the authenticated packet with the valid source IP to pass
  • Control based on the source IP + source MAC: Permit the authenticated packet with the valid source IP and source MAC address to pass

Table 13–9 Enable the ordinary L3 Portal authentication function

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enter the interface configuration mode

interface interface-name

-

Enable the ordinary L3 Portal authentication function

portal server server-name method layer3 [ ip | ip-mac ]

Mandatory

By default, the ordinary L3 Portal authentication function is disabled.

note


  • You cannot enable the 802.1X authentication and MAC authentication function on the port that is enabled with the ordinary L3 Portal authentication.
  • You cannot enable the L2 Portal authentication function on the port that is enabled with the ordinary L3 Portal authentication.
  • When the port enabled with the L2 Portal authentication is added to the VLAN interface enabled with the ordinary L3 Portal authentication, the L2 Portal authentication will be disabled.

Enable the Portal Authentication Function of Secondary Address Assignment

Enable the Portal authentication function of the secondary address assignment on the L3 interface of the authentication user connecting the user. The Portal authentication function of the secondary address assignment controls based on the source IP + source MAC, permitting the authenticated packet with the valid source IP and source MAC address to pass.

To configure the Portal authentication function of secondary address assignment, it is necessary to meet the following conditions:

  • Configure the active and standby IP addresses on the interface
  • The DHCP Relay and DHCP Snooping functions need to be configured on the authentication device.

Table 13–10 Enable the Portal authentication function of the secondary address assignment

Step

Command

Description

Enter the global configuration mode

configure terminal

-

Enter the interface configuration mode

interface interface-name

-

Enable the Portal authentication function of the secondary address assignment

portal server server-name method redhcp

Mandatory

By default, the Portal authentication function of the secondary address assignment is disabled on the interface.

note


  • You cannot enable the 802.1X authentication and MAC authentication function on the port that is enabled with the Portal authentication interface of the secondary address assignment.
  • You cannot enable the L2 Portal authentication function on the port that is enabled with the Portal authentication interface of the secondary address assignment.
  • When the port enabled with the L2 Portal authentication is added to the VLAN interface enabled with the Portal authentication of the secondary address assignment, the L2 Portal authentication will be disabled.
  • The Portal authentication mode of the secondary address assignment needs to be supported by the Portal client and Portal server at the same time. Otherwise, the authentication cannot be done.

Configure and Apply Secure Channel

After enabling the L3 authentication function on the L3 interface, it is necessary to configure and apply the secure channel if hoping to allow the terminal users to access the resources in the specified network without authentication or to specify the specific terminal users to access the network resources without authentication.

Configuring the secure channel rules can be divided to the following types:

  • Configure the terminal user to permit accessing the specified network resources
  • Configure the specified terminal user to permit accessing network resources

Table 13–11 Apply the secure channel

Step

Command

Description

Enter global configuration mode

configure terminal

-

Configure the secure channel

hybrid access-list advanced { access-list-number | access-list-name }

Mandatory

By default, the secure channel is not configured in the device.

Configure the secure channel rules

[ sequence ] permit protocol { any | source-ip-addr source-wildcard | host source-ip-addr } { any | source-mac-addr source-wildcard | host source-mac-addr } { any | destination-ip-addr destination-wildcard | host destination-ip-addr } { any | destination-mac-addr  destination-wildcardhost destination-mac-addr }

Mandatory

By default, there is no secure channel rule in the secure channel.

Apply the secure channel

global security access-group { access-group-number | access-group-name }

Mandatory

By default, do not apply any secure channel in the system.

note


  • The device can configure multiple secure channels, and one secure channel can be configured with multiple secure channel rules.
  • The secure channel type can only be the mixed advanced ACL. In the device, only permit applying one secure channel.