Configuration Condition
None
Create a Portal Server
Create a Portal server and specify the related parameters of the Portal server, including the IP address of the server, shared encrypted key, server port number, and server URL (the authentication page address of the server).
Table 13–2 Create a Portal server
Step
|
Command
|
Description
|
Enter global configuration mode
|
configure terminal
|
-
|
Create a Portal server
|
portal server server-name ip ip-address key [ 0 | 7 ] key-string [ port udp-port-num | url url-string ]
|
Optional
By default, do not create a Portal server.
|
-
The Portal protocol only supports the IPv4 protocol.
- Up to 5 Portal servers are created on the authentication device.
- The configured Portal server parameters can be deleted or modified only when the Portal server is not referenced by the interface.
- The configured share keys on the authentication device and Portal server should be consistent.
Configure the Portal Server Type
Configuring the Portal server type has two aspects of functions:
- Different Portal servers do some expansions the standard Portal protocol specifications.
- When the Portal server is not configured with the server URL, the Portal server uses the default server URL of the corresponding type to re-direct.
The following server types can be specified:
aas: The AAS server, default server URL: http://IP-ADDRESS/portal/Login.do
imc: The IMC server, default server URL: http://IP-ADDRES:8080/portal
user-defined: User-defined server. The default server URL format follows the protocol specification <PORTAL protocol specification for China Mobile WLAN service v2.0.2>.
Table 13–3 Configure the Portal server type
Step
|
Command
|
Description
|
Enter global configuration mode
|
configure terminal
|
-
|
Configure the Portal server type
|
portal server server-name type { aas | imc | user-defined }
|
Optional
By default, the server type is AAS.
|
Configure Portal Server Detection Function
In the process of the Portal authentication, if the communication between the authentication device and the Portal server is interrupted, the new users cannot be able to get online, and the existing online Portal users cannot be able to get offline normally. To solve these problems, it is necessary that the authentication device can detect the change of the reachable state of the Portal server in time, and trigger the corresponding operations to deal with the impact of the change. For example, when a specified Portal server is not reachable, all users who authenticate using the Portal server will be forced to pass the authentication, so as to access network resources, which is commonly referred to as the Portal escape function.
With the detection function, the authentication device can detect the reachable status of the Portal server. The specific configuration is as follows:
Table 13–4 Configure the Portal server detection function
Step
|
Command
|
Description
|
Enter global configuration mode
|
configure terminal
|
-
|
Configure the interval of detecting the Portal server
|
portal server server-name detect-interval detect-interval-value
|
Optional
By default, the interval of detecting the Portal server is 60s, and the value range is 20-600s or 0. When it is configured as 0, do not detect the Portal server.
|
Configure the action when the reachable status of the Portal server changes
|
portal server server-name failover { log | permit }
|
Optional
By default, record the log information when the reachable status of the Portal server changes.
|
Configure the Source Interface Used by Sending the Portal Packet
Specify the source interface used by sending the Portal packet. The configured master IP address in the source interface is the source address used by the authentication device to send the Portal packet to the Portal server. If there is no master IP address in the source interface, the communication will fail.
Table 13–5 Configure the source interface used by sending the Portal packet
Step
|
Command
|
Description
|
Enter global configuration mode
|
configure terminal
|
-
|
Configure the source interface used by sending the Portal packet
|
portal server server-name source-interface interface-name
|
Optional
By default, do not specify the source interface used by sending the Portal packet, that is, take the interface of connecting the user as the source interface of sending the Portal packet.
|
Configure the Destination UDP Port Number of User Forced Offline Packet
The port number of some server for receiving the user forced offline packet is the specified UDP port number, so it is necessary to configure the destination UDP port number of the user forced offline packet.
Table 13–6 Configure the destination UDP port number of the user forced offline packet
Step
|
Command
|
Description
|
Enter global configuration mode
|
configure terminal
|
-
|
Configure the destination UDP port number of the user forced offline packet
|
portal server server-name ntf-logout-port udp-port-num
|
Optional
By default, do not specify the destination UDP port number of the user forced offline packet, but adopt the server port number as the destination UDP port number of the user forced offline packet.
|
- The interval of detecting whether the server is reachable
- The action when the reachable status of the server changes
- Record the log: Record the log information when the reachable status of the Portal server changes
- Open user limitation: When the reachable status of the Portal server change, record the log information. When the specified Portal server is unreachable, all users who use the Portal server to authenticate are forced to pass the authentication. When the Portal server is reachable again, force the user who is forced to pass authentication using the Portal server to get offline.