Enabling Layer 3 portal authentication
Before enabling Layer 3 portal authentication on an interface, make sure:
An IP address is configured for the interface.
The interface is not added to any port aggregation group.
The portal server referenced by the interface already exists.
Layer 2 portal authentication is not enabled on any ports.
Follow these guidelines when you enable Layer 3 portal authentication:
You cannot enable portal authentication on a Layer 3 interface in a port aggregation group. If an interface is enabled with portal authentication, you cannot add it to a port aggregation group.
The destination port number that the device uses for sending unsolicited packets to the portal server must be the same as the port number that the remote portal server actually uses.
Cross-subnet authentication mode (portal server server-name method layer3) does not require Layer 3 forwarding devices between the access device and the authentication clients. However, if Layer 3 forwarding devices exist between the authentication client and the access device, you must select the cross-subnet portal authentication mode.
In re-DHCP authentication mode, a client can use a public IP address to send packets before passing portal authentication. However, responses to the packets are restricted.
An IPv6 portal server does not support the re-DHCP portal authentication mode.
You can enable both an IPv4 portal server and an IPv6 portal server for Layer 3 portal authentication on an interface, but you cannot enable two IPv4 or two IPv6 portal servers on the interface.
To enable Layer 3 portal authentication:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Enable Layer 3 portal authentication on the interface. | portal server server-name method { direct | layer3 | redhcp } | Not enabled by default. |
NOTE: The portal server and its parameters can be deleted or modified only when the portal server is not referenced by any interface. | ||