Enabling Layer 3 portal authentication
Configuration guidelines
The destination port number that the access device uses for sending unsolicited packets to the portal server must be the same as the port number that the remote portal server actually uses.
The portal server and its parameters can be deleted or modified only when the portal server is not referenced by any interface.
Cross-subnet authentication mode (portal server server-name method layer3) does not require Layer 3 forwarding devices between the access device and the authentication clients. However, if Layer 3 forwarding devices exist between the authentication client and the access device, you must select the cross-subnet portal authentication mode.
In re-DHCP authentication mode, a client can use a public IP address to send packets before passing portal authentication. However, responses to the packets are restricted.
An IPv6 portal server does not support the re-DHCP portal authentication mode.
You can enable both an IPv4 portal server and an IPv6 portal server for Layer 3 portal authentication on an interface, but you cannot enable two IPv4 or two IPv6 portal servers on the interface.
Configuration prerequisites
Before enabling Layer 3 portal authentication on an interface, make sure that:
An IP address is configured for the interface.
The portal server to be referenced on the interface exists.
Layer 2 portal authentication is not enabled on any ports.
Configuration procedure
To enable Layer 3 portal authentication:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | The interface must be a Layer 3 Ethernet interface. |
3. Enable Layer 3 portal authentication on the interface. | portal server server-name method { direct | layer3 | redhcp } | Not enabled by default. |