365
Table 112
Configuration items
Item Description
Web Proxy Server
Ports
Configure the web proxy server ports to allow HTTP requests proxied by the specified
proxy servers to trigger portal authentication. By default, only HTTP requests that are not
proxied can trigger portal authentication.
To make sure that a user using a web proxy server can trigger portal authentication, you
need to add the port number of the proxy server on the device and the user needs to
specify the listening IP address of the local portal server as a proxy exception in the
browser. Thus, HTTP packets that the portal user sends to the local portal server are not
sent to the proxy server.
IMPORTANT:
•
Only Layer 2 portal authentication supports this feature.
•
If a user's browser uses the Web Proxy Auto-Discovery (WPAD) protocol to discover
web proxy servers, add the port numbers of the web proxy servers on the device, and
configure portal-free rules to allow user packets destined for the IP address of the
WPAD server to pass without authentication.
Redirection URL
Specify the auto redirection URL to which users will be automatically redirected after they
pass portal authentication.
To access the network, an unauthenticated user either goes to or is automatically forced
to the portal authentication page for authentication. If the user passes portal
authentication and the access device is configured with an auto redirection URL, the
access device redirects the user to the URL after a specific period of time.
Wait-Time
Set the time that the device must wait before redirecting an authenticated portal user to
the auto redirection URL.
Enable Support for
Portal User Moving
Specify whether to enable support for portal user moving.
In scenarios where there are hubs, Layer 2 switches, or APs between users and the access
devices, if an authenticated user moves from an access port to another Layer
2-portal-authentication-enabled port of the device without logging off, the user cannot get
online when the original port is still up. The reason is that the original port is still
maintaining the authentication information of the user and the device does not permit
such a user to get online from another port by default.
To solve the problem described above, enable support for portal user moving on the
device. Then, when a user moves from a port of the device to another, the device
provides services in either of the following two ways:
•
If the original port is still up and the two ports belong to the same VLAN, the device
allows the user to continue to access the network without re-authentication, and uses
the new port information for accounting of the user.
•
If the original port is down or the two ports belong to different VLANs, the device
removes the authentication information of the user from the original port and
authenticates the user on the new port.
IMPORTANT:
For a user with authorization information (such as authorized VLAN) configured, after the
user moves from a port to another, the device tries to assign the authorization information to
the new port. If the operation fails, the device deletes the user's information from the original
port and re-authenticates the user on the new port.
Configuring a portal-free rule
1.
Select
Authentication
>
Portal
from the navigation tree
Summary of Contents for HP 830 Series
Page 37: ...25 Figure 18 Configuration complete ...
Page 70: ...58 Figure 49 Displaying the rate settings of ports ...
Page 78: ...66 Figure 56 Configuring the monitor port ...
Page 82: ...70 Figure 59 Switching to the management level ...
Page 87: ...75 Figure 64 Displaying port traffic statistics ...
Page 167: ...155 Figure 154 Displaying the current voice VLAN information ...
Page 304: ...292 Figure 280 Traceroute operation result ...
Page 321: ...309 Request timed out Ping statistics for 10 0 0 1 Packets Sent 4 Received 0 Lost 4 100 loss ...
Page 343: ...331 Figure 330 Ping operation summary ...