Operation Manual - Security
Quidway S3500 Series Ethernet Switches
Chapter 2 Portal Configuration
Huawei Technologies Proprietary
2-3
Caution:
Portal authentication and 802.1x protocol cannot be enabled simultaneously on the
same switch.
2.1.4 Portal Operating Modes
On the Quidway series switches, Portal implementations operate in three methods
(also called operating modes): direct authentication, re-DHCP authentication and Layer
3 Portal authentication.
z
Direct authentication: A user obtains a public IP address, with which the user is
authorized to access the Portal server and free IP addresses already configured
before authentication. When passing the authentication, the user can access the
Internet.
z
Re-DHCP authentication: The user gets a private IP address with DHCP before
authentication, with which the user is authorized to access the Portal server and
predefined free IP addresses. When passing authentication, the user can apply for
public addresses for Internet access.
z
Layer 3 Portal authentication: Expands the direct authentication. Therefore the
user can access the Portal-enabled switch across network segments.
Note:
z
Direct authentication and re-DHCP authentication need to check a user’s MAC
address for security. Portal can only be enabled on the first Layer 3 port for a user to
access. That is, the network device of Layer 3 protocol cannot be enabled across
network segments.
z
Layer 3 Portal authentication does not check a user’s MAC address, so the security
is reduced. In the case requiring high security, you are recommended not to use
Layer 3 Portal authentication.
2.1.5 Portal Authentication-Free Users and Free IP Addresses
I. Authentication-free users
Authentication-free users can access the Internet without Portal authentication. In
networking deployment, you can configure network devices connected to the switch
and some servers as authentication-free users.