< Home

Configuring Local Portal Authentication

This section describes how to configure local Portal authentication.

Procedure

  1. Configure the local Portal authentication page.
    1. In the system view, enable the web-based authentication function.

      user-manage web-authentication enable

      The Web-based authentication function is enabled by default.

    2. Configure the type of packets exchanged between the web browser and the FW and the port for web-based authentication.

      user-manage web-authentication [ security ] port port-number

      If security is not specified, HTTP is used. If security is specified, HTTPS is used. HTTPS encrypts transmitted data and is more secure than HTTP.

      By default, the packets transmitted between a web browser and the FW are HTTPS packets, and the authentication port is 8887.

      • Do not set the web authentication port to HTTPS port 8443 of the web page for FW login.
      • If a user obtains the IP address of an interface on the FW and has a route to reach the FW, the user can use a web browser to access the authentication web page (http://Interface IP Address:Authentication Port or https://Interface IP Address:Authentication Port) for user-initiated authentication.
      • The FW considers the interface address in HTTP/HTTPS requests from a user as the address of the authentication web page. If the user fails to communicate with the interface, the user cannot be redirected to the authentication web page. You can run the user-manage redirect-authentication command on the FW to reset the address of the authentication web page. The FW redirects users to the specified address. This address must be the address of an interface on the FW and is routable to the users.

    3. Optional: When the user browser uses HTTPS to communicate with the FW, configure the FW to use the specified certificate to prove its validity to the user.

      user-manage security server-certificate file-name

      By default, the FW uses the default certificate if the user uses HTTPS for web authentication. However, the user cannot verify the validity of the certificate because the certificate is use-defined and is not issued by a Certificate Authority (CA).

      Before running the command, apply for the local certificate and CA certificate from the CA, import the local certificate to the FW (For the configuration procedure, see Certificate), and import the CA certificate to the user browser (For details, see the instructions to the Firefox or Internet Explorer).

  2. Set the authentication conflict handling method in the system view.

    user-manage multi-ip online-conflict kick-out enable

    Set the authentication conflict handling method to forcing off the previous login user. That is, if a user attempts to log in using an account which does not allow account sharing but the device detects that the account is used to log in at another IP address, the device forcibly logs out the previous login user and allows the current user to log in.

  3. In the system view, set the redirection mode after configuring authentication.

    user-manage redirect [ url url ]

    For users who use session authentication, you can set the web browser page after users pass the authentication. Users can be redirected to the page defined by the administrator or to the recently used page from the web browsers of the users.

    By default, the web browser pages of the users who pass session authentication are not redirected. To be specific, the authentication success page is displayed. IPv6 traffic cannot be redirected to the last requested page.

  4. Access the authentication web page customization view from the system view.

    You can customize the logo image, background image, welcome message, and login help of an authentication web page.

    1. Access the authentication page customization view.

      page-setting

    2. Customize an authentication web page.

      Item

      Command

      Configure a logo image for the authentication web page.

      The logo image must be a JPG, JPEG, BMP, PNG, or GIF file of no greater than 32 KB and with the recommended resolution of 150 px x 50 px.

      logo file-name

      Configure a background image for the authentication web page.

      The background image must be a JPG, JPEG, BMP, PNG, or GIF file of no greater than 100 KB.

      background file-name

      On the authentication page, set the button background color and the button font color.

      button background-color background-color-value font-color font-color-value

      Configure a title for the authentication web page.

      titleword { chinese | english } title-word

      Configure a welcome message for the authentication web page.

      welcomeword { chinese | english } welcome-word

      Configure a login help for the authentication web page.

      helpword { chinese | english } help-word

      Configure a hyperlink on the authentication page.

      linkword { chinese | english } link-word url url-text

      A maximum of four hyperlinks can be set.

  5. Optional: Configure user information synchronization for local Portal authentication. For details, see Configuring Online User Information Synchronization.
Parent Topic: Configuring Authentication Options
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >