294
portal pre-auth domain
Use
portal
[
ipv6
]
pre-auth
domain
to specify a preauthentication domain for portal users.
Use
undo portal
[
ipv6
]
pre-auth
domain
to restore the default.
Syntax
portal
[
ipv6
]
pre-auth
domain
domain-name
undo portal
[
ipv6
]
pre-auth
domain
Default
No preauthentication domain is specified for portal users.
Views
Interface view
Predefined user roles
network-admin
Parameters
ipv6
: Specifies IPv6 portal users. Do not specify this keyword for IPv4 portal users.
domain-name
: Specifies an existing ISP domain by its name, a case-insensitive string of 1 to 255
characters. The string cannot contain the following characters: slashes (/), backslashes (\), vertical
bars (|), quotation marks ("), colons (:), asterisks (*), question marks (?), left angle brackets (<), right
angle brackets (>), and at signs (@).
Usage guidelines
After you configure a preauthentication domain on a portal-enabled interface, the device authorizes
users on the interface as follows:
1.
After an unauthenticated user obtains an IP address, the user is assigned with authorization
attributes configured for the preauthentication domain.
The authorization attributes in a preauthentication domain include ACL, user profile, and CAR.
An unauthenticated user who is authorized with the authorization attributes in a
preauthentication domain is called a preauthentication user.
2.
After the user passes portal authentication, the user is assigned with new authorization
attributes from the AAA server.
3.
After the user goes offline, the user is reassigned with the authorization attributes in the
preauthentication domain.
The preauthentication domain takes effect only on portal users with IP addresses assigned by DHCP
or DHCPv6.
Make sure you specify an existing ISP domain as a preauthentication domain. If the specified ISP
domain does not exist, the device might operate incorrectly.
You must delete a preauthentication domain (by using the
undo
portal
[
ipv6
]
pre-auth
domain
command) and reconfigure it in the following situations:
•
You create the ISP domain after specifying it as the preauthentication domain.
•
You delete the specified ISP domain and then re-create it.
If you change the preauthentication domain on an interface, the interface uses the new
preauthentication domain for both new and existing preauthentication users.
If authorization attributes in the preauthentication domain are modified, the modified attributes take
effect only on new preauthentication users. Existing preauthentication users use the original
authorization attributes.
Summary of Contents for FlexNetwork MSR Series
Page 1005: ...987 ...