3com 8807 사용자 가이드
Portal Overview
269
accesses. That is to say, Layer-3-protocol-enabled network devices cannot exist
between the user and the access devices.
between the user and the access devices.
■
The Layer 3 Portal authentication method does not check MAC addresses of
the user, so the security performance is reduced. . You are not recommended
to use the Layer 3 Portal authentication method in occasions requiring high
security performance.
the user, so the security performance is reduced. . You are not recommended
to use the Layer 3 Portal authentication method in occasions requiring high
security performance.
Portal
Authentication-free
Users and Free IP
Addresses
Authentication-free users
Authentication-free users are users that can access Internet without Portal
authentication. In the network practice, you can configure network devices
attached to the switch or several servers as authentication-free users, so that they
can access Internet without authentication.
authentication. In the network practice, you can configure network devices
attached to the switch or several servers as authentication-free users, so that they
can access Internet without authentication.
The information about authentication-free users includes IP addresses, MAC
addresses, and the connected switch ports and VLANs. Only the users who match
all the information can access Internet without authentication.
addresses, and the connected switch ports and VLANs. Only the users who match
all the information can access Internet without authentication.
Free IP addresses
Free IP addresses are IP addresses that the user can access unrestrictedly. Free IP
addresses can be the IP addresses of DNS servers or the IP addresses that ISP
provides to access free websites. All users can access these free IP addresses
unrestrictedly.
addresses can be the IP addresses of DNS servers or the IP addresses that ISP
provides to access free websites. All users can access these free IP addresses
unrestrictedly.
ARP Packet Handshake
between the User PC
and the Switch
When authentications are performed in the Direct method or ReDHCP method,
the switch handshakes with the user PC through ARP packets after the user has
passed Portal authentication. If the switch finds the handshake abnormal, it will
cut the connection with the user actively and notice the Portal server about this
case.
the switch handshakes with the user PC through ARP packets after the user has
passed Portal authentication. If the switch finds the handshake abnormal, it will
cut the connection with the user actively and notice the Portal server about this
case.
c
CAUTION:
■
When the Portal user is online, DHCP Relay Security Check cannot be
configured.
configured.
■
If you want to configure DHCP Relay Security Check, you must enable it when
configuring Portal.
configuring Portal.
Portal Rate Limit
Function
The Portal rate limit function is used together with the bandwidth limit service that
the CAMS server provides. The bandwidth limit service is that you can specify the
bandwidth for each user when you are configuring the service for each user on
the CAMS server.
the CAMS server provides. The bandwidth limit service is that you can specify the
bandwidth for each user when you are configuring the service for each user on
the CAMS server.
The principle of Portal rate limit is as follows: when the switch receives the
bandwidth limit rules for Portal users from the CAMS server, the switch will limit
the traffic on the specified upload interface, that is to say, the switch will perform
bandwidth control for the upload rates of Portal users.
bandwidth limit rules for Portal users from the CAMS server, the switch will limit
the traffic on the specified upload interface, that is to say, the switch will perform
bandwidth control for the upload rates of Portal users.
n
■
An upload interface is the interface to connect the switch with the upstream
network devices.
network devices.
■
The system supports only one upload interface for rate limit.