Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

8-23

2) Configure an authentication domain

# Create an ISP domain named dm1 and enter its view.

[SwitchA] domain dm1

# Configure the ISP domain to use RADIUS scheme rs1.

[SwitchA-isp-dm1] authentication portal radius-scheme rs1

[SwitchA-isp-dm1] authorization portal radius-scheme rs1

[SwitchA-isp-dm1] accounting portal radius-scheme rs1

[SwitchA-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username
without the ISP domain at logon, the authentication and accounting methods of the default
domain will be used for the user.

[SwitchA] domain default enable dm1

3) Configure portal authentication

# Configure the portal server as follows:

z

Name: newpt

z

IP address: 192.168.0.111

z

Key: portal

z

Port number: 50100

z

URL: http://192.168.0.111:8080/portal.

[SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting Switch B.

[SwitchA] interface vlan-interface 4

[SwitchA–Vlan-interface4] portal server newpt method layer3

[SwitchA–Vlan-interface4] quit

On Switch B, you need to configure a default route to subnet 192.168.0.0/24, setting the next

hop as 20.20.20.1. The configuration steps are omitted.

Configuring Direct Portal Authentication with Extended Functions

Network requirements

As shown in

Figure 8-12

:

z

The host is directly connected to the switch and the switch is configured for direct extended

portal authentication. The host is assigned with a public network IP address either

manually or through DHCP. After a user passes identity authentication, if the user fails

security checking, the user can access only subnet 192.168.0.0/24. After the user passes

security checking, the user can access Internet resources.

z

A RADIUS server serves as the authentication/accounting server.