Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

8-24

Figure 8-12 Configure direct portal authentication with extended functions

Switch

Host

2.2.2.2/24

Gateway : 2.2.2.1/24

Vlan-int100

2.2.2.1/24

Vlan-int2
192.168.0.100/24

Portal server

192.168.0.111/24

192.168.0.112/24

Security policy server

192.168.0.113/24

RADIUS server

Configuration procedure

z

You need to configure IP addresses for the devices as shown in

Figure 8-12

and ensure

that routes are available between devices.

z

Perform configurations on the RADIUS server to ensure that the user authentication and

accounting functions can work normally.

Configure the switch:

1) Configure a RADIUS scheme

# Create a RADIUS scheme named rs1 and enter its view.

system-view

[Switch] radius scheme rs1

# Set the server type for the RADIUS scheme. When using the iMC server, you need set the

server type to extended.

[Switch-radius-rs1] server-type extended

# Specify the primary authentication server and primary accounting server, and configure the

keys for communication with the servers.

[Switch-radius-rs1] primary authentication 192.168.0.112

[Switch-radius-rs1] primary accounting 192.168.0.112

[Switch-radius-rs1] key accounting radius

[Switch-radius-rs1] key authentication radius

[Switch-radius-rs1] user-name-format without-domain

# Configure the IP address of the security policy server.

[Switch-radius-rs1] security-policy-server 192.168.0.113

[Switch-radius-rs1] quit

2) Configure an authentication domain

# Create an ISP domain named dm1 and enter its view.

[Switch] domain dm1