Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

8-25

# Configure the ISP domain to use RADIUS scheme rs1.

[Switch-isp-dm1] authentication portal radius-scheme rs1

[Switch-isp-dm1] authorization portal radius-scheme rs1

[Switch-isp-dm1] accounting portal radius-scheme rs1

[Switch-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username

without the ISP domain at logon, the authentication and accounting methods of the default

domain will be used for the user.

[Switch] domain default enable dm1

Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001)

for Internet resources

On the security policy server, you need to specify ACL 3000 as the isolation ACL and ACL 3001

as the security ACL.

[Switch] acl number 3000

[Switch-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255

[Switch-acl-adv-3000] rule deny ip

[Switch-acl-adv-3000] quit

[Switch] acl number 3001

[Switch-acl-adv-3001] rule permit ip

[Switch-acl-adv-3001] quit

3) Configure portal authentication

# Configure the portal server as follows:

z

Name: newpt

z

IP address: 192.168.0.111

z

Key: portal

z

Port number: 50100

z

URL: http://192.168.0.111:8080/portal.

[Switch] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting the host.

[Switch] interface vlan-interface 100

[Switch–Vlan-interface100] portal server newpt method direct

[Switch–Vlan-interface100] quit

Configuring Re-DHCP Portal Authentication with Extended Functions

Network requirements

As shown in

Figure 8-13

:

z

The host is directly connected to the switch and the switch is configured for re-DHCP

authentication. The host is assigned with an IP address through the DHCP server. Before