H3C Technologies H3C S7500E Series Switches User Manual
Page 164
8-27
1) Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
[Switch] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the iMC server, you need set the
server type to extended.
[Switch-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the
keys for communication with the servers.
[Switch-radius-rs1] primary authentication 192.168.0.113
[Switch-radius-rs1] primary accounting 192.168.0.113
[Switch-radius-rs1] key accounting radius
[Switch-radius-rs1] key authentication radius
[Switch-radius-rs1] user-name-format without-domain
# Configure the IP address of the security policy server.
[Switch-radius-rs1] security-policy-server 192.168.0.114
[Switch-radius-rs1] quit
2) Configure an authentication domain
# Create an ISP domain named dm1 and enter its view.
[Switch] domain dm1
# Configure the ISP domain to use RADIUS scheme rs1.
[Switch-isp-dm1] authentication portal radius-scheme rs1
[Switch-isp-dm1] authorization portal radius-scheme rs1
[Switch-isp-dm1] accounting portal radius-scheme rs1
[Switch-isp-dm1] quit
# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username
without the ISP domain at logon, the authentication and accounting methods of the default
domain will be used for the user.
[Switch] domain default enable dm1
Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001)
for Internet resources
On the security policy server, you need to specify ACL 3000 as the isolation ACL and ACL 3001
as the security ACL.
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[Switch-acl-adv-3000] rule deny ip
[Switch-acl-adv-3000] quit
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip
[Switch-acl-adv-3001] quit
3) Configure portal authentication