beautypg.com

Aaa for 802.1x users by a radius server, Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

Page 78

background image

3-15

# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without

any ISP domain at login, the authentication and accounting methods of the default domain will be used

for the user.

[Switch] domain default enable dm1

z

Configure portal authentication

# Configure the portal server.

[Switch] portal server newpt ip 10.1.1.1 key portal port 50100 url http://10.1.1.1:8080/portal

# Enable portal authentication on the interface connecting the host.

[Switch] interface vlan-interface 2

[Switch–Vlan-interface2] portal server newpt method direct

[Switch–Vlan-interface2] quit

Verification

The user can initiate portal authentication by using the H3C iNode client or by accessing a web page.

All the initiated web requests will be redirected to the portal authentication page at

http://10.1.1.1:8080/portal. Before passing portal authentication, the user can access only the

authentication page. After passing portal authentication, the user can access the Internet.

After the user passes the portal authentication, you can use the following command to view the portal

user information on the switch.

[Switch] display portal user interface vlan-interface 2

Index:19

State:ONLINE

SubState:NONE

ACL:NONE

Work-mode:stand-alone

MAC IP Vlan Interface

---------------------------------------------------------------------

0015-e9a6-7cfe 192.168.1.58 2 Vlan-interface2

Total 1 user(s) matched, 1 listed.

# Use the display connection command to view the connection information on the switch.

[Switch] display connection

Index=20 ,Username=portal@dm1

MAC=00-15-E9-A6-7C-FE

IP=192.168.1.58

IPv6=N/A

Total 1 connection(s) matched.

AAA for 802.1X Users by a RADIUS Server

Network requirements

As shown in

Figure 3-16

, configure the switch to use the RADIUS server to perform authentication,

authorization, and accounting for 802.1X users.

z

Use MAC-based access control on GigabitEthernet 2/0/1 to authenticate all 802.1X users on the

port separately.

z

Set the shared keys for authentication and authorization packets exchanged between the switch

and the RADIUS server to expert and specify the ports for authentication/authorization and

accounting as 1812 and 1813 respectively.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: