Configuring extended re-dhcp portal authentication, Network requirements, Configuration prerequisites and guidelines – H3C Technologies H3C S6300 Series Switches User Manual

125

[Switch] display portal user interface vlan-interface 100

Total portal users: 1

Username: abc

Portal server: newpt

State: Online

Authorization ACL: 3001

VPN instance: --

MAC IP VLAN Interface

0015-e9a6-7cfe 2.2.2.2 100 Vlan-interface100

Configuring extended re-DHCP portal authentication

Network requirements

As shown in

Figure 50

, the host is directly connected to the switch (the access device). The host obtains

an IP address through the DHCP server. A portal server serves as both a portal authentication server and

a portal Web server. A RADIUS server serves as the authentication/accounting server.
Configure extended re-DHCP portal authentication. Before passing portal authentication, the host is

assigned a private IP address. After passing portal identity authentication, the host obtains a public IP
address and accepts security check. If the host fails the security check, it can access only subnet

192.168.0.0/24. After passing the security check, the host can access Internet resources.

Figure 50 Network diagram

Configuration prerequisites and guidelines

•

Configure IP addresses for the switch and servers as shown in

Figure 50

and make sure the host,

switch, and servers can reach each other.

•

Configure the RADIUS server properly to provide authentication and accounting functions.

•

For re-DHCP portal authentication, configure a public address pool (20.20.20.0/24) and a private
address pool (10.0.0.0/24) on the DHCP server. (Details not shown.)

•

For re-DHCP portal authentication:

{

The switch must be configured as a DHCP relay agent.