beautypg.com

Configuring an ssl client policy, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual

Page 1193

background image

1-6

# Configure the system to strip domain name off a user name before transmitting the user name to the

RADIUS server.

[Sysname-radius-radius1] user-name-format without-domain

[Sysname-radius-radius1] quit

# Create ISP domain aabbcc.net for Web authentication users and enter the domain view.

[Sysname] domain aabbcc.net

# Configure domain aabbcc.net as the default user domain.

[Sysname] domain default enable aabbcc.net

# Reference scheme radius1 in domain aabbcc.net.

[Sysname-isp-aabbcc.net] scheme radius-scheme radius1

# Enable Web authentication globally. (It is recommended to take this step as the last step, so as to

avoid the case that a valid user cannot access the network due to that some other related configurations

are not finished.)

[Sysname] web-authentication enable

Now, Web authentication takes effect. Before the user passes the Web authentication, it cannot access

external networks and can only access the free resource.

The user can perform the following steps to access the Internet:

Step 1: Enter http://10.10.10.10:8080 in the address column of IE.

Step 2: Enter the correct user name and password and then click [login]. The following page will be

displayed: ”Authentication passed!”.

Now the user can access external networks.

Configuring an SSL Client Policy

An SSL client policy is a set of SSL parameters for a client to use when connecting to the server. An SSL

client policy takes effect only after it is associated with an application layer protocol.

Configuration Prerequisites

If the SSL server is configured to authenticate the SSL client, when configuring the SSL client policy,

you need to specify the PKI domain to be used for obtaining the certificate of the client. Therefore,

before configuring an SSL client policy, you must configure a PKI domain.

Configuration Procedure

Follow these steps to configure an SSL client policy:

To do…

Use the command…

Remarks

Enter system view

system-view

Create an SSL client policy and
enter its view

ssl client-policy policy-name

Required

Specify a PKI domain for the
SSL client policy

pki-domain domain-name

Optional

No PKI domain is configured by
default.

This manual is related to the following products: