Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

188

{

Name: newpt

{

IP address: 192.168.0.111

{

Key: portal

{

Port number: 50100

{

URL: http://192.168.0.111/portal

[AC] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111/portal

# On the interface connected to the client, specify the authentication domain dm1 for portal users

and enable extended portal authentication.

[AC] interface vlan-interface 1

[AC–Vlan-interface1] portal domain dm1

[AC–Vlan-interface1] portal server newpt method direct

[AC] quit

Configuring re-DHCP portal authentication with extended

functions

Network requirements

As shown in

Figure 88

, the wireless user (Client) belongs to VLAN 100 and AP belongs to VLAN 3.

The AC performs extended re-DHCP portal authentication for users. The client obtains an IP address from
the DHCP server. Before extended portal authentication, the DHCP server assigns a private IP address to

the client. After passing the authentication, the client gets a public IP address.
If the client fails security check after it passes identity authentication, the client can access only subnet

192.168.0.0/24. After the client passes security check, the client can access Internet resources.
Use a RADIUS server as the authentication/accounting server.

Figure 88 Network diagram

192.168.0.111/24

192.168.0.114/24

192.168.0.112/24

AC

Vlan-int100

20.20.20.1/24

10.0.0.1/24 sub

Vlan-int2
192.168.0.100/24

Portal server

Security policy server

DHCP server

192.168.0.113/24

RADIUS server

Client

automatically obtains an IP address

L2 switch

AP