Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 27
26
# Configure the ISP domain to use RADIUS scheme rs1.
[DeviceA-isp-dm1] authentication portal radius-scheme rs1
[DeviceA-isp-dm1] authorization portal radius-scheme rs1
[DeviceA-isp-dm1] accounting portal radius-scheme rs1
[DeviceA-isp-dm1] quit
# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without any
ISP domain at logon, the authentication and accounting methods of the default domain will be used for
the user.
[DeviceA] domain default enable dm1
Step3
Configure portal authentication
# Configure the portal server as follows:
•
Name: newpt
•
IP address: 192.168.0.111
•
Key: portal
•
Port number: 50100
•
URL: http://192.168.0.111:8080/portal.
[DeviceA] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111:8080/portal
# Enable Layer 3 portal authentication on the interface connected to Device B.
[DeviceA] interface gigabitethernet 0/2
[DeviceA–GigabitEthernet0/2] portal server newpt method layer3
[DeviceA–GigabitEthernet0/2] quit
On Device B, you need to configure a default route to subnet 192.168.0.0/24, setting the next hop as
20.20.20.1. The configuration steps are omitted.
Configuring Direct Portal Authentication with Extended
Functions
Network requirements
As shown in
:
•
The host is directly connected to Device and Device is configured for direct portal authentication.
The host is assigned with a public network IP address either manually or through DHCP. After a user
using the host passes identity authentication, if the host fails security check, the user can access only
subnet 192.168.0.0/24. After the host passes security check, the user can access Internet resources.
•
A RADIUS server serves as the authentication/accounting server.