Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

28

# Configure the ISP domain to use RADIUS scheme rs1.

[Device-isp-dm1] authentication portal radius-scheme rs1

[Device-isp-dm1] authorization portal radius-scheme rs1

[Device-isp-dm1] accounting portal radius-scheme rs1

[Device-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username without the
ISP domain at logon, the authentication and accounting methods of the default domain will be used for

the user.

[Device] domain default enable dm1

Step3

Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001) for
Internet resources

NOTE:

On the security policy server, you need to specify ACL 3000 as the isolation ACL and ACL 3001 as the
security ACL.

[Device] acl number 3000

[Device-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255

[Device-acl-adv-3000] rule deny ip

[Device-acl-adv-3000] quit

[Device] acl number 3001

[Device-acl-adv-3001] rule permit ip

[Device-acl-adv-3001] quit

Step4

Configure extended portal authentication

# Configure the portal server as follows:

•

Name: newpt

•

IP address: 192.168.0.111

•

Key: portal

•

Port number: 50100

•

URL: http://192.168.0.111:8080/portal.

[Device] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable extended portal authentication on the interface connecting the host.

[Device] interface gigabitethernet 0/2

[Device–GigabitEthernet0/2] portal server newpt method direct

[Device–GigabitEthernet0/2] quit

Configuring Re-DHCP Portal Authentication with Extended

Functions

Network requirements

As shown in

Figure 13

:

•

The host is directly connected to Device and Device is configured for re-DHCP extended portal
authentication. The host is assigned with an IP address through the DHCP server. Before extended