Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 32

•

URL: http://192.168.0.111:8080/portal.

[Device] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Configure Device as a DHCP relay agent, and enable the IP address match check function.

[Device] dhcp enable

[Device] dhcp relay server-group 0 ip 192.168.0.112

[Device] interface gigabitethernet 0/2

[Device–GigabitEthernet0/2] ip address 20.20.20.1 255.255.255.0

[Device–GigabitEthernet0/2] ip address 10.0.0.1 255.255.255.0 sub

[Device-GigabitEthernet0/2] dhcp select relay

[Device-GigabitEthernet0/2] dhcp relay server-select 0

[Device-GigabitEthernet0/2] dhcp relay address-check enable

# Enable portal authentication on the interface connecting the host.

[Device–GigabitEthernet0/2] portal server newpt method redhcp

[Device–GigabitEthernet0/2] quit

Configuring Layer 3 Portal Authentication with Extended

Functions

Network requirements

As shown in

Figure 14

•

Device A is configured for Layer 3 extended portal authentication. When users have passed identity

authentication but have not passed security check, they can access only subnet 192.168.0.0/24.
After passing the security check, they can access Internet resources.

•

The host accesses Device A through Device B.

•

A RADIUS server serves as the authentication/accounting server.

Figure 14 Configure Layer 3 portal authentication with extended functions

Device A

Host

8.8.8.2/24

GE0/2

20.20.20.1/24

Portal server

192.168.0.111/24

Radius server

192.168.0.112/24

GE0/1
192.168.0.100/24

Device B

GE0/2

8.8.8.1/24

GE0/1
20.20.20.2/24

Security policy server

192.168.0.113/24

Configuration procedure

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecBlade FW Cards H3C SecPath U200-A U200-M U200-S