beautypg.com

H3C Technologies H3C SecPath F1000-E User Manual

Page 33

background image

32

NOTE:

Make sure that the IP address of the portal device added on the portal server is the IP address of the
interface connecting users (20.20.20.1 in this example), and the IP address group associated with the

portal device is the network segment where the users reside (8.8.8.0/24 in this example).

You need to configure IP addresses for the host, Devices, and servers as shown in

Figure 14

and ensure

that they can reach each other.

Perform configurations on the RADIUS server to ensure that the user authentication and accounting
functions can work normally.

Perform the following configuration on Device A:

Step1

Configure a RADIUS scheme

# Create a RADIUS scheme named rs1 and enter its view.

system-view

[DeviceA] radius scheme rs1

# Set the server type for the RADIUS scheme. When using the CAMS or iMC server, you need to set the
server type to extended.

[DeviceA-radius-rs1] server-type extended

# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.

[DeviceA-radius-rs1] primary authentication 192.168.0.112

[DeviceA-radius-rs1] primary accounting 192.168.0.112

[DeviceA-radius-rs1] key authentication radius

[DeviceA-radius-rs1] key accounting radius

[DeviceA-radius-rs1] user-name-format without-domain

# Configure the IP address of the security policy server.

[DeviceA-radius-rs1] security-policy-server 192.168.0.113

[DeviceA-radius-rs1] quit

Step2

Configure an authentication domain

# Create an ISP domain named dm1 and enter its view.

[DeviceA] domain dm1

# Configure the ISP domain to use RADIUS scheme rs1.

[DeviceA-isp-dm1] authentication portal radius-scheme rs1

[DeviceA-isp-dm1] authorization portal radius-scheme rs1

[DeviceA-isp-dm1] accounting portal radius-scheme rs1

[DeviceA-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without any
ISP domain at logon, the authentication and accounting methods of the default domain will be used for

the user.

[DeviceA] domain default enable dm1

Step3

88Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001) for
Internet resources