beautypg.com

Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 34

background image

33

NOTE:

On the security policy server, you need to specify ACL 3000 as the isolation ACL and ACL 3001 as the
security ACL.

[DeviceA] acl number 3000

[DeviceA-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255

[DeviceA-acl-adv-3000] rule deny ip

[DeviceA-acl-adv-3000] quit

[DeviceA] acl number 3001

[DeviceA-acl-adv-3001] rule permit ip

[DeviceA-acl-adv-3001] quit

Step4

Configure extended portal authentication

# Configure the portal server as follows:

Name: newpt

IP address: 192.168.0.111

Key: portal

Port number: 50100

URL: http://192.168.0.111:8080/portal.

[DeviceA] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting Device B.

[DeviceA] interface gigabitethernet 0/2

[DeviceA–GigabitEthernet0/2] portal server newpt method layer3

[DeviceA–GigabitEthernet0/2] quit

On Device B, you need to configure a default route to subnet 192.168.0.0/24, setting the next hop as
20.20.20.1. The configuration steps are omitted.

Configuring Portal Server Detection and Portal User
Information Synchronization

Network requirements

As shown in

Figure 15

, a host is directly connected to Device (the access device) and must pass portal

authentication before it can access the Internet. A RADIUS server serves as the

authentication/accounting server.
Detailed requirements are as follows:

The host is assigned with a public network IP address either manually or through DHCP. Before
passing portal authentication, the host can access only the portal server. After passing portal

authentication, the host can access the Internet.

The access device (Device) can detect whether the portal server is reachable and send trap
messages upon state changes. When the portal server is unreachable due to, for example, a

connection failure, network device failure, or portal server failure, the access device can disable
portal authentication, allowing users to access the Internet without authentication.

The access device can synchronize portal user information with the portal server periodically.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: