Verification – H3C Technologies H3C SecPath F1000-E User Manual
Page 41
40
[DeviceA-radius-rs1] user-name-format without-domain
# Specify the source IP address for outgoing RADIUS packets as 3.3.0.3.
[DeviceA-radius-rs1] nas-ip 3.3.0.3
[DeviceA-radius-rs1] quit
CAUTION:
Use the nas-ip command to specify the source IP address for outgoing RADIUS packets, and make sure
that the source IP address is consistent with the IP address of the access device specified on the server, to
avoid authentication failures.
Step2
Configure an authentication domain
# Create an ISP domain named dm1 and enter its view.
[DeviceA] domain dm1
# Configure the ISP domain to use RADIUS scheme rs1.
[DeviceA-isp-dm1] authentication portal radius-scheme rs1
[DeviceA-isp-dm1] authorization portal radius-scheme rs1
[DeviceA-isp-dm1] accounting portal radius-scheme rs1
[DeviceA-isp-dm1] quit
# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without any
ISP domain at logon, the authentication and accounting methods of the default domain will be used for
the user.
[DeviceA] domain default enable dm1
Step3
Configure portal authentication
# Configure the portal server as follows:
•
Name: newpt
•
IP address: 192.168.0.111
•
VPN: vpn3
•
Key: portal
•
Port number: 50100
•
URL: http://192.168.0.111:8080/portal.
[DeviceA] portal server newpt ip 192.168.0.111 vpn-instance vpn3 key portal port 50100
url http://192.168.0.111:8080/portal
# Enable Layer 3 portal authentication on the interface connecting the user side.
[DeviceA] interface gigabitethernet 0/1
[DeviceA–GigabitEthernet0/1] portal server newpt method layer3
[DeviceA–GigabitEthernet0/1] quit
Verification
Execute the display portal server command to check whether the portal configuration has taken
effect. After Host passes portal authentication, perform the display portal user command to view
information about online portal users on Device A.
[DeviceA] display portal user all
Index:2
State:ONLINE
SubState:NONE