Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual
Page 8
7
Configuration Prerequisites
The portal feature provides a solution for user identity authentication and security check. However, the
portal feature cannot implement this solution by itself. Currently, RADIUS authentication needs to be
configured on the access device to cooperate with the portal feature to complete user authentication.
The prerequisites for portal authentication configuration are as follows:
•
The portal server and the RADIUS server have been installed and configured properly.
•
With re-DHCP authentication, the IP address match check function of DHCP relay agent is enabled
on the access device, and the DHCP server is installed and configured properly.
•
The portal client, access device, and servers are routable to each other.
•
With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS
server, and the RADIUS client configurations are performed on the access device. For information
about RADIUS client configuration, see RADIUS Configuration in the Firewall Web Configuration
Manual.
•
To implement extended portal functions, install and configure CAMS EAD or iMC EAD, and ensure
that the ACLs configured on the access device correspond to those specified for resources in the
quarantined area and restricted resources on the security policy server respectively. For information
about security policy server configuration on the access device, see RADIUS Configuration in the
Firewall Web Configuration Manual.
NOTE:
•
For installation and configuration about the security policy server, see
CAMS EAD Security Policy
Component User Manual or iMC EAD Security Policy Help.
•
The ACL for resources in the quarantined area and that for restricted resources correspond to isolation
ACL and security ACL on the security policy server respectively.
•
You can modify the authorized ACLs on the access device. However, your changes take effect only for
portal users logging on after the modification.
Specifying a Portal Server for Layer 3 Portal
Authentication
This task allows you to specify the portal server parameters for Layer 3 portal authentication, including
the portal server IP address, shared encryption key, server port, and the URL address for web
authentication. To use a remote portal server, specify the IP address of the remote portal server.
Follow these steps to specify a portal server for Layer 3 authentication:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Specify a portal server and
configure related parameters
portal server server-name ip
ip-address [ key key-string | port
port-id | url url-string |
vpn-instance
vpn-instance-name ] *
Required
By default, no portal server is
specified.