Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual

Page 141

131

[SecPath-radius-rs1] key accounting radius

# Specify that the ISP domain name should not be included in the username sent to the RADIUS

server.

[SecPath-radius-rs1] user-name-format without-domain

[SecPath-radius-rs1] quit

Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.

[SecPath] domain dm1

# Configure AAA methods for the ISP domain.

[SecPath-isp-dm1] authentication portal radius-scheme rs1

[SecPath-isp-dm1] authorization portal radius-scheme rs1

[SecPath-isp-dm1] accounting portal radius-scheme rs1

[SecPath-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without

any ISP domain at logon, the authentication and accounting methods of the default domain will be
used for the user.

[SecPath] domain default enable dm1

Configure portal authentication:
# Configure a portal server on the SecPath, making sure that the IP address, port number and URL
match those of the actual portal server.

[SecPath] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting the host.

[SecPath] interface gigabitethernet 0/2

[SecPath–GigabitEthernet0/2] portal server newpt method direct

[SecPath–GigabitEthernet0/2] quit

Verifying the configuration

Execute the following command to see whether the portal configuration has taken effect:

[SecPath] display portal interface gigabitethernet 0/2

Interface portal configuration:

GigabitEthernet0/2: Portal running

Portal server: newpt

Authentication type: Direct

Authentication domain:

Authentication network:

address : 0.0.0.0 mask : 0.0.0.0

The user can initiate portal authentication by using the H3C iNode client or by accessing a Web page.
All the initiated Web requests will be redirected to the portal authentication page

http://192.168.0.111:8080/portal. Before passing portal authentication, the user can access only the

authentication page. After passing portal authentication, the user can access Internet resources.
After the user passes the portal authentication, you can use the following command to view the portal
user information on the SecPath.

[SecPath] display portal user interface gigabitethernet 0/2

Index:19

State:ONLINE

SubState:NONE

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS