Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 145

135

Configuration procedure

NOTE:
•

Make sure that the IP address of the portal device added on the portal server is the IP address of the
interface connecting users (20.20.20.1 in this example), and the IP address group associated with the

portal device is the network segment where the users reside (8.8.8.0/24 in this example).

•

Configure IP addresses for the host, SecPaths, and servers as shown in

Figure 119

and make sure that

they can reach each other.

•

Configure the RADIUS server properly to provide authentication/accounting functions for users.

Configure a RADIUS scheme on SecPath A:
# Create a RADIUS scheme named rs1 and enter its view.

system-view

[SecPathA] radius scheme rs1

# Set the server type for the RADIUS scheme. When using the CAMS or IMC server, set the server

type to extended.

[SecPathA-radius-rs1] server-type extended

# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.

[SecPathA-radius-rs1] primary authentication 192.168.0.112

[SecPathA-radius-rs1] primary accounting 192.168.0.112

[SecPathA-radius-rs1] key authentication radius

[SecPathA-radius-rs1] key accounting radius

# Specify that the ISP domain name should not be included in the username sent to the RADIUS

server.

[SecPathA-radius-rs1] user-name-format without-domain

[SecPathA-radius-rs1] quit

Configure an authentication domain on SecPath A:
# Create an ISP domain named dm1 and enter its view.

[SecPathA] domain dm1

# Configure AAA methods for the ISP domain.

[SecPathA-isp-dm1] authentication portal radius-scheme rs1

[SecPathA-isp-dm1] authorization portal radius-scheme rs1

[SecPathA-isp-dm1] accounting portal radius-scheme rs1

[SecPathA-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without

any ISP domain at logon, the authentication and accounting methods of the default domain will be
used for the user.

[SecPathA] domain default enable dm1

Configure portal authentication on SecPath A:
# Configure the portal server as follows:

{

Name: newpt

{

IP address: 192.168.0.111

{

Key: portal

{

Port number: 50100

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS