beautypg.com

Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

Page 146

background image

136

{

URL: http://192.168.0.111:8080/portal.

[SecPathA] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable Layer 3 portal authentication on the interface connecting SecPath B.

[SecPathA] interface gigabitethernet 0/2

[SecPathA–GigabitEthernet0/2] portal server newpt method layer3

[SecPathA–GigabitEthernet0/2] quit

On SecPath B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown.)

Configuring direct portal authentication with extended
functions

Network requirements

As shown in

Figure 120

:

The host is directly connected to the SecPath and the SecPath is configured for direct portal
authentication. The host is assigned with a public network IP address either manually or through

DHCP. If a user fails security check after passing identity authentication, the user can access only

subnet 192.168.0.0/24. After the user passes security check, the user can access Internet resources.

A RADIUS server serves as the authentication/accounting server.

Figure 120 Network diagram

Configuration procedure

NOTE:

Configure IP addresses for the host, SecPath, and servers as shown in

Figure 120

and make sure that

routes are available between devices before extended portal is enabled.

Configure the RADIUS server properly to provide authentication/accounting functions for users.

1.

Configure a RADIUS scheme on the SecPath:
# Create a RADIUS scheme named rs1 and enter its view.

system-view

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: