Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 148

138

[SecPath] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111:8080/portal

# Enable extended portal authentication on the interface connecting the host.

[SecPath] interface gigabitethernet 0/2

[SecPath–GigabitEthernet0/2] portal server newpt method direct

[SecPath–GigabitEthernet0/2] quit

Configuring re-DHCP portal authentication with extended
functions

Network requirements

As shown in

Figure 121

•

The host is directly connected to the SecPath and the SecPath is configured for re-DHCP extended
portal authentication. The host is assigned with an IP address through the DHCP server. Before

extended portal authentication, the host uses an assigned private IP address. After passing the

authentication, the host can get a public IP address.

•

If a user fails security check after passing identity authentication, the user can access only subnet
192.168.0.0/24. After passing security check, the user can access Internet resources.

•

A RADIUS server serves as the authentication/accounting server.

Figure 121 Network diagram

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS