Verifying the configuration, Troubleshooting aaa, Troubleshooting radius – H3C Technologies H3C SecPath F1000-E User Manual

244

[SecPath-isp-dm1] accounting portal radius-scheme rs1

[SecPath-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without

any ISP domain at login, the authentication and accounting methods of the default domain are
used for the user.

[SecPath] domain default enable dm1

3.

Configure portal authentication:
# Configure the portal server.

[SecPath] portal server newpt ip 10.1.1.1 key portal port 50100 url

http://10.1.1.1:8080/portal

# Enable portal authentication on the interface connecting the host.

[SecPath] interface GigabitEthernet 0/1

[SecPath–GigabitEthernet0/1] portal server newpt method direct

[SecPath–GigabitEthernet0/1] quit

Verifying the configuration

The user can initiate portal authentication by using the H3C iNode client or by accessing a Web page.
All the initiated Web requests are redirected to the portal authentication page at

http://10.1.1.1:8080/portal. Before passing portal authentication, the user can access only the

authentication page. After passing portal authentication, the user can access the Internet.
# After the user passes portal authentication, view the portal user information on SecPath.

[SecPath] display portal user interface GigabitEthernet 0/1

Index:19

State:ONLINE

SubState:NONE

ACL:NONE

Work-mode:stand-alone

MAC IP Vlan Interface

---------------------------------------------------------------------

0015-e9a6-7cfe 192.168.1.58 0 GigabitEthernet 0/1

On interface GigabitEthernet 0/1:total 1 user(s) matched, 1 listed.

# View the connection information on SecPath.

[SecPath] display connection

Index=20 ,Username=portal@dm1

MAC=00-15-E9-A6-7C-FE

IP=192.168.1.58

IPv6=N/A

Total 1 connection(s) matched.

Troubleshooting AAA

Troubleshooting RADIUS

Symptom 1

User authentication/authorization always fails.