165
[SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting Switch B.
[SwitchA] interface vlan-interface 4
[SwitchA–Vlan-interface4] portal server newpt method layer3
[SwitchA–Vlan-interface4] quit
On Switch B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown)
Configuring direct portal authentication with extended
functions
Network requirements
As shown in Figure 69:
• The host is directly connected to the switch and the switch is configured for direct extended portal
authentication. The host is assigned with a public network IP address either manually or through
DHCP. If the host fails security check after passing identity authentication, the host can access only
subnet 192.168.0.0/24. After passing security check, the host can access Internet resources.
• A RADIUS server serves as the authentication/accounting server.
Figure 69 Network diagram
Switch
Host
2.2.2.2/24
Gateway : 2.2.2.1/24
Vlan-int100
2.2.2.1/24
Vlan-int2
192.168.0.100/24
Portal server
192.168.0.111/24
192.168.0.112/24
Security policy server
192.168.0.113/24
RADIUS server
Configuration procedure
NOTE:
• Configure IP addresses for the host, switch, and servers as shown in Figure 69 and make sure that they
can r
each each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
Configure the switch:
1. Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<Switch> system-view
To Next Page
Loading...
Need help?
General