142
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters the username
without the ISP domain at logon, the authentication and accounting methods of the default domain are
used for the user.
[Switch] domain default enable dm1
• Configure portal authentication
# Configure a portal server on the switch, making sure that the IP address, port number and URL match
those of the actual portal server.
[Switch] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting the host.
[Switch] interface vlan-interface 100
[Switch–Vlan-interface100] portal server newpt method direct
[Switch–Vlan-interface100] quit
Configuring cross-subnet portal authentication
Network requirements
As shown in Figure 56:
• Switch A is configured for cross-subnet portal authentication. Before passing portal authentication,
the host can access only the portal server. After passing portal authentication, it can access Internet
resources.
• The host accesses Switch A through Switch B.
• A RADIUS server serves as the authentication/accounting server.
Figure 51 Network diagram
Configuration procedure
NOTE:
• Make sure that the IP address of the portal device added on the portal server is the IP address of the
interface connectin
users (20.20.20.1 in this example), and the IP address
roup associated with the
portal device is the network segment where the users reside (8.8.8.0/24 in this example).
• Configure IP addresses for the host, switches, and servers as shown in Figure 56 an
d make sure that the
can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
To Next Page
Loading...
Need help?
General