144
Configuring direct portal authentication with extended
functions
Network requirements
As shown in Figure 57:
• The host is directly connected to the switch and the switch is configured for direct extended portal
authentication. The host is assigned with a public network IP address either manually or through
DHCP. If a user fails security check after passing identity authentication, the user can access only
subnet 192.168.0.0/24. After the user passes security check, the user can access Internet resources.
• A RADIUS server serves as the authentication/accounting server.
Figure 52 Network diagram
Configuration procedure
NOTE:
• Configure IP addresses for the host, switch, and servers as shown in Figure 57 and
make sure that the
can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
Configure the switch:
1. Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<Switch> system-view
[Switch] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the iMC server, set the server type to extended.
[Switch-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[Switch-radius-rs1] primary authentication 192.168.0.112
[Switch-radius-rs1] primary accounting 192.168.0.112
[Switch-radius-rs1] key accounting radius
[Switch-radius-rs1] key authentication radius
To Next Page
Loading...
