146
Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in Figure 58:
• Switch A is configured for cross-subnet extended portal authentication. If a user fails security check
after passing identity authentication, the user can access only subnet 192.168.0.0/24. After
passing security check, the user can access Internet resources.
• The host accesses Switch A through Switch B.
• A RADIUS server serves as the authentication/accounting server.
Figure 53 Network diagram
Configuration procedure
NOTE:
• Make sure that the IP address of the portal device added on the portal server is the IP address of the
interface connectin
users (20.20.20.1 in this example), and the IP address
roup associated with the
portal device is the network segment where the users reside (8.8.8.0/24 in this example).
• Configure IP addresses for the host, switches, and servers as shown in Figure 58 an
d make sure that the
can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
Configure Switch A:
1. Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<SwitchA> system-view
[SwitchA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the iMC server, set the server type to extended.
[SwitchA-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[SwitchA-radius-rs1] primary authentication 192.168.0.112
To Next Page
Loading...
