206
Configuration prerequisites and guidelines
• Configure IP addresses for the host, switch, and server as shown in Figure 74 and make sure
they can reach each other.
• Configure the RADIUS server correctly to provide authentication and accounting functions.
• Customize the authentication pages, compress them to a file, and upload the file to the root
directory of the storage medium of the switch.
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Switch> system-view
[Switch] radius scheme rs1
# Specify the primary authentication server and primary accounting server, and configure the
keys for communication with the servers.
[Switch-radius-rs1] primary authentication 192.168.0.112
[Switch-radius-rs1] primary accounting 192.168.0.112
[Switch-radius-rs1] key authentication simple radius
[Switch-radius-rs1] key accounting simple radius
# Exclude the ISP domain name from the username sent to the RADIUS server.
[Switch-radius-rs1] user-name-format without-domain
[Switch-radius-rs1] quit
# Enable RADIUS session control.
[Switch] radius session-control enable
2. Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[Switch] domain dm1
# Configure AAA methods for the ISP domain.
[Switch-isp-dm1] authentication portal radius-scheme rs1
[Switch-isp-dm1] authorization portal radius-scheme rs1
[Switch-isp-dm1] accounting portal radius-scheme rs1
[Switch-isp-dm1] quit
# Configure domain dm1 as the default ISP domain. If a user enters the username without the
ISP domain name at login, the authentication and accounting methods of the default domain
are used for the user.
[Switch] domain default enable dm1
3. Configure portal authentication:
# Create a local portal Web server. Use HTTP to exchange authentication information with
clients.
[Switch] portal local-web-server http
# Specify file abc.zip as the default authentication page file for local portal authentication.
(Make sure the file exist under the root directory of the switch.)
[Switch–portal-local-websvr-http] default-logon-page abc.zip
# Set the HTTP service listening port number to 2331 for the local portal Web server.
[Switch–portal-local-webserver-http] tcp-port 2331
[Switch–portal-local-websvr-http] quit
# Configure the portal Web server name as newpt and URL as the IP address of the portal
authentication-enabled interface or a loopback interface (except 127.0.0.1).
[Switch] portal web-server newpt
To Next Page
Loading...
Need help?
General