179
# Configure the BAS-IP as 3.3.0.3 for portal packets sent from VLAN-interface 3 to the portal
authentication server.
[SwitchA–Vlan-interface3] portal bas-ip 3.3.0.3
[SwitchA–Vlan-interface3] quit
Verifying the configuration
# Verify the portal configuration by executing the display portal interface command. (Details not
shown.)
# After the user passes authentication, execute the display portal user command to display the
portal user information.
[SwitchA] display portal user all
Total portal users: 1
Username: abc
Portal server: newpt
State: Online
Authorization ACL: None
VPN instance: vpn3
MAC IP VLAN Interface
000d-88f7-c268 3.3.0.1 3 Vlan-interface3
Configuring direct portal authentication using local portal
Web server
Network requirements
As shown in Figure 70, the host is directly connected to the switch (the access device). The host is
assigned a public IP address either manually or through DHCP. The switch acts as both a portal
authentication server and a portal Web server. A RADIUS server acts as the
authentication/accounting server.
Configure direct portal authentication on the switch. Before a user passes portal authentication, the
user can access only the local portal Web server. After passing portal authentication, the user can
access other network resources.
Figure 70 Network diagram
Configuration prerequisites and guidelines
• Configure IP addresses for the host, switch, and server as shown in Figure 70 and make sure
they can reach each other.
• Configure the RADIUS server correctly to provide authentication and accounting functions.
• Customize the authentication pages, compress them to a file, and upload the file to the root
directory of the storage medium of the switch.
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
Host
2.2
.2.2/24
Gateway: 2.2.2.1
192.168.0.112
/24
Switch
Vlan-int100
2.2.2.1/24
Vlan
-int2
192.168.0.100/24
RADIUS server
To Next Page
Loading...
Need help?
General