Operation Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 2 Portal Configuration
Huawei Technologies Proprietary
2-9
z Before passing the Portal authentication, the user PC is allocated a private
address. After passing the Portal authentication, the user PC need to apply for a
public address before accessing the Internet.
II. Network diagram
Switch
User PC
Portal server
vlan -interface 3
172.21.1.1/16
vlan-interface 2
192.168.1.160/16
Ethernet0/1
192.168.1.100/16
Ethernet0/3
Ethernet0/2
192.168.1.200/16
Gateway address: 172.21.1.1
172.21.1.2/16
VLAN 2
Internet
Ethernet0/10
RADIUS authentication/accounting server/DHCP Server
-
-
Internet
VLAN 3
Figure 2-3 Network diagram for Portal Re-DHCP authentication
III. Configuration procedure
Note:
z The following describes the re-DHCP authentication configuration. For the
configurations of the RADIUS scheme, ISP domain and Portal server, refer to
section 2.2.3 “Portal Direct Authentication Configuration Example”.
z Create address pools on the DHCP Server: 172.21.0.0/16 (public network) and
18.21.0.0/16 (private network). The detail configurations are not described here.
z In the operating mode of re-DHCP, the switch should be configured as a DHCP
Relay instead of a DHCP Server, and its VLAN interface for Portal enabling should
be configured with a primary and secondary IP addresses for public and private
networks.
# Configure the Portal operating mode as re-DHCP authentication.
[Quidway] portal method redhcp
# Configure VLAN 3.
[Quidway] vlan 3
[Quidway-vlan3] port ethernet 0/3
[Quidway] interface vlan-interface 3
[Quidway-Vlan-interface3] ip address 172.21.1.1 255.255.0.0
[Quidway-Vlan-interface3] ip address 18.21.1.1 255.255.0.0 sub
To Next Page
Loading...
