Network requirements – H3C Technologies H3C S7500E Series Switches User Manual
Page 162
8-25
# Configure the ISP domain to use RADIUS scheme rs1.
[Switch-isp-dm1] authentication portal radius-scheme rs1
[Switch-isp-dm1] authorization portal radius-scheme rs1
[Switch-isp-dm1] accounting portal radius-scheme rs1
[Switch-isp-dm1] quit
# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username
without the ISP domain at logon, the authentication and accounting methods of the default
domain will be used for the user.
[Switch] domain default enable dm1
Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001)
for Internet resources
On the security policy server, you need to specify ACL 3000 as the isolation ACL and ACL 3001
as the security ACL.
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[Switch-acl-adv-3000] rule deny ip
[Switch-acl-adv-3000] quit
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip
[Switch-acl-adv-3001] quit
3) Configure portal authentication
# Configure the portal server as follows:
z
Name: newpt
z
IP address: 192.168.0.111
z
Key: portal
z
Port number: 50100
z
URL: http://192.168.0.111:8080/portal.
[Switch] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting the host.
[Switch] interface vlan-interface 100
[Switch–Vlan-interface100] portal server newpt method direct
[Switch–Vlan-interface100] quit
Configuring Re-DHCP Portal Authentication with Extended Functions
Network requirements
As shown in
z
The host is directly connected to the switch and the switch is configured for re-DHCP
authentication. The host is assigned with an IP address through the DHCP server. Before