Web authentication configuration example, Network requirements, Network diagram – H3C Technologies H3C S3100 Series Switches User Manual

1-10

Web Authentication Configuration Example

Network requirements

As shown in

Figure 1-1

, a user connects to the Ethernet switch through port Ethernet 1/0/1.

z

Configure the DHCP server so that users can obtain IP addresses from it.

z

Configure Web authentication on Ethernet 1/0/1 to control the access of the user to the Internet.

z

Configure a free IP address range, which can be accessed by the user before it passes the Web

authentication.

Network diagram

Figure 1-1 Web authentication for user

Eth 1/0/1

Internet

User

DHCP server

10.10.10.166/24

Free resource

Authentication server

10.10.10.164/24

10.20.20.1/24

Configuration procedure

# Perform DHCP-related configuration on the DHCP server. (It is assumed that the user will

automatically obtain an IP address through the DHCP server.)

# Set the IP address and port number of the Web authentication server.

<Sysname> system-view

[Sysname] web-authentication web-server ip 10.10.10.10 port 8080

# Configure a free IP address range, so that the user can access free resources before it passes the

Web authentication.

[Sysname] web-authentication free-ip 10.20.20.1 24

# Enable Web authentication on Ethernet 1/0/1 and set the user access method to designated.

[Sysname] interface Ethernet 1/0/1

[Sysname-Ethernet1/0/1] web-authentication select method designated

# Create RADIUS scheme radius1 and enter its view.

[Sysname] radius scheme radius1

# Set the IP address of the primary RADIUS authentication server.

[Sysname-radius-radius1] primary authentication 10.10.10.164

# Enable accounting optional.

[Sysname-radius-radius1] accounting optional

# Set the password that will be used to encrypt the messages exchanged between the switch and the

RADIUS authentication server.