Network requirements – H3C Technologies H3C SecPath F1000-E User Manual
Page 152
142
[SecPathA-isp-dm1] authentication portal radius-scheme rs1
[SecPathA-isp-dm1] authorization portal radius-scheme rs1
[SecPathA-isp-dm1] accounting portal radius-scheme rs1
[SecPathA-isp-dm1] quit
# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without
any ISP domain at logon, the authentication and accounting methods of the default domain will be
used for the user.
[SecPathA] domain default enable dm1
3.
On SecPath A, configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the
ACL (ACL 3001) for Internet resources.
[SecPathA] acl number 3000
[SecPathA-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[SecPathA-acl-adv-3000] rule deny ip
[SecPathA-acl-adv-3000] quit
[SecPathA] acl number 3001
[SecPathA-acl-adv-3001] rule permit ip
[SecPathA-acl-adv-3001] quit
On the security policy server, specify ACL 3000 as the isolation ACL and ACL 3001 as the security
ACL.
4.
Configure extended portal authentication on SecPath A:
# Configure the portal server as follows:
{
Name: newpt
{
IP address: 192.168.0.111
{
Key: portal
{
Port number: 50100
{
URL: http://192.168.0.111:8080/portal.
[SecPathA] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting SecPath B.
[SecPathA] interface gigabitethernet 0/2
[SecPathA–GigabitEthernet0/2] portal server newpt method layer3
[SecPathA–GigabitEthernet0/2] quit
On SecPath B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown.)
Configuring portal server detection and portal user information
synchronization
Network requirements
As shown in
, a host is directly connected to a SecPath (the access device) and must pass
portal authentication before it can access the Internet. A RADIUS server serves as the
authentication/accounting server.
Detailed requirements are as follows: