Configuration considerations, Configuring the portal server – H3C Technologies H3C SecPath F1000-E User Manual
Page 153
143
•
The host is assigned with a public network IP address either manually or through DHCP. Before
passing portal authentication, the host can access only the portal server. After passing portal
authentication, the host can access the Internet.
•
The access device (SecPath) can detect whether the portal server is reachable and send trap
messages upon state changes. When the portal server is unreachable due to, for example, a
connection failure, network device failure, or portal server failure, the access device can disable
portal authentication, allowing users to access the Internet without authentication.
•
The access device can synchronize portal user information with the portal server periodically.
Figure 123 Network diagram
Configuration considerations
1.
Configure the portal server and enable portal server heartbeat function and the portal user
heartbeat function.
2.
Configure the RADIUS server to implement authentication and accounting.
3.
Configure direct portal authentication on interface GigabitEthernet 0/2, which is directly
connected with the host.
4.
Configure the portal server detection function on the access device, so that the access device can
detect the status of the portal server by cooperating with the portal server heartbeat function.
5.
Configure the portal user information synchronization function, so that the access device can
synchronize portal user information with the portal server by cooperating with the portal user
heartbeat function.
NOTE:
•
Configure IP addresses for the host, SecPath, and servers as shown in
and make sure that
they can reach each other.
•
Configure the RADIUS server properly to provide authentication/accounting functions for users.
Configuring the portal server
NOTE:
This example assumes that the portal server runs on IMC PLAT 3.20-R2606P13 and IMC UAM
3.60-E6301.
# Configure the portal server.