Configuring secpath – H3C Technologies H3C SecPath F1000-E User Manual
Page 253
243
Select Portal_user from the IP Group list. The IP address used by the user to access the network
must be within this IP address group.
c.
Leave the default settings for other parameters and click OK.
Figure 189 Port group configuration
5.
Select User Access Manager > Service Parameters > Validate System Configuration from the
navigation tree to validate the configurations.
Configuring SecPath
1.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<SecPath> system-view
[SecPath] radius scheme rs1
# Set the server type for the RADIUS scheme. When CAMS or IMC is used, set the server type to
extended.
[SecPath-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[SecPath-radius-rs1] primary authentication 10.1.1.1
[SecPath-radius-rs1] primary accounting 10.1.1.1
[SecPath-radius-rs1] key authentication expert
[SecPath-radius-rs1] key accounting expert
# Specify the scheme to include the domain names in usernames to be sent to the RADIUS server.
[SecPath-radius-rs1] user-name-format with-domain
[SecPath-radius-rs1] quit
2.
Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[SecPath] domain dm1
# Configure the ISP domain to use RADIUS scheme rs1.
[SecPath-isp-dm1] authentication portal radius-scheme rs1
[SecPath-isp-dm1] authorization portal radius-scheme rs1