Creating a radius scheme, Creating a domain, Enabling portal authentication – H3C Technologies H3C Intelligent Management Center User Manual

Page 55: Enabling the dhcp server (optional), Endpoint configuration, Parameter correlation

Advertising
background image

37

Creating a RADIUS scheme

An access device exchanges RADIUS packets with UAM according to the configured RADIUS scheme.

When you configure a RADIUS scheme, follow these guidelines:

The authentication server IP and the accounting server IP that you specified in the RADIUS scheme
must be the IP address of the UAM server.

The shared key and authentication/accounting port specified in the RADIUS scheme must be
consistent with those configured for the access device on UAM.

Creating a domain

When you configure a domain, follow these guidelines:

Specify the authentication function of endpoint users as portal authentication.

The RADIUS scheme used by the domain must be configured as explained in the previous topic.

Enabling portal authentication

1.

Configure the portal server, and specify the portal server IP address as the IP address of the UAM

server.

2.

Enable portal authentication on a Layer 3 Ethernet interface or VLAN interface.

Enabling the DHCP server (optional)

The DHCP service configuration is optional. Users also can use static IP addresses.
To enable the DHCP service:

1.

Enable the DHCP service.

2.

Configure the IP address pool and gateway.

Endpoint configuration

You can directly perform portal authentication when you access the network through the browser on the

endpoint. After you install the iNode client, you can also create a portal authentication connection to

perform portal authentication. For the configuration procedure, see the iNode client help.
To use the security check or Internet access control function, you must install the iNode client to perform
portal authentication.

Parameter correlation

For authentication to be performed properly, the username specified on the iNode client, the domain and
RADIUS scheme configuration on the access device, and the suffix of the service in UAM must comply

with the correlation rule as shown in

Table 5

.

Table 5 Parameter correlation

Username format

on the iNode client

Domain on the

access device

Username format configured

on the access device

Service suffix in UAM

X@Y Y

user-name-format with-domain

Y

user-name-format without-domain No suffix

X

[Default Domain]

user-name-format with-domain

Name of the default
domain

Advertising
Popular Brands
Popular manuals