NOTE:
Make sure that the IP address of the portal device added on the portal server is the IP address of the
•
interface connecting users (20.20.20.1 in this example), and the IP address group associated with the
portal device is the network segment where the users reside (8.8.8.0/24 in this example).
•
Configure IP addresses for the host, switches, and servers as shown in
can reach each other.
Configure the RADIUS server properly to provide authentication and accounting functions for users.
•
Configure Switch A:
Configure a RADIUS scheme
1.
# Create a RADIUS scheme named rs1 and enter its view.
<SwitchA> system-view
[SwitchA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the iMC server, set it to extended.
[SwitchA-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[SwitchA-radius-rs1] primary authentication 192.168.0.112
[SwitchA-radius-rs1] primary accounting 192.168.0.112
[SwitchA-radius-rs1] key authentication radius
[SwitchA-radius-rs1] key accounting radius
# Specify that the ISP domain name should not be included in the username sent to the RADIUS server.
[SwitchA-radius-rs1] user-name-format without-domain
[SwitchA-radius-rs1] quit
Configure an authentication domain
2.
# Create an ISP domain named dm1 and enter its view.
[SwitchA] domain dm1
# Configure AAA methods for the ISP domain.
[SwitchA-isp-dm1] authentication portal radius-scheme rs1
[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters the username
without the ISP domain at logon, the authentication and accounting methods of the default domain are
used for the user.
[SwitchA] domain default enable dm1
Configure portal authentication
3.
# Configure the portal server as follows:
Name: newpt
•
IP address: 192.168.0.1 1 1
•
•
Key: portal
Port number: 50100
•
URL: http://192.168.0.1 1 1:8080/portal.
•
164
Figure 68
and make sure that they