Portal + Re-DHCP
Authentication
Configuration Examples
# Configure the RADIUS scheme named "rs1" in the ISP domain.
[Router-isp-dm1] authentication portal radius-scheme rs1
[Router-isp-dm1] authorization portal radius-scheme rs1
[Router-isp-dm1] accounting portal radius-scheme rs1
[Router-isp-dm1] quit
# Configure dm1 as the default ISP domain where all access users share the
default authentication and accounting modes.
[Router] domain default enable dm1
3 Apply ACL 3000 to restricted resources and ACL 3001 to unrestricted resources
[Router] acl number 3000
[Router-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[Router-acl-adv-3000] quit
[Router] acl number 3001
[Router-acl-adv-3001] rule permit ip source 2.2.2.2 0
[Router-acl-adv-3001] quit
4 Configure portal+ authentication
# Configure the portal+ server as follows:
Name: newpt
■
IP address: 192.168.0.111
■
Key: portal
■
Port number: 50100
■
URL: http://192.168.0.111/portal.
■
[Router] portal server newpt ip 192.168.0.111 key portal port 50100
url http://192.168.0.111/portal
# Enable portal+ authentication on the interface connected to the host.
[Router] interface ethernet 1/0
[Router-Ethernet1/0] ip address 2.2.2.1 255.255.255.0
[Router-Ethernet1/0] portal server newpt method direct service-type plus
[Router-Ethernet1/0] quit
# Configure the IP address of the interface communicating with the portal server.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] ip address 192.168.0.100 255.255.255.0
[Router-Ethernet1/1] quit
Network requirements
The router is configured with portal+ re-DHCP authentication function. Users
■
obtain IP addresses through the DHCP server. Before portal+ authentication,
they are assigned private IP addresses. After passing portal+ authentication,
they apply public IP addresses so that they can access the Internet.
When users have passed identity authentication but have not passed security
■
authentication, they can only access subnet 192.168.0.0/24. After passing the
security authentication, users can access external networks.
A RADIUS server serves as the authentication/accounting server.
■
Portal Configuration Examples (on Routers)
1867