H3C S5600 SERIES Operation Manual page 561

Network diagram
Figure 1-1 Web authentication for user
Configuration procedure
# Perform DHCP-related configuration on the DHCP server. (It is assumed that the user will
automatically obtain an IP address through the DHCP server.)
# Set the IP address and port number of the Web authentication server.
<Sysname> system-view
[Sysname] web-authentication web-server ip 10.10.10.10 port 8080
# Configure a free IP address range, so that the user can access free resources before it passes the
Web authentication.
[Sysname] web-authentication free-ip 10.20.20.1 24
# Enable Web authentication on GigabitEthernet 1/0/1 and set the user access method to designated.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1] web-authentication select method designated
# Create RADIUS scheme radius1 and enter its view.
[Sysname] radius scheme radius1
# Set the IP address of the primary RADIUS authentication server.
[Sysname-radius-radius1] primary authentication 10.10.10.164
# Enable accounting optional.
[Sysname-radius-radius1] accounting optional
# Set the password that will be used to encrypt the messages exchanged between the switch and the
RADIUS authentication server.
[Sysname -radius-radius1] key authentication expert
# Configure the system to strip domain name off a user name before transmitting the user name to the
RADIUS server.
[Sysname-radius-radius1] user-name-format without-domain
[Sysname-radius-radius1] quit
1-4