Configuring Re-Dhcp Portal Authentication - H3C S5120-EI Series Operation Manual

Configuring Re-DHCP Portal Authentication

Network requirements
The host is directly connected to the switch and the switch is configured for re-DHCP
authentication. The host is assigned with an IP address through the DHCP server. Before portal
authentication, the host uses an assigned private IP address. After passing portal authentication, it
can get a public IP address and then users using the host can access unrestricted Internet
resources.
A RADIUS server serves as the authentication/accounting server.
Figure 1-5 Configure re-DHCP portal authentication
20.20.20.1/24
10.0.0.1/24 sub
Host
automatically obtains
an IP address
Configuration procedure
For re-DHCP authentication, you need to configure a public address pool (20.20.20.0/24, in this
example) and a private address pool (10.0.0.0/24, in this example) on the DHCP server. The
configuration steps are omitted. For DHCP configuration information, refer to DHCP Configuration
in the IP Services Volume.
For re-DHCP authentication, the switch must be configured as a DHCP relay agent (instead of a
DHCP server) and the portal-enabled interface must be configured with a primary IP address (a
public IP address) and a secondary IP address (a private IP address).
You need to configure IP addresses for the devices as shown in
are available between devices.
Configure the switch:
1) Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<Switch> system-view
[Switch] radius scheme rs1
Vlan-int100
Vlan-int2
192.168.0.100/24
Switch
Portal server
192.168.0.111/24
DHCP server
192.168.0.112/24
RADIUS server
192.168.0.113/24
Figure 1-5
1-13
and ensure that routes