# Configure domain dm1 as the default ISP domain. If a user enters the username without the ISP
domain name at login, the authentication and accounting methods of the default domain are used
for the user.
[Router] domain default enable dm1
3.
Configure ACL 3000 for resources on subnet 192.168.0.0/24 and ACL 3001 for Internet
resources:
[Router] acl number 3000
[Router-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[Router-acl-adv-3000] rule deny ip
[Router-acl-adv-3000] quit
[Router] acl number 3001
[Router-acl-adv-3001] rule permit ip
[Router-acl-adv-3001] quit
4.
Configure portal authentication:
# Configure a portal authentication server.
[Router] portal server newpt
[Router-portal-server-newpt] ip 192.168.0.111 key simple portal
[Router-portal-server-newpt] port 50100
[Router-portal-server-newpt] quit
# Configure a portal Web server.
[Router] portal web-server newpt
[Router-portal-websvr-newpt] url http://192.168.0.111:8080/portal
[Router-portal-websvr-newpt] quit
# Enable direct portal authentication on interface Ethernet 1/2.
[Router] interface ethernet 1/2
[Router–Ethernet1/2] portal enable method direct
# Reference the portal Web server newpt on interface Ethernet 1/2.
[Router–Ethernet1/2] portal apply web-server newpt
# Configure the BAS-IP as 2.2.2.1 for portal packets sent from Ethernet 1/2 to the portal
authentication server.
[Router–Ethernet1/2] portal bas-ip 2.2.2.1
[Router–Ethernet1/2] quit
Configuring extended re-DHCP portal authentication
Network requirements
As shown in
an IP address through the DHCP server. A portal server serves as both a portal authentication server and
a portal Web server. A RADIUS server serves as the authentication/accounting server.
Configure extended re-DHCP portal authentication. Before passing portal authentication, the host is
assigned a private IP address. After passing portal identity authentication, the host obtains a public IP
address and accepts security check. If the host fails the security check, it can access only subnet
192.168.0.0/24. After passing the security check, the host can access Internet resources.
Figure
97, the host is directly connected to the router (the access device). The host obtains
322