Configuring direct portal authentication with extended
functions
Network requirements
As shown in
The host is directly connected to the switch and the switch is configured for direct extended portal
•
authentication. The host is assigned with a public network IP address either manually or through
DHCP. If a user fails security check after passing identity authentication, the user can access only
subnet 192.168.0.0/24. After the user passes security check, the user can access Internet resources.
•
A RADIUS server serves as the authentication/accounting server.
Figure 52 Network diagram
Configuration procedure
NOTE:
•
Configure IP addresses for the host, switch, and servers as shown in
can reach each other.
Configure the RADIUS server properly to provide authentication and accounting functions for users.
•
Configure the switch:
1.
Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<Switch> system-view
[Switch] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the iMC server, set the server type to extended.
[Switch-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[Switch-radius-rs1] primary authentication 192.168.0.112
[Switch-radius-rs1] primary accounting 192.168.0.112
[Switch-radius-rs1] key accounting radius
[Switch-radius-rs1] key authentication radius
Figure
57:
144
Figure 57
and make sure that they