Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in
Switch A is configured for cross-subnet extended portal authentication. If a user fails security check
•
after passing identity authentication, the user can access only subnet 192.168.0.0/24. After
passing security check, the user can access Internet resources.
•
The host accesses Switch A through Switch B.
A RADIUS server serves as the authentication/accounting server.
•
Figure 53 Network diagram
Configuration procedure
NOTE:
Make sure that the IP address of the portal device added on the portal server is the IP address of the
•
interface connecting users (20.20.20.1 in this example), and the IP address group associated with the
portal device is the network segment where the users reside (8.8.8.0/24 in this example).
•
Configure IP addresses for the host, switches, and servers as shown in
can reach each other.
Configure the RADIUS server properly to provide authentication and accounting functions for users.
•
Configure Switch A:
1.
Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<SwitchA> system-view
[SwitchA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the iMC server, set the server type to extended.
[SwitchA-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[SwitchA-radius-rs1] primary authentication 192.168.0.112
Figure
58:
146
Figure 58
and make sure that they