# Configure the BAS-IP as 3.3.0.3 for portal packets sent from VLAN-interface 3 to the portal
authentication server.
[SwitchA–Vlan-interface3] portal bas-ip 3.3.0.3
[SwitchA–Vlan-interface3] quit
Verifying the configuration
# Verify the portal configuration by executing the display portal interface command. (Details not
shown.)
# After the user passes authentication, execute the display portal user command to display the
portal user information.
[SwitchA] display portal user all
Total portal users: 1
Username: abc
Portal server: newpt
State: Online
VPN instance: vpn3
MAC
0000-0000-0000
Authorization information:
DHCP IP pool: N/A
ACL: N/A
CAR: N/A
Configuring direct portal authentication with a
preauthentication domain
Network requirements
As shown in
assigned a public IP address through DHCP. A portal server acts as both a portal authentication
server and a portal Web server. A RADIUS server acts as the authentication/accounting server.
Configure direct portal authentication, so the host can access only subnet 192.168.0.0/24 before
passing the authentication and access other network resources after passing the authentication.
Figure 74 Network diagram
Host
2.2.2.2/24
Gateway:2.2.2.1/24
Configuration prerequisites
•
Configure IP addresses for the host, switch, and servers as shown in
they can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
IP
3.3.0.1
Figure
74, the host is directly connected to the switch (the access device). The host is
Vlan-int100
Vlan-int2
2.2.2.1/24
192.168.0.100/24
Switch
VLAN
Interface
3
Vlan-interface3
Portal server
192.168.0.111/24
RADIUS server
192.168.0.112/24
230
Figure 74
and make sure