State: Online
VPN instance: vpn3
MAC
0000-0000-0000
Authorization information:
DHCP IP pool: N/A
User profile: N/A
Session group profile: N/A
ACL: N/A
Inbound CAR: N/A
Outbound CAR: N/A
Inbound priority: N/A
Outbound priority: N/A
Example: Configuring direct portal authentication with a
preauthentication policy
Network configuration
As shown in
assigned a public IP address through DHCP. A portal server acts as both a portal authentication
server and a portal Web server. A RADIUS server acts as the authentication/accounting server.
Configure direct portal authentication, so the host can access only subnet 192.168.0.0/24 before
passing the authentication and access other network resources after passing the authentication.
Figure 127 Network diagram
Host
2.2.2.2/24
Gateway: 2.2.2.1/24
Configuration prerequisites
•
Configure IP addresses for the host, router, and servers as shown in
they can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
Procedure
Perform the following tasks on the router.
1.
Configure a preauthentication IP address pool:
# Configure DHCP address pool pre to assign IP addresses and other configuration
parameters to clients on subnet 2.2.2.0/24.
<Router> system-view
[Router] dhcp server ip-pool pre
IP
3.3.0.1
Figure
127, the host is directly connected to the router (the access device). The host is
GE1/0/2
GE1/0/1
2.2.2.1/24
192.168.0.100/24
Router
VLAN
Interface
--
GigabitEthernet1/0/1
Portal server
192.168.0.111/24
RADIUS server
192.168.0.112/24
366
Figure 127
and make sure