Configuration prerequisites and guidelines
•
Configure IP addresses for the host, router, and server as shown in
they can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
•
Customize the authentication pages, compress them to a file, and upload the file to the root
directory of the storage medium of the router.
Procedure
1.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Router> system-view
[Router] radius scheme rs1
# Specify the primary authentication server and primary accounting server, and configure the
keys for communication with the servers.
[Router-radius-rs1] primary authentication 192.168.0.112
[Router-radius-rs1] primary accounting 192.168.0.112
[Router-radius-rs1] key authentication simple radius
[Router-radius-rs1] key accounting simple radius
# Exclude the ISP domain name from the username sent to the RADIUS server.
[Router-radius-rs1] user-name-format without-domain
[Router-radius-rs1] quit
# Enable RADIUS session control.
[Router] radius session-control enable
2.
Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[Router] domain dm1
# Configure AAA methods for the ISP domain.
[Router-isp-dm1] authentication portal radius-scheme rs1
[Router-isp-dm1] authorization portal radius-scheme rs1
[Router-isp-dm1] accounting portal radius-scheme rs1
[Router-isp-dm1] quit
# Configure domain dm1 as the default ISP domain. If a user enters the username without the
ISP domain name at login, the authentication and accounting methods of the default domain
are used for the user.
[Router] domain default enable dm1
3.
Configure portal authentication:
# Create a portal Web server named newpt and specify http://2.2.2.1:2331/portal as the URL
of the portal Web server. The IP address in the URL must be the IP address of a Layer 3
interface routable to the portal client or a loopback interface (except 127.0.0.1) on the device.
[Router] portal web-server newpt
[Router-portal-websvr-newpt] url http://2.2.2.1:2331/portal
[Router-portal-websvr-newpt] quit
# Enable direct portal authentication on GigabitEthernet 1/0/2.
[Router] interface gigabitethernet 1/0/2
[Router–GigabitEthernet1/0/2] portal enable method direct
# Specify portal Web server newpt on GigabitEthernet 1/0/2.
[Router–GigabitEthernet1/0/2] portal apply web-server newpt
[Router–GigabitEthernet1/0/2] quit
371
Figure 129
and make sure