Item
Source-VLAN
Destination IP Address
Mask
Portal authentication configuration examples
Configuring Layer 2 portal authentication
Network requirements
As shown in
authentication for users connected to port GigabitEthernet 1/0/1. More specifically, the requirements
are as follows:
Use the IMC server as the remote RADIUS server for authentication, authorization and accounting.
•
Use the remote DHCP server to assign IP addresses to users.
•
The listening IP address of the local portal server is 4.4.4.4. The switch uses HTTP to transmit
•
authentication data.
Enable authorized users to access external network resources.
•
Figure 372 Network diagram
Configuration prerequisites
Before configuring portal authentication, make sure the host, switch, and servers can reach each other.
Configure the RADIUS server to provide authentication/authorization/accounting functions for users. In
this example, you must create a portal user account with the account name userpt on the RADIUS server.
On the DHCP server, you must specify the IP address range (192.168.1.0/24) for address allocation,
specify the default gateway address (192.168.1.1), specify the leases for the assigned IP addresses and
make sure there is a route to the host.
Description
Specify a source VLAN for the portal-free rule.
IMPORTANT:
If you configure both a source interface and a source VLAN for a portal-free rule,
make sure that the source interface is in the source VLAN. Otherwise, the
portal-free rule will not take effect.
Specify the destination IP address and mask of the portal-free rule.
Figure
372, a host is directly connected to a switch. The switch performs Layer 2 portal
367