# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username without
the ISP domain at login, the authentication and accounting methods of the default domain are used
for the user.
[SwitchA] domain default enable dm1
Configure portal authentication:
3.
# Configure a portal server on the switch, making sure the IP address, key, port number, and URL
match those of the actual portal server.
[SwitchA] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting Switch B.
[SwitchA] interface vlan-interface 4
[SwitchA–Vlan-interface4] portal server newpt method layer3
[SwitchA–Vlan-interface4] quit
On Switch B, you must configure a default route to subnet 192.168.0.0/24, setting the next hop to
20.20.20.1. (Details not shown.)
Configuring direct portal authentication with extended
functions
Network requirements
As shown in
portal authentication. The host is assigned with a public network IP address either manually or through
DHCP. If a user fails security check after passing identity authentication, the user can access only subnet
192.168.0.0/24. After the user passes security check, the user can access Internet resources.
A RADIUS server serves as the authentication/accounting server.
Figure 47 Network diagram
Configuration prerequisites
•
Configure IP addresses for the host, switch, and servers as shown in
can reach each other.
Configure the RADIUS server properly to provide authentication and accounting functions for users.
•
Figure
47, the host is directly connected to the switch that is configured for direct extended
129
Figure 47
and make sure they