127
# Enable DHCP.
[Switch] dhcp enable
# Create DHCP server group 1 and add DHCP server 1.1.1.3 into the group.
[Switch] dhcp relay server-group 1 ip 1.1.1.3
# Enable the DHCP relay agent on VLAN-interface 8.
[Switch] interface vlan-interface 8
[Switch-Vlan-interface8] dhcp select relay
# Correlate DHCP server group 1 with VLAN-interface 8.
[Switch-Vlan-interface8] dhcp relay server-select 1
[Switch-Vlan-interface8] quit
# Enable the DHCP relay agent on VLAN-interface 2.
[Switch] interface vlan-interface 2
[Switch-Vlan-interface2] dhcp select relay
# Correlate DHCP server group 1 with VLAN-interface 2.
[Switch-Vlan-interface2] dhcp relay server-select 1
[Switch-Vlan-interface2] quit
# Enable the DHCP relay agent on VLAN-interface 3.
[Switch] interface vlan-interface 3
[Switch-Vlan-interface3] dhcp select relay
# Correlate DHCP server group 1 with VLAN-interface 3.
[Switch-Vlan-interface3] dhcp relay server-select 1
[Switch-Vlan-interface3] quit
Verification
Before user
userpt
accesses a web page, the user is in VLAN 8 (the initial VLAN), and is assigned with
an IP address on subnet 192.168.1.0/24. When the user access a web page on the external network, the
web request will be redirected to authentication page
https://4.4.4.4/portal/logon.htm
. After entering
the correct username and password, the user can pass the authentication. Then, the device will move the
user from VLAN 8 to VLAN 3, the authorized VLAN. You can use the
display connection ucibindex
command to view the online user information
<Switch> display connection ucibindex 30
Slot: 1
Index=30 , Username=userpt@triple
MAC=0015-e9a6-7cfe
IP=192.168.1.2
IPv6=N/A
Access=PORTAL ,AuthMethod=PAP
Port Type=Ethernet,Port Name=GigabitEthernet1/0/1
Initial VLAN=8, Authorization VLAN=3
ACL Group=Disable
User Profile=N/A
CAR=Disable
Priority=Disable
Start=2011-01-26 17:40:02 ,Current=2011-01-26 17:48:21 ,Online=00h08m19s
Total 1 connection matched.