159
[Switch-radius-rs1] key authentication simple radius
[Switch-radius-rs1] user-name-format without-domain
# Configure the IP address of the security policy server.
[Switch-radius-rs1] security-policy-server 192.168.0.113
[Switch-radius-rs1] quit
2.
Configure an authentication domain:
# Create an ISP domain named
dm1
and enter its view.
[Switch] domain dm1
# Configure AAA methods for the ISP domain.
[Switch-isp-dm1] authentication portal radius-scheme rs1
[Switch-isp-dm1] authorization portal radius-scheme rs1
[Switch-isp-dm1] accounting portal radius-scheme rs1
[Switch-isp-dm1] quit
# Configure domain
dm1
as the default ISP domain for all users. Then, if a user enters the
username without the ISP domain at logon, the authentication and accounting methods of the
default domain are used for the user.
[Switch] domain default enable dm1
3.
Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001)
for Internet resources:
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[Switch-acl-adv-3000] rule deny ip
[Switch-acl-adv-3000] quit
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip
[Switch-acl-adv-3001] quit
On the security policy server, specify ACL 3000 as the isolation ACL and ACL 3001 as the security
ACL.
4.
Configure portal authentication:
# Configure the portal server as follows:
{
Name:
newpt
{
IP address:
192.168.0.111
{
Key:
portal
in plain text
{
Port number:
50100
{
URL:
http://192.168.0.111:8080/portal
[Switch] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting the host.
[Switch] interface vlan-interface 100
[Switch–Vlan-interface100] portal server newpt method direct
[Switch–Vlan-interface100] quit