169
3. Configure the ACL (ACL 3000 ) for resources on subnet 192.168.0.0/24 and the ACL (ACL 3001)
for Internet resources
NOTE:
On the security policy server, specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL.
[Switch] acl number 3000
[Switch-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[Switch-acl-adv-3000] rule deny ip
[Switch-acl-adv-3000] quit
[Switch] acl number 3001
[Switch-acl-adv-3001] rule permit ip
[Switch-acl-adv-3001] quit
4. Configure portal authentication
# Configure the portal server as follows:
• Name: newpt
• IP address: 192.168.0.111
• Key: portal
• Port number: 50100
• U R L : h t t p : / / 19 2 .16 8 .0 .111:8080/portal.
[Switch] portal server newpt ip 192.168.0.111 key portal port 50100
url http://192.168.0.111:8080/portal
# Configure the switch as a DHCP relay agent, and enable the IP address check function.
[Switch] dhcp enable
[Switch] dhcp relay server-group 0 ip 192.168.0.112
[Switch] interface vlan-interface 100
[Switch–Vlan-interface100] ip address 20.20.20.1 255.255.255.0
[Switch–Vlan-interface100] ip address 10.0.0.1 255.255.255.0 sub
[Switch-Vlan-interface100] dhcp select relay
[Switch-Vlan-interface100] dhcp relay server-select 0
[Switch-Vlan-interface100] dhcp relay address-check enable
# Enable re-DHCP portal authentication on the interface connecting the host.
[Switch–Vlan-interface100] portal server newpt method redhcp
[Switch–Vlan-interface100] quit
Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in Figure 71:
• Switch A is configured for cross-subnet extended portal authentication. If the host fails security check
after passing identity authentication, the host can access only subnet 192.168.0.0/24. After
passing security check, the host can access Internet resources.
• The host accesses Switch A through Switch B.
• A RADIUS server serves as the authentication/accounting server.
To Next Page
Loading...
Need help?
General