155
Portal server: newpt
State: Online
Authorization ACL: 3001
VPN instance: --
MAC IP VLAN Interface
0015-e9a6-7cfe 2.2.2.2 100 Vlan-interface100
Configuring extended re-DHCP portal authentication
Network requirements
As shown in Figure 54, the host is directly connected to the switch (the access device). The host obtains
an IP address through the DHCP server. A portal server acts as both a portal authentication server and
a portal Web server. A RADIUS server acts as the authentication/accounting server.
Configure extended re-DHCP portal authentication. Before passing portal authentication, the host is
assigned a private IP address. After passing portal identity authentication, the host obtains a public IP
address and accepts security check. If the host fails the security check, it can access only subnet
192.168.0.0/24. After passing the security check, the host can access Internet resources.
Figure 54 Network diagram
Configuration prerequisites and guidelines
• Configure IP addresses for the switch and servers as shown in Figure 54 and make sure the host,
switch, and servers can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions.
• For re-DHCP portal authentication, configure a public address pool (20.20.20.0/24) and a private
address pool (10.0.0.0/24) on the DHCP server. (Details not shown.)
• For re-DHCP portal authentication:
{ The switch must be configured as a DHCP relay agent.
{ The portal-enabled interface must be configured with a primary IP address (a public IP address)
and a secondary IP address (a private IP address).
For information about DHCP relay agent configuration, see Layer 3—IP Services Configuration
Guide.
To Next Page
Loading...
Need help?
General