H3C LS-3100-52P-OVS-H3 Operation Manual - page 1405
1-16
[SwitchA-radius-rs1] primary accounting 192.168.0.112
[SwitchA-radius-rs1] key authentication radius
[SwitchA-radius-rs1] key accounting radius
# Specify that the ISP domain name should not be included in the username sent to the RADIUS server.
[SwitchA-radius-rs1] user-name-format without-domain
[SwitchA-radius-rs1] quit
2) Configure an authentication domain
# Create an ISP domain named dm1 and enter its view.
[SwitchA] domain dm1
# Configure the ISP domain to use RADIUS scheme rs1.
[SwitchA-isp-dm1] authentication portal radius-scheme rs1
[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure dm1 as the default ISP domain, allowing all users to share the authentication and
accounting methods of the default domain.
[SwitchA] domain default enable dm1
3) Configure portal authentication
# Configure the portal server as follows:
z
Name: newpt
z
IP address: 192.168.0.111
z
Key: portal
z
Port number: 50100
z
URL: http://192.168.0.111/portal.
[SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111/portal
# Enable portal authentication on the interface connecting Switch B.
[SwitchA] interface vlan-interface 4
[SwitchA–Vlan-interface4] ip address 20.20.20.1 255.255.255.0
[SwitchA–Vlan-interface4] portal server newpt method layer3
[SwitchA–Vlan-interface4] quit
# Configure the IP address of the interface connected with the portal server.
[SwitchA] interface vlan-interface 2
[SwitchA–Vlan-interface2] ip address 192.168.0.100 255.255.255.0
[SwitchA–Vlan-interface2] quit
On Switch B, you need to configure a default route to subnet 192.168.0.0/24, setting the next hop as
20.20.20.1. The configuration steps are omitted.
Configuring Direct Portal Authentication with Extended Functions
Network requirements
z
The host is directly connected to the switch and the switch is configured for direct extended portal
authentication. The host is assigned with a public network IP address manually or automatically by
a DHCP server. When users using the host have passed identity authentication but have not