Configuring cross-subnet portal authentication

Network requirements

As shown in Figure 49:

Figure 49: Network diagram

Configuration procedure

When configuring cross-subnet portal authentication, follow these guidelines:

Perform the following configuration to configure cross-subnet portal authentication on Switch A:

  • Configure a RADIUS scheme:

  • # Create a RADIUS scheme named rs1 and enter its view.

    <SwitchA> system-view
    [SwitchA] radius scheme rs1
    

    # Set the server type for the RADIUS scheme. When using the IMC server, set it to extended.

    [SwitchA-radius-rs1] server-type extended
    

    # Specify the primary authentication server and primary accounting server, and configure the keys for communication with the servers.

    [SwitchA-radius-rs1] primary authentication 192.168.0.112
    [SwitchA-radius-rs1] primary accounting 192.168.0.112
    [SwitchA-radius-rs1] key authentication simple radius
    [SwitchA-radius-rs1] key accounting simple radius
    

    # Specify that the ISP domain name should not be included in the username sent to the RADIUS server.

    [SwitchA-radius-rs1] user-name-format without-domain
    [SwitchA-radius-rs1] quit
    
  • Configure an authentication domain:

  • # Create an ISP domain named dm1 and enter its view.

    [SwitchA] domain dm1
    

    # Configure AAA methods for the ISP domain.

    [SwitchA-isp-dm1] authentication portal radius-scheme rs1
    [SwitchA-isp-dm1] authorization portal radius-scheme rs1
    [SwitchA-isp-dm1] accounting portal radius-scheme rs1
    [SwitchA-isp-dm1] quit
    

    # Configure domain dm1 as the default ISP domain for all users. Then, if a user enters the username without the ISP domain at logon, the authentication and accounting methods of the default domain are used for the user.

    [SwitchA] domain default enable dm1
    
  • Configure portal authentication:

  • # Configure the portal server as follows:

    [SwitchA] portal server newpt ip 192.168.0.111 key simple portal port 50100 url http://192.168.0.111:8080/portal
    

    # Enable portal authentication on the interface connecting Switch B.

    [SwitchA] interface vlan-interface 4
    [SwitchA–Vlan-interface4] portal server newpt method layer3
    [SwitchA–Vlan-interface4] quit
    

    On Switch B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1. (Details not shown.)