Network Requirements
- PC1 and PC2 on one LAN are connected to IP Network via Device, enable the L2 Portal authentication function on Device, and configure the authentication mode as Macbased.
- The authentication mode adopts the RADIUS authentication.
- The un-authenticated user can only access Portal Server, and the authenticated user can access IP Network.
- After one user on LAN passes the authentication, the user can access IP Network, and the other users on the LAN can access IP Network after passing the authentication.
Network Topology
Figure 13-7 Networking of configuring the Macbased authentication of the L2 Portal authentication
Configuration Steps
Step 1: Configure the VLAN and port link type on Device.
#Create VLAN129 on Device.
Device#configure terminal
Device(config)#vlan 129
Device(config)#exit
|
#Configure the link type of port gigabitethernet0/2 as Access, permitting the services of VLAN129 to pass.
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode access
Device(config-if-gigabitethernet0/2)#switchport access vlan 129
Device(config-if-gigabitethernet0/2)#exit
|
#Configure the port link type on gigabitethernet 0/3-gigabitethernet 0/5 of Device as Access, permitting the services of VLAN129 to pass (omitted).
Step 2: Configure the interface IP address of Device.
#Configure the IP address of VLAN129 as 129.255.43.10/24.
Device(config)#interface vlan 129
Device(config-if-vlan129)#ip address 129.255.43.10 255.255.255.0
Device(config-if-vlan129)#exit
|
Step 3: Configure the AAA authentication.
#On Device, enable the AAA authentication, adopt the RADIUS authentication mode, the RADIUS server address is 129.255.43.90/24, the key value is admin, and the priority is 1.
Device#configure terminal
Device(config)#aaa new-model
Device(config)#aaa authentication connection default radius
Device(config)#radius-server host 129.255.43.90 priority 1 key admin
|
Step 4: Configure the AAA server.
#Configure the user name, password and key value as admin on the AAA server (omitted).
Step 5: Configure the L2 portal authentication.
#On Device, configure the Portal server named server1.
Device(config)# portal server server1 ip 129.255.43.99 key admin url http://129.255.43.99:8080/portal
|
#On Device, enable the L2 portal authentication, and the authentication mode is Macbased.
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#portal server server1 method layer2
Device(config-if-gigabitethernet0/2)#authentication port-method macbased
Device(config-if-gigabitethernet0/2)#exit
|
Step 6: Configure the Portal server.
#On the Portal server, configure the IP address, Device address and key of PC1 as admin (omitted).
Step 7: Check the result.
#Before passing the authentication, both PC1 and PC2 can only access Portal Server.
#PC1 can pass the authentication. PC1 can access IP Network, and PC2 cannot access IP Network.
Device#show portal user
-----------------------------------------------
NO 1 : IP_ADDRESS= 129.255.43.1 STATUS= Authorized USER_NAME= admin
INTERFACE= gi0/2 CTRL_METHOD= L2_MAC AUTH_STATE= AUTHENTICATED
BACK_STATE= AAA_SM_IDLE VLAN= 129 MAC_ADDRESS= 00E0.4C47.01DB
Total: 1 Authorized: 1 Unauthorized/Guest/Critical: 0/0/0