Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure Portbased Authentication of L2 Portal Authentication

Network Requirements

  • PC1 and PC2 on one LAN are connected to IP Network via Device, enable the L2 Portal authentication function on Device, and configure the authentication mode as Portabased.
  • The authentication mode adopts the RADIUS authentication.
  • The un-authenticated user can only access Portal Server, and the authenticated user can access IP Network.
  • After one user on LAN passes the authentication, the other users on the LAN can access IP Network without authentication.

Network Topology

Networking of configuring the Portbased authentication of the L2 Portal authentication

Figure 13-6 Networking of configuring the Portbased authentication of the L2 Portal authentication

Configuration Steps

Step 1: Configure the VLAN and port link type on Device.

#Create VLAN129 on Device.

Device#configure terminal
Device(config)#vlan 129
Device(config)#exit

#Configure the link type of port gigabitethernet0/2 as Access, permitting the services of VLAN129 to pass.

Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode access
Device(config-if-gigabitethernet0/2)#switchport access vlan 129
Device(config-if-gigabitethernet0/2)#exit

#Configure the port link type on gigabitethernet 0/3-gigabitethernet 0/5 of Device as Access, permitting the services of VLAN129 to pass (omitted).

Step 2: Configure the interface IP address of Device.

#Configure the IP address of VLAN129 as 129.255.43.10/24.

Device(config)#interface vlan 129
Device(config-if-vlan129)#ip address 129.255.43.10 255.255.255.0
Device(config-if-vlan129)#exit

Step 3: Configure the AAA authentication.

#On Device, enable the AAA authentication, adopt the RADIUS authentication mode, the RADIUS server address is 129.255.43.90/24, the key value is admin, and the priority is 1.

Device#configure terminal
Device(config)#aaa new-model
Device(config)#aaa authentication connection default radius
Device(config)#radius-server host 129.255.43.90 priority 1 key admin

Step 4: Configure the AAA server.

#Configure the user name, password and key value as admin on the AAA server (omitted).

Step 5: Configure the L2 Portal authentication.

#On Device, configure the Portal server named server1.

Device(config)# portal server server1 ip 129.255.43.99 key admin url http://129.255.43.99:8080/portal

#On Device, enable L2 portal authentication, and the authentication mode is Portased.

Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#portal server server1 method layer2
Device(config-if-gigabitethernet0/2)#authentication port-method portbased
Device(config-if-gigabitethernet0/2)#exit

Step 6: Configure the Portal server.

#On the Portal server, configure the IP address, Device address and key of PC1 as admin (omitted).

Step 7: Check the result.

#Before passing the authentication, both PC1 and PC2 can only access Portal Server. #PC1 can pass the authentication. Both PC1 and PC2 can access IP Network.

Device#show portal user  
------------------------------------
NO 1 : IP_ADDRESS= 129.255.43.1 STATUS= Authorized USER_NAME= admin             
         INTERFACE= gi0/2         CTRL_METHOD= L2_MAC AUTH_STATE= AUTHENTICATED 
         BACK_STATE= AAA_SM_IDLE   VLAN= 129            MAC_ADDRESS= 00E0.4C47.01DB 
 
  Total: 1 Authorized: 1 Unauthorized/Guest/Critical: 0/0/0