Network Requirements
- PC1 and PC2 on one LAN are connected to IP Network via Device, enable the L2 Portal authentication function on Device, and configure the authentication mode as Portabased.
- The authentication mode adopts the RADIUS authentication.
- The un-authenticated user can only access Portal Server, and the authenticated user can access IP Network.
- After one user on LAN passes the authentication, the other users on the LAN can access IP Network without authentication.
Network Topology
Figure 13-6 Networking of configuring the Portbased authentication of the L2 Portal authentication
Configuration Steps
Step 1: Configure the VLAN and port link type on Device.
#Create VLAN129 on Device.
|
Device#configure terminal
Device(config)#vlan 129
Device(config)#exit
|
#Configure the link type of port gigabitethernet0/2 as Access, permitting the services of VLAN129 to pass.
|
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#switchport mode access
Device(config-if-gigabitethernet0/2)#switchport access vlan 129
Device(config-if-gigabitethernet0/2)#exit
|
#Configure the port link type on gigabitethernet 0/3-gigabitethernet 0/5 of Device as Access, permitting the services of VLAN129 to pass (omitted).
Step 2: Configure the interface IP address of Device.
#Configure the IP address of VLAN129 as 129.255.43.10/24.
|
Device(config)#interface vlan 129
Device(config-if-vlan129)#ip address 129.255.43.10 255.255.255.0
Device(config-if-vlan129)#exit
|
Step 3: Configure the AAA authentication.
#On Device, enable the AAA authentication, adopt the RADIUS authentication mode, the RADIUS server address is 129.255.43.90/24, the key value is admin, and the priority is 1.
|
Device#configure terminal
Device(config)#aaa new-model
Device(config)#aaa authentication connection default radius
Device(config)#radius-server host 129.255.43.90 priority 1 key admin
|
Step 4: Configure the AAA server.
#Configure the user name, password and key value as admin on the AAA server (omitted).
Step 5: Configure the L2 Portal authentication.
#On Device, configure the Portal server named server1.
|
Device(config)# portal server server1 ip 129.255.43.99 key admin url http://129.255.43.99:8080/portal
|
#On Device, enable L2 portal authentication, and the authentication mode is Portased.
|
Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#portal server server1 method layer2
Device(config-if-gigabitethernet0/2)#authentication port-method portbased
Device(config-if-gigabitethernet0/2)#exit
|
Step 6: Configure the Portal server.
#On the Portal server, configure the IP address, Device address and key of PC1 as admin (omitted).
Step 7: Check the result.
#Before passing the authentication, both PC1 and PC2 can only access Portal Server. #PC1 can pass the authentication. Both PC1 and PC2 can access IP Network.
Device#show portal user
------------------------------------
NO 1 : IP_ADDRESS= 129.255.43.1 STATUS= Authorized USER_NAME= admin
INTERFACE= gi0/2 CTRL_METHOD= L2_MAC AUTH_STATE= AUTHENTICATED
BACK_STATE= AAA_SM_IDLE VLAN= 129 MAC_ADDRESS= 00E0.4C47.01DB
Total: 1 Authorized: 1 Unauthorized/Guest/Critical: 0/0/0
Switch
.png){kind=icon}
.png){kind=logo}
