1-24Configuring Re-DHCP Portal Authentication with Extended FunctionsNetwork requirementsz The host is directly connected to the switch and the switch is configured for re-DHCPauthentication. The host is assigned with an IP address through the DHCP server. Before portalauthentication, the host uses an assigned private IP address. After passing portal authentication, itcan get a public IP address.z When users using the host have passed identity authentication but have not passed securityauthentication, they can access only subnet 192.168.0.0/24. After passing the securityauthentication, they can access unrestricted Internet resources.z A RADIUS server serves as the authentication/accounting server.Figure 1-13 Configure re-DHCP portal authentication with extended functionsConfiguration procedurez For re-DHCP authentication, you need to configure a public address pool (20.20.20.0/24, in thisexample) and a private address pool (10.0.0.0/24, in this example) on the DHCP server. Theconfiguration steps are omitted. For DHCP configuration information, refer to DHCP Configurationin the IP Services Volume.z For re-DHCP authentication, the switch must be configured as a DHCP relay agent (instead of aDHCP server) and the portal-enabled interface must be configured with a primary IP address (apublic IP address) and a secondary IP address (a private IP address).z You need to configure IP addresses for the devices as shown in Figure 1-13 and ensure that routesare available between devices.z Perform configurations on the RADIUS server to ensure that the user authentication andaccounting functions can work normally.Configure the switch: