1812]

This should be set to the IP address or host name of the secondary AAA server.
If there is only one AAA server this should be set to the same value as the
primary IP.
Secondary IP [sesm-webserver] 192.168.4.10

This should be set to the port number of the secondary AAA server. If there is
only one AAA server this should have the same value as the Primary Port.
Secondary Port [1812]

This should be set to the shared secret. This has to be the same on both
servers.
Shared Secret [cisco]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Please enter the service and group passwords

This should be set to the password needed to access service attributes using
Radius
Service Password [servicecisco]

This should be set to the password needed to access service group attributes
using Radius
Service Group Password [groupcisco]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Captive Portal Server Configuration

This should be the IP address or hostname of this server.
Captive Portal Host [sesm-webserver] 192.168.3.10

This is the number of the first port on which the captive portal web server
will listen. There will be several listeners for the different types of
redirection.
Captive Portal Port Number [8090]

The message portal server provides welcome or advertising pages. A message
portal is required for initial or advertising captivation.
Install Message Portal [True]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Message Portal Server Configuration

This should be the port number on which the message portal web server will
listen.
Message Portal Port Number [8085]

If this is checked, then the subscriber is redirected to the originally
requested URL after having been presented the message page.
Redirect After Message Page [True]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


The Main Web Server Configuration.

This should be the hostname or address of the server for a SESM web application
such as NWSP. This is required in conjunction with the captive portal
application to provide the content pages after the redirection for
unauthenticated users, unconnected services and error handling.
Host [192.168.3.10]

This should be the port number of the server for the SESM web application such
as NWSP.
Port [8080]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Unauthenticated User Redirection

Unauthenticated user redirection redirects the subscriber to the login page of
the SESM web application such as NWSP.
Enable User Redirection [True]

Requests on this port are redirected to the URL for the unauthenticated user
redirect.
Port In [8090]

Hostname used in URL for the user redirect. This is typically that of the
server for the SESM web application such as NWSP.
URL Out: Host [192.168.3.10]

Port used in URL for the user redirect. This is typically that of the server
for the SESM web application such as NWSP.
URL Out: Port [8080]

URI used in URL for the user redirect. This is typically relevant to the SESM
web application such as NWSP.
URL Out: URI [/home]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Initial Captivation

The initial captivation feature provides a welcome message page to the user.
Enable Initial Captivation [True]

Requests on this port are redirected to the URL for initial captivation.
Port In [8091]

Hostname used in URL for initial captivation. This is typically that of the
message portal.
URL Out: Host [192.168.3.10]

Port used in URL for initial captivation. This is typically that of the message
portal.
URL Out: Port [8085]

URI used in URL for initial captivation. This is typically relevant to the
message portal.
URL Out: URI [/initial]

The duration in seconds that the welcome message should be displayed.
Duration [15] 10

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Advertising Captivation

Advertising captivation provides an advertisement page to the user at regular
intervals.
Enable Advertising Captivation [True]

Requests on this port are redirected to the URL for advertising captivation.
Port In [8092]

Hostname used in URL for advertising captivation. This is typically that of the
message portal.
URL Out: Host [192.168.3.10]

Port used in URL for advertising captivation. This is typically that of the
message portal.
URL Out: Port [8085]

URI used in URL for advertising captivation. This is typically relevant to the
message portal.
URL Out: URI [/advertising]

The duration in seconds that the advertisement should be displayed.
Duration [10]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Unconnected Service Redirection

Unconnected service redirection takes a subscriber to eg NWSP if they attempt
getting to an as yet unconnected service.
Enable Service Redirect [True]

Requests on this port are for the default service redirect. This happens when
an attempt to connect to a service whose address does not belong to the
destination network of any of the specific service redirects.
Default Service Redirect Port In [8093]

Requests on this port are for a specific service redirect. If there is no such
service redirect set up at the PoE, then the presence of this listener is not a
problem. Complete configuration flexibility is available if required.
First Service Redirect Port In [8094]

Requests on this port are for a specific service redirect.
Second Service Redirect Port In [8095]

Requests on this port are for a specific service redirect.
Third Service Redirect In [8096]

This URL is used for all service redirects. Individual URLs can be assigned for
specific service redirects in the configuration files, if necessary. The host &
port in this URL are typically those for NWSP.
URL Out []

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Details for Unconnected Service Redirection

If this is checked, then specific service names as given below are passed to eg
NWSP. This assumes that only one service is associated with each service
redirection. This service name is used by NWSP to attempt to connect to the
service. Having this box not checked is equivalent to having empty fields
below. In this case NWSP will instead display a general information page, such
as the status page.
Pass Service Names [True]

When the request is redirected to eg NWSP, this service name will be passed as
well.
First Service Redirect Service Name [service1] internet

When the request is redirected to eg NWSP, this service name is passed as well.
Second Service Redirect Service Name [service2]

When the request is redirected to eg NWSP, this service name is passed as well.
Third Service Redirect Service Name [service3]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------


Application Management Web Server Configuration

This should be the port number on which the Application Management web server
will listen
Application Management Port Number [8082]

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]

-------------------------------------------------------------------------------
Cisco SESM 3.2(2) will be installed in the following location:

C:Program Filesciscosesm_3.2.2

with the following features:

Web Applications
Application Management
Jetty
Captive Portal
Tools

for a total size:

98.3 MB

Press 1 for Next, 2 for Previous, 3 to Cancel or 4 to Redisplay [1]
***************************************************************

Merit 3.6B配置：
/usr/local/merit/raddb/lients的配置：
# RCSID: $Id: clients,v 1.1.1.1 1998/05/12 19:37:11 web Exp $
# Next entries for SESM
221.11.128.250 cisco type=RAD_RFC+ACCT_RFC

# Next entries Cisco NAS SSG (7401)
221.11.129.38 cisco type=Cisco:NAS

/usr/local/merit/raddb/users的配置：
###### SSG user profiles

cisco Password = "cisco"
Account-Info = "Ninternet"
#****************************************#
test Password = "test"
Account-Info = "Ninternet",
Account-Info = "H"


###### SSG service profiles

# SSG Internet Service profile.
internet Password = "servicecisco", Service-Type = Outbound
Service-Info = "Iinternet",
Service-Info = "R0.0.0.0;0.0.0.0",
Service-Info = "MC",
Service-Info = "TP"
********************************************************

附：SESM安装记录是将终端捕捉下来的文本，当然去掉了部分不必的文字。
如果你有过一次安装经验，就清楚是什么的了。
这个记录主要是说明SESM安装为RADIUS模式需要安装哪些模块，安装时配置哪些内容。
当然，安装好后也可以在相应的配置文档中修改。
详细全套官方SESM3.20文档见这里：