R3303-HP HSR6800 Routers Security Configuration Guide

148

# Configure the portal server as follows:

{ Name: newpt

{ IP address: 192.168.0.111

{ Key: portal, in plain text

{ Port number: 50100

{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal

[Router] portal server newpt ip 192.168.0.111 key simple portal port 50100 url

http://192.168.0.111:8080/portal

# Configure the router as a DHCP relay agent, and enable the IP address check function.

[Router] dhcp enable

[Router] dhcp relay server-group 0 ip 192.168.0.112

[Router] interface gigabitethernet 3/0/2

[Router–GigabitEthernet3/0/2] ip address 20.20.20.1 255.255.255.0

[Router–GigabitEthernet3/0/2] ip address 10.0.0.1 255.255.255.0 sub

[Router-GigabitEthernet3/0/2] dhcp select relay

[Router-GigabitEthernet3/0/2] dhcp relay server-select 0

[Router-GigabitEthernet3/0/2] dhcp relay address-check enable

# Enable re-DHCP portal authentication on the interface connecting the host.

[Router–GigabitEthernet3/0/2] portal server newpt method redhcp

[Router–GigabitEthernet3/0/2] quit

Configuring cross-subnet portal authentication

Network requirements

As shown in Figure 57, configure cross-subnet portal authentication on Router A to authenticate users on

the host. Before a user passes portal authentication, the user can access only the portal server. After the

user passes portal authentication, the user can access Internet resources.

A RADIUS server serves as the authentication/authorization server.

Figure 57 Network diagram

Configuration prerequisites and guidelines

• Configure IP addresses for the host, routers, and servers as shown in Figure 57 and make sure they

can reach each other.