Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
161162163164165166167168169170
150
[RouterA–GigabitEthernet3/0/2] quit
On Router B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown.)
Configuring direct portal authentication with extended
functions
Network requirements
As shown in Figure 58, the host is assigned with a public network IP address either manually or through
DHCP.
Configure the router to perform extended direct portal authentication for users on the host. If a user fails
security check after passing identity authentication, the user can access only subnet 192.168.0.0/24.
After the user passes security check, the user can access Internet resources.
A RADIUS server serves as the authentication/authorization server.
Figure 58 Network diagram
Configuration prerequisites
Configure IP addresses for the host, router, and servers as shown in Figure 58 and make sure they
can reach each other before extended portal is enabled.
Configure the RADIUS server properly to provide authentication and authorization functions for
users.
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Router> system-view
[Router] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[Router-radius-rs1] server-type extended
# Specify the primary authentication/authorization server, and configure the keys for
communication with the servers.