R3303-HP HSR6800 Routers Security Configuration Guide
150
[RouterA–GigabitEthernet3/0/2] quit
On Router B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown.)
Configuring direct portal authentication with extended
functions
Network requirements
As shown in Figure 58, the host is assigned with a public network IP address either manually or through
DHCP.
Configure the router to perform extended direct portal authentication for users on the host. If a user fails
security check after passing identity authentication, the user can access only subnet 192.168.0.0/24.
After the user passes security check, the user can access Internet resources.
A RADIUS server serves as the authentication/authorization server.
Figure 58 Network diagram
Configuration prerequisites
• Configure IP addresses for the host, router, and servers as shown in Figure 58 and make sure they
can reach each other before extended portal is enabled.
• Configure the RADIUS server properly to provide authentication and authorization functions for
users.
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Router> system-view
[Router] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[Router-radius-rs1] server-type extended
# Specify the primary authentication/authorization server, and configure the keys for
communication with the servers.