R3303-HP HSR6800 Routers Security Configuration Guide

154

{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal

[Router] portal server newpt ip 192.168.0.111 key simple portal port 50100 url

http://192.168.0.111:8080/portal

# Configure the router as a DHCP relay agent, and enable the IP address check function.

[Router] dhcp enable

[Router] dhcp relay server-group 0 ip 192.168.0.112

[Router] interface gigabitethernet 3/0/2

[Router–GigabitEthernet3/0/2] ip address 20.20.20.1 255.255.255.0

[Router–GigabitEthernet3/0/2] ip address 10.0.0.1 255.255.255.0 sub

[Router-GigabitEthernet3/0/2] dhcp select relay

[Router-GigabitEthernet3/0/2] dhcp relay server-select 0

[Router-GigabitEthernet3/0/2] dhcp relay address-check enable

# Enable portal authentication on the interface connecting the host.

[Router–GigabitEthernet3/0/2] portal server newpt method redhcp

[Router–GigabitEthernet3/0/2] quit

Configuring cross-subnet portal authentication with extended

functions

Network requirements

As shown in Figure 60, configure Router A to perform extended cross-subnet portal authentication for

users on the host. If a user fails security check after passing identity authentication, the user can access

only subnet 192.168.0.0/24. After passing the security check, the user can access Internet resources.

A RADIUS server serves as the authentication/authorization server.

Figure 60 Network diagram

Configuration prerequisites and guidelines

• Configure IP addresses for the host, routers, and servers as shown in Figure 60 and make sure that

routes are available between devices.

• Configure the RADIUS server properly to provide authentication and authorization functions for

users.