R3303-HP HSR6800 Routers Security Configuration Guide
154
{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal
[Router] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Configure the router as a DHCP relay agent, and enable the IP address check function.
[Router] dhcp enable
[Router] dhcp relay server-group 0 ip 192.168.0.112
[Router] interface gigabitethernet 3/0/2
[Router–GigabitEthernet3/0/2] ip address 20.20.20.1 255.255.255.0
[Router–GigabitEthernet3/0/2] ip address 10.0.0.1 255.255.255.0 sub
[Router-GigabitEthernet3/0/2] dhcp select relay
[Router-GigabitEthernet3/0/2] dhcp relay server-select 0
[Router-GigabitEthernet3/0/2] dhcp relay address-check enable
# Enable portal authentication on the interface connecting the host.
[Router–GigabitEthernet3/0/2] portal server newpt method redhcp
[Router–GigabitEthernet3/0/2] quit
Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in Figure 60, configure Router A to perform extended cross-subnet portal authentication for
users on the host. If a user fails security check after passing identity authentication, the user can access
only subnet 192.168.0.0/24. After passing the security check, the user can access Internet resources.
A RADIUS server serves as the authentication/authorization server.
Figure 60 Network diagram
Configuration prerequisites and guidelines
• Configure IP addresses for the host, routers, and servers as shown in Figure 60 and make sure that
routes are available between devices.
• Configure the RADIUS server properly to provide authentication and authorization functions for
users.