R3303-HP HSR6800 Routers Security Configuration Guide

156

{ Key: portal, in plain text

{ Port number: 50100

{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal

[RouterA] portal server newpt ip 192.168.0.111 key simple portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting Router B.

[RouterA] interface gigabitethernet 3/0/2

[RouterA–GigabitEthernet3/0/2] portal server newpt method layer3

[RouterA–GigabitEthernet3/0/2] quit

On Router B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.

(Details not shown.)

Configuring portal server detection and portal user information

synchronization

Network requirements

As shown in Figure 61, a host is directly connected to a router (the access device) and must pass portal

authentication before it can access the Internet. A RADIUS server serves as the

authentication/authorization server.

Detailed requirements are as follows:

• The host is assigned with a public network IP address either manually or through DHCP. Before

passing portal authentication, the host can access only the portal server. After passing portal

authentication, the host can access the Internet.

• The access device (Router) can detect whether the portal server is reachable and send trap

messages upon state changes. When the portal server is unreachable due to, for example, a

connection failure, network device failure, or portal server failure, the access device can disable

portal authentication, allowing users to access the Internet without authentication.

• The access device can synchronize portal user information with the portal server periodically.

Figure 61 Network diagram

Configuration considerations

1. Configure the portal server and enable portal server heartbeat function and the portal user

heartbeat function.

2. Configure the RADIUS server to implement authentication and authorization.