Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
171172173174175176177178179180
161
1)newpt:
IP : 192.168.0.111
Key : ******
Port : 50100
URL : http://192.168.0.111:8080/portal
Status : Up
The Up state of the portal server indicates that the portal server is reachable. If the access device detects
that the portal server is unreachable, you can see the portal server status is Down in the output, and the
access device generates a server unreachable trap "portal server newpt lost" and disables portal
authentication on the access interface, so the client can access the external network without
authentication.
Cross-subnet portal authentication across VPNs
Network requirements
As shown in Figure 67, Router A, as the PE device connecting the user side, needs to provide cross-subnet
portal authentication for hosts in VPN 1. The RADIUS server/portal server is in VPN 3.
Figure 67 Network diagram
Configuration prerequisites
Before enabling portal authentication, be sure to configure the MPLS L3VPN capabilities properly
and specify VPN targets for VPN 1 and VPN 3 so that VPN 1 and VPN 3 can communicate with
each other. This example gives only the access authentication configuration on the user-side PE. For
information about MPLS L3VPN, see MPLS Configuration Guide.
Configure the RADIUS server properly to provide normal authentication/authorization functions for
users.
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<RouterA> system-view
[RouterA] radius scheme rs1
# Configure the RADIUS scheme belong to VPN instance vpn3, the MPLS L3VPN instance bound
to the interface connected to the portal/RADIUS server.
[RouterA-radius-rs1] vpn-instance vpn3
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[RouterA-radius-rs1] server-type extended