R3303-HP 6600/HSR6600 Routers Security Configuration Guide
131
• With re-DHCP authentication, the IP address check function of the DHCP relay agent is enabled on
the access device, and the DHCP server is installed and configured properly.
• The portal client, access device, and servers can reach each other.
• With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS
server, and the RADIUS client configurations are performed on the access device. For information
about RADIUS client configuration, see "Configuring AAA."
• To implement extended portal functions, install and configure IMC EAD, and make sure that the
ACLs configured on the access device correspond to those specified for the resources in the
quarantined area and for the restricted resources on the security policy server. For information
about security policy server configuration on the access device, see "Configuring AAA."
For installation and configuration about the security policy server, see IMC EAD Security Policy Help.
The ACL for resources in the quarantined area and that for restricted resources correspond to isolation
ACL and security ACL on the security policy server respectively.
You can modify the authorized ACLs on the access device. However, your changes take effect only on
portal users logging on after the modification.
Specifying a portal server for Layer 3 portal
authentication
Perform this task to specify portal server parameters for Layer 3 portal authentication, including the portal
server IP address, shared encryption key, server port, and the URL address for Web authentication.
Follow these guidelines when you specify a portal server for Layer 3 authentication:
• The specified parameters of a portal server can be modified or deleted only if the portal server is
not referenced on any interface.
• To make sure the device can send packets to the portal server in an MPLS VPN, specify the VPN
instance to which the portal server belongs when specifying the portal server on the device.
To specify a portal server for Layer 3 authentication:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify a portal server and
configure related parameters.
portal server server-name ip
ip-address [ key [ cipher | simple ]
key-string | port port-id |
server-type { cmcc | imc } | url
url-string | vpn-instance
vpn-instance-name ] *
By default, no portal server is
specified.
Enabling Layer 3 portal authentication
You must first enable portal authentication on an access interface before it can perform portal
authentication for connected clients.