Manualshelf

R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router
161162163164165166167168169170
151
[Router-radius-rs1] user-name-format without-domain
[Router-radius-rs1] quit
2. Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[Router] domain dm1
# Configure AAA methods for the ISP domain.
[Router-isp-dm1] authentication portal radius-scheme rs1
[Router-isp-dm1] authorization portal radius-scheme rs1
[Router-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username
without any ISP domain at logon, the authentication/authorization methods of the default domain
are used for the user.
[Router] domain default enable dm1
3. Configure portal authentication:
# Configure the portal server as follows:
{ Name: newpt
{ IP address: 192.168.0.111
{ Key: portal, in plain text
{ Port number: 50100
{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal
[Router] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Configure the router as a DHCP relay agent, and enable the IP address check function.
[Router] dhcp enable
[Router] dhcp relay server-group 0 ip 192.168.0.112
[Router] interface gigabitethernet 3/0/2
[Router–GigabitEthernet3/0/2] ip address 20.20.20.1 255.255.255.0
[Router–GigabitEthernet3/0/2] ip address 10.0.0.1 255.255.255.0 sub
[Router-GigabitEthernet3/0/2] dhcp select relay
[Router-GigabitEthernet3/0/2] dhcp relay server-select 0
[Router-GigabitEthernet3/0/2] dhcp relay address-check enable
# Enable re-DHCP portal authentication on the interface connecting the host.
[Router–GigabitEthernet3/0/2] portal server newpt method redhcp
[Router–GigabitEthernet3/0/2] quit
Configuring cross-subnet portal authentication
Network requirements
As shown in Figure 58, configure cross-subnet portal authentication on Router A to authenticate users on
the host. Before a user passes portal authentication, the user can access only the portal server. After the
user passes portal authentication, the user can access Internet resources.
A RADIUS server serves as the authentication/authorization server.