R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router

181

182

183

184

185

186

187

188

189

190

168

3. Configure an authentication domain:

# Create ISP domain dm1 and enter its view.

[RouterB] domain dm1

# Configure AAA methods for the ISP domain.

[RouterB-isp-dm1] authentication portal radius-scheme rs1

[RouterB-isp-dm1] authorization portal radius-scheme rs1

[RouterB-isp-dm1] quit

# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username

without any ISP domain at logon, the authentication/authorization methods of the default domain

are used for the user.

[RouterB] domain default enable dm1

4. Enable portal authentication on the interface connecting the host:

# Configure a portal server on the router, specifying the portal server name as newpt, IP address

as 192.168.0.111, key as plaintext string portal, port number as 50100, and URL as

http://192.168.0.111:8080/portal.

[RouterB] portal server newpt ip 192.168.0.111 key simple portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting the host.

[RouterB] interface gigabitethernet 0/0/1

[RouterB–GigabitEthernet0/0/1] portal server newpt method layer3

# Specify the source IP address of the outgoing portal packets as 9.9.1.1, the virtual IP address of

VRRP group 1.

[RouterB–GigabitEthernet0/0/1] portal nas-ip 9.9.1.1

5. Configure portal stateful failover:

# Assign interface GigabitEthernet0/0/1 to portal group 1.

[RouterB–GigabitEthernet0/0/1] portal backup-group 1

[RouterB–GigabitEthernet0/0/1] quit

# Set the ID of the device in the stateful failover mode to 2.

[RouterB] nas device-id 2

# Configure the source IP address of outgoing RADIUS packets as 192.168.0.1, the virtual IP

address of VRRP group 2.

[RouterB] radius nas-ip 192.168.0.1

Make sure you have added the access device with IP address 192.168.0.1 on the RADIUS server.

6. Configure stateful failover:

# Configure the stateful failover interface as GigabitEthernet0/0/3.

[RouterB] dhbk interface gigabitethernet0/0/3

# Enable stateful failover and configure it to support the symmetric path.

[RouterB] dhbk enable backup-type symmetric-path

Verifying the configuration

# After a user logs in through Router A, display the user authentication information by using the display

portal user command on Router A and Router B, respectively.

[RouterA] display portal user all

Index:3

State:ONLINE

SubState:NONE