Manualshelf

R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router
171172173174175176177178179180
158
[Router–GigabitEthernet3/0/2] quit
Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in Figure 61, configure Router A to perform extended cross-subnet portal authentication for
users on the host. If a user fails security check after passing identity authentication, the user can access
only subnet 192.168.0.0/24. After passing the security check, the user can access Internet resources.
A RADIUS server serves as the authentication/authorization server.
Figure 61 Network diagram
Configuration prerequisites and guidelines
Configure IP addresses for the host, routers, and servers as shown in Figure 61 and make sure that
routes are available between devices.
Configure the RADIUS server properly to provide authentication and authorization functions for
users.
Make sure the IP address of the portal device added on the portal server is the IP address of the
interface connecting users (20.20.20.1 in this example), and the IP address group associated with
the portal device is the network segment where the users reside (8.8.8.0/24 in this example).
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<RouterA> system-view
[RouterA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[RouterA-radius-rs1] server-type extended
# Specify the primary authentication/authorization server, and configure the keys for
communication with the servers.
[RouterA-radius-rs1] primary authentication 192.168.0.112