R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router

171

172

173

174

175

176

177

178

179

180

165

5. Configure portal stateful failover:

# Assign interface GigabitEthernet0/0/1 to portal group 1.

[RouterA–GigabitEthernet0/0/1] portal backup-group 1

[RouterA–GigabitEthernet0/0/1] quit

# Set the device ID for Router A in stateful failover mode to 1.

[RouterA] nas device-id 1

# Specify the source IP address of outgoing RADIUS packets as 192.168.0.1, the virtual IP

address of VRRP group 2.

[RouterA] radius nas-ip 192.168.0.1

Make sure you have added the access device with IP address 192.168.0.1 on the RADIUS server.

6. Configure the stateful failover function:

# Configure the stateful failover interface as GigabitEthernet0/0/3.

[RouterA] dhbk interface gigabitethernet 0/0/3

# Enable stateful failover and configure it to support the symmetric path.

[RouterA] dhbk enable backup-type symmetric-path

Configuring Router B

1. Configure VRRP:

# Create VRRP group 1, and configure the virtual IP address of the VRRP group 1 as 9.9.1.1.

<RouterB> system-view

[RouterB] interface gigabitethernet 0/0/1

[RouterB–GigabitEthernet0/0/1] vrrp vrid 1 virtual-ip 9.9.1.1

# Set the priority of GigabitEthernet0/0/1 in VRRP group 1 to 150.

[RouterB–GigabitEthernet0/0/1] vrrp vrid 1 priority 150

[RouterB–GigabitEthernet0/0/1] quit

# Create VRRP group 2, and configure the virtual IP address of the VRRP group 2 as 192.168.0.1.

[RouterB] interface gigabitethernet 0/0/2

[RouterB–GigabitEthernet0/0/2] vrrp vrid 2 virtual-ip 192.168.0.1

# Set the priority of GigabitEthernet0/0/2 in VRRP group 2 to 150.

[RouterB–GigabitEthernet0/0/2] vrrp vrid 2 priority 150

[RouterB–GigabitEthernet0/0/2] quit

2. Configure a RADIUS scheme:

# Create RADIUS scheme rs1 and enter its view.

[RouterB] radius scheme rs1

# Configure the server type for the RADIUS scheme. When using the IMC server, configure the

RADIUS server type as extended.

[RouterB-radius-rs1] server-type extended

# Specify the primary authentication/authorization server, and configure the keys for

communication with the servers.

[RouterB-radius-rs1] primary authentication 192.168.0.111

[RouterB-radius-rs1] key authentication simple expert

# Configure the access device to not carry the ISP domain name in the username sent to the

RADIUS server. (Optional, configure the username format as needed.)

[RouterB-radius-rs1] user-name-format without-domain

[RouterB-radius-rs1] quit