R2511-HP MSR Router Series Security Configuration Guide(V5)
327
{ Name: newpt
{ IP address: 192.168.0.111
{ Key: portal, in plain text
{ Port number: 50100
{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal
[Router] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Enable extended portal authentication on the interface connecting the host.
[Router] interface ethernet 1/2
[Router–Ethernet1/2] portal server newpt method direct
[Router–Ethernet1/2] quit
Configuring re-DHCP portal authentication with extended
functions
Network requirements
As shown in Figure 101, the host obtains an IP address from the DHCP server.
Configure the router to perform extended re-DHCP portal authentication for users on the host. Before a
user passes portal authentication, the DHCP server assigns a private IP address to the host. After the user
passes portal authentication, the DHCP server assigns a public IP address to the host. If a user fails
security check after passing identity authentication, the user can access only subnet 192.168.0.0/24.
After passing security check, the user can access Internet resources.
A RADIUS server serves as the authentication/authorization server.
Figure 101 Network diagram
Configuration prerequisites and guidelines
• Configure IP addresses for the router and servers as shown in Figure 101 and make sure the host,
router, and servers can reach each other.
• Configure the RADIUS server correctly to provide authentication and authorization functions for
users.
192.168.0.111/24
192.168.0.114/24
192.168.0.112/24
Router
Host
automatically obtains
an IP address
Eth1/2
20.20.20.1/24
10.0.0.1/24 sub
Eth1/1
192.168.0.100/24
Portal server
Security policy server
DHCP server
192.168.0.113/24
RADIUS server