R2511-HP MSR Router Series Security Configuration Guide(V5)

329

[Router-acl-adv-3001] rule permit ip

[Router-acl-adv-3001] quit

Make sure you specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL on the

security policy server.

4. Configure extended portal authentication:

# Configure the portal server as follows:

{ Name: newpt

{ IP address: 192.168.0.111

{ Key: portal, in plain text

{ Port number: 50100

{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal

[Router] portal server newpt ip 192.168.0.111 key simple portal port 50100 url

http://192.168.0.111:8080/portal

# Configure the router as a DHCP relay agent, and enable the IP address check function.

[Router] dhcp enable

[Router] dhcp relay server-group 0 ip 192.168.0.112

[Router] interface ethernet 1/2

[Router–Ethernet1/2] ip address 20.20.20.1 255.255.255.0

[Router–Ethernet1/2] ip address 10.0.0.1 255.255.255.0 sub

[Router-Ethernet1/2] dhcp select relay

[Router-Ethernet1/2] dhcp relay server-select 0

[Router-Ethernet1/2] dhcp relay address-check enable

# Enable portal authentication on the interface connecting the host.

[Router–Ethernet1/2] portal server newpt method redhcp

[Router–Ethernet1/2] quit

Configuring cross-subnet portal authentication with extended

functions

Network requirements

As shown in Figure 102, configure Router A to perform extended cross-subnet portal authentication for

users on the host. If a user fails security check after passing identity authentication, the user can access

only subnet 192.168.0.0/24. After passing the security check, the user can access Internet resources.

A RADIUS server serves as the authentication/authorization server.