R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

341

342

343

344

345

346

347

348

349

350

331

# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username

without any ISP domain at logon, the authentication/authorization methods of the default domain

are used for the user.

[RouterA] domain default enable dm1

3. Configure ACL 3000 for resources on subnet 192.168.0.0/24 and ACL 3001 for Internet

resources:

[RouterA] acl number 3000

[RouterA-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255

[RouterA-acl-adv-3000] rule deny ip

[RouterA-acl-adv-3000] quit

[RouterA] acl number 3001

[RouterA-acl-adv-3001] rule permit ip

[RouterA-acl-adv-3001] quit

Make sure you specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL on the

security policy server.

4. Configure extended portal authentication:

# Configure the portal server as follows:

{ Name: newpt

{ IP address: 192.168.0.111

{ Key: portal, in plain text

{ Port number: 50100

{ U R L : h t t p : / / 19 2.16 8 . 0 .111:8080/portal

[RouterA] portal server newpt ip 192.168.0.111 key simple portal port 50100 url

http://192.168.0.111:8080/portal

# Enable portal authentication on the interface connecting Router B.

[RouterA] interface ethernet 1/2

[RouterA–Ethernet1/2] portal server newpt method layer3

[RouterA–Ethernet1/2] quit

On Router B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.

(Details not shown.)

Configuring portal server detection and portal user information

synchronization

Network requirements

As shown in Figure 103, a host is directly connected to a router (the access device) and must pass portal

authentication before it can access the Internet. A RADIUS server serves as the

authentication/authorization server.

Detailed requirements are as follows:

• The host is assigned with a public network IP address either manually or through DHCP. Before

passing portal authentication, the host can access only the portal server. After passing portal

authentication, the host can access the Internet.

• The access device (Router) can detect whether the portal server is reachable and send trap

messages upon state changes. When the portal server is unreachable due to, for example, a