R2511-HP MSR Router Series Security Configuration Guide(V5)
70
RADIUS authentication/authorization portal users
Network requirements
As shown in Figure 21, the host automatically obtains a public network IP address through DHCP.
Configure the router to:
• Use the RADIUS server for authentication/authorization of portal users.
• Provide direct portal authentication so that the host can access only the portal server before passing
portal authentication and can access the Internet after passing portal authentication.
• Include the domain name in a username sent to the RADIUS server.
On the RADIUS server, add a service that charges 120 dollars for up to 120 hours per month, and
configure a user and register the service for the user.
Set the shared keys for secure RADIUS communication to expert. Set the ports for
authentication/authorization to 1812.
Figure 21 Network diagram
Configuration prerequisites
Configure IP addresses for the devices as shown in Figure 21 and make sure that devices can reach each
other. (Details not shown.)
Configuring the RADIUS server
In this section, the RADIUS server runs on IMC PLAT 5.1 SP1 (E0202P05) and IMC UAM 5.1 (E0301),.
1. Add the router to the IMC Platform as an access device:
a. Click the Service tab.
b. From the navigation tree, select User Access Manager > Access Device Management > Access
Device.
c. Click Add to configure an access device as follows:
− Set the shared key for secure authentication communication to expert.
− Set the ports for authentication to 1812.
− Select the service type LAN Access Service.
− Select the access device type HP(General).
− Select the access device from the device list or manually add the device with the IP address
10.1.1.2.