R2511-HP MSR Router Series Security Configuration Guide(V5)
vii
Configuration procedure ············································································································································· 284
RSH configuration example ········································································································································ 284
Configuring portal authentication ·························································································································· 287
Overview ······································································································································································· 287
Extended portal functions ··································································································································· 287
Portal system components ··································································································································· 287
Portal system using the local portal server ········································································································ 289
Portal authentication modes ······························································································································· 290
Portal support for EAP ········································································································································· 291
Layer 2 portal authentication process ··············································································································· 291
Layer 3 portal authentication process ··············································································································· 292
Portal authentication across VPNs ····················································································································· 296
Portal configuration task list ········································································································································ 296
Configuration prerequisites ········································································································································· 297
Specifying the portal server ········································································································································ 298
Specifying the local portal server for Layer 2 portal authentication ······························································ 298
Specifying a portal server for Layer 3 portal authentication ·········································································· 299
Configuring the local portal server ···························································································································· 299
Customizing authentication pages ···················································································································· 300
Configuring the local portal server ···················································································································· 303
Enabling portal authentication ···································································································································· 304
Enabling Layer 2 portal authentication ············································································································· 304
Enabling Layer 3 portal authentication ············································································································· 304
Controlling access of portal users ······························································································································ 305
Configuring a portal-free rule····························································································································· 305
Configuring an authentication source subnet ··································································································· 306
Configuring an authentication destination subnet ··························································································· 306
Setting the maximum number of online portal users ························································································ 307
Specifying an authentication domain for portal users ····················································································· 307
Configuring Layer 2 portal authentication to support Web proxy ································································· 308
Enabling support for portal user moving ·········································································································· 308
Configuring RADIUS related attributes ······················································································································ 309
Specifying NAS-Port-Type for an interface ······································································································· 309
Specifying the NAS-Port-ID for an interface ····································································································· 310
Specifying a NAS ID profile for an interface ··································································································· 310
Specifying a source IP address for outgoing portal packets ··················································································· 311
Specifying an autoredirection URL for authenticated portal users ·········································································· 311
Configuring portal detection functions ······················································································································· 312
Configuring online Layer 2 portal user detection ···························································································· 312
Configuring online Layer 3 portal user detection ···························································································· 312
Configuring the portal server detection function ······························································································ 313
Configuring portal user information synchronization ······················································································ 314
Logging off portal users ··············································································································································· 315
Configuring mandatory Web page pushing ············································································································ 315
Displaying and maintaining portal ···························································································································· 316
Portal configuration examples ···································································································································· 317
Configuring direct portal authentication ··········································································································· 317
Configuring re-DHCP portal authentication ······································································································ 321
Configuring cross-subnet portal authentication ································································································ 323
Configuring direct portal authentication with extended functions·································································· 325
Configuring re-DHCP portal authentication with extended functions ···························································· 327
Configuring cross-subnet portal authentication with extended functions ······················································· 329
Configuring portal server detection and portal user information synchronization ······································· 331
Cross-subnet portal authentication across VPNs ······························································································ 336