4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR2003 AC Router

331

332

333

334

335

336

337

338

339

340

322

# Configure domain dm1 as the default ISP domain. If a user enters the username without the ISP

domain name at login, the authentication and accounting methods of the default domain are used

for the user.

[Router] domain default enable dm1

3. Configure ACL 3000 for resources on subnet 192.168.0.0/24 and ACL 3001 for Internet

resources:

[Router] acl number 3000

[Router-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255

[Router-acl-adv-3000] rule deny ip

[Router-acl-adv-3000] quit

[Router] acl number 3001

[Router-acl-adv-3001] rule permit ip

[Router-acl-adv-3001] quit

4. Configure portal authentication:

# Configure a portal authentication server.

[Router] portal server newpt

[Router-portal-server-newpt] ip 192.168.0.111 key simple portal

[Router-portal-server-newpt] port 50100

[Router-portal-server-newpt] quit

# Configure a portal Web server.

[Router] portal web-server newpt

[Router-portal-websvr-newpt] url http://192.168.0.111:8080/portal

[Router-portal-websvr-newpt] quit

# Enable direct portal authentication on interface Ethernet 1/2.

[Router] interface ethernet 1/2

[Router–Ethernet1/2] portal enable method direct

# Reference the portal Web server newpt on interface Ethernet 1/2.

[Router–Ethernet1/2] portal apply web-server newpt

# Configure the BAS-IP as 2.2.2.1 for portal packets sent from Ethernet 1/2 to the portal

authentication server.

[Router–Ethernet1/2] portal bas-ip 2.2.2.1

[Router–Ethernet1/2] quit

Configuring extended re-DHCP portal authentication

Network requirements

As shown in Figure 97, the host is directly connected to the router (the access device). The host obtains

an IP address through the DHCP server. A portal server serves as both a portal authentication server and

a portal Web server. A RADIUS server serves as the authentication/accounting server.

Configure extended re-DHCP portal authentication. Before passing portal authentication, the host is

assigned a private IP address. After passing portal identity authentication, the host obtains a public IP

address and accepts security check. If the host fails the security check, it can access only subnet

192.168.0.0/24. After passing the security check, the host can access Internet resources.