4000 Router Series Security Configuration Guide

325

[Router-portal-server-newpt] ip 192.168.0.111 key simple portal

[Router-portal-server-newpt] port 50100

[Router-portal-server-newpt] quit

# Configure a portal Web server.

[Router] portal web-server newpt

[Router-portal-websvr-newpt] url http://192.168.0.111:8080/portal

[Router-portal-websvr-newpt] quit

# Enable re-DHCP portal authentication on interface Ethernet 1/2.

[Router] interface ethernet 1/2

[Router-Ethernet1/2] portal enable method redhcp

# Reference the portal Web server newpt on interface Ethernet 1/2.

[Router–Ethernet1/2] portal apply web-server newpt

# Configure the BAS-IP as 20.20.20.1 for portal packets sent from Ethernet 1/2 to the portal

authentication server.

[Router–Ethernet1/2] portal bas-ip 20.20.20.1

[Router–Ethernet1/2] quit

Configuring extended cross-subnet portal authentication

Network requirements

As shown in Figure 98, Router A supports portal authentication. The host accesses Router A through

Router B. A portal server serves as both a portal authentication server and a portal Web server. A

RADIUS server serves as the authentication/accounting server.

Configure Router A for extended cross-subnet portal authentication. Before passing portal authentication,

the host can access only the portal server. After passing portal identity authentication, the host accepts

security check. If the host fails the security check it can access only the subnet 192.168.0.0/24. After

passing the security check, the host can access Internet resources.

Figure 98 Network diagram

Configuration prerequisites and guidelines

• Configure IP addresses for the router and servers as shown in Figure 98 and make sure the host,

router, and servers can reach each other.

• Configure the RADIUS server correctly to provide authentication and accounting functions.