R0106-HP MSR Router Series Security Configuration Guide(V7)
133
[Router-isp-dm1] authentication portal radius-scheme rs1
[Router-isp-dm1] authorization portal radius-scheme rs1
[Router-isp-dm1] accounting portal radius-scheme rs1
[Router-isp-dm1] quit
# Configure domain dm1 as the default ISP domain. If a user enters the username without the ISP
domain name at login, the authentication and accounting methods of the default domain are used
for the user.
[Router] domain default enable dm1
3. Configure portal authentication:
# Configure a portal authentication server.
[Router] portal server newpt
[Router-portal-server-newpt] ip 192.168.0.111 key simple portal
[Router-portal-server-newpt] port 50100
[Router-portal-server-newpt] quit
# Configure a portal Web server.
[Router] portal web-server newpt
[Router-portal-websvr-newpt] url http://192.168.0.111:8080/portal
[Router-portal-websvr-newpt] quit
# Enable direct portal authentication on interface GigabitEthernet 2/1/2.
[Router] interface gigabitethernet 2/1/2
[Router–GigabitEthernet2/1/2] portal enable method direct
# Reference the portal Web server newpt on interface GigabitEthernet 2/1/2.
[Router–GigabitEthernet2/1/2] portal apply web-server newpt
# Configure the BAS-IP as 2.2.2.1 for portal packets sent from GigabitEthernet 2/1/2 to the portal
authentication server.
[Router–GigabitEthernet2/1/2] portal bas-ip 2.2.2.1
[Router–GigabitEthernet2/1/2] quit
Verifying the configuration
# Verify that the portal configuration has taken effect.
[Router] display portal interface gigabitethernet 2/1/2
Portal information of GigabitEthernet 2/1/2
IPv4:
Portal status: Enabled
Authentication type: Direct
Portal Web server: newpt
Authentication domain: Not configured
BAS-IP: 2.2.2.1
User Detection: Not configured
Action for server detection:
Server type Server name Action
-- -- --
Layer3 source network:
IP address Mask
Destination authenticate subnet:
IP address Mask