R0106-HP MSR Router Series Security Configuration Guide(V7)
116
• The portal authentication server, portal Web server, and RADIUS server have been installed and
configured correctly.
• To use the re-DHCP portal authentication mode, make sure the DHCP relay agent is enabled on the
access device, and the DHCP server is installed and configured correctly.
• The portal client, access device, and servers can reach each other.
• To use the remote RADIUS server, configure usernames and passwords on the RADIUS server, and
configure the RADIUS client on the access device. For information about RADIUS client
configuration, see "Configuring AAA."
• To implement extended portal functions, install and configure IMC EAD. Make sure the ACLs
configured on the access device correspond to the isolation ACL and the security ACL on the
security policy server. For information about security policy server configuration on the access
device, see "Configuring AAA." For installation and configuration about the security policy server,
see IMC EAD Security Policy Help.
Configuring a portal authentication server
Perform this task to configure the following portal authentication server parameters:
• IP address of the portal authentication server
• VPN instance of the portal authentication server
• Shared encryption key used between the device and the portal authentication server
• UDP port used by the device to send unsolicited portal packets to the portal authentication server
The device supports multiple portal authentication servers.
Do not delete a portal authentication server in use. Otherwise, online users on the device cannot log out
normally.
To configure a portal authentication server:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create a portal
authentication server, and
enter its view.
portal server server-name
By default, no portal
authentication server is created.
3. Specify the IP address of the
portal authentication server.
• To specify an IPv4 portal server:
ip ipv4-address [ vpn-instance
vpn-instance-name] [ key { cipher |
simple } key-string ]
• To specify an IPv6 portal server:
ipv6 ipv6-address [ vpn-instance
vpn-instance-name] [ key { cipher |
simple } key-string ]
Specify an IPv4 portal
authentication server, an IPv6
authentication portal server, or
both.
By default, no portal
authentication server is
specified.
4. (Optional.) Configure the
UDP port used by the
device to send unsolicited
portal packets to the portal
authentication server.
port port-id
By default, the UDP port number
is 50100.
This port number must be the
same as the listening port
number specified on the portal
authentication server.