Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
151152153154155156157158159160
138
Authorization ACL: None
VPN instance: --
MAC IP VLAN Interface
0015-e9a6-7cfe 20.20.20.2 -- GigabitEthernet2/1/2
Configuring cross-subnet portal authentication
Network requirements
As shown in Figure 48, Router A supports portal authentication. The host accesses Router A through
Router B. A portal server serves as both a portal authentication server and a portal Web server. A
RADIUS server serves as the authentication/accounting server.
Configure Router A for cross-subnet portal authentication. Before passing the authentication, the host can
access only the portal server. After passing the authentication, the user can access Internet resources.
Figure 48 Network diagram
Configuration prerequisites and guidelines
Configure IP addresses for the router and servers as shown in Figure 48 and make sure the host,
router, and servers can reach each other.
Configure the RADIUS server correctly to provide authentication and accounting functions.
Make sure the IP address of the portal device added on the portal authentication server is the IP
address (20.20.20.1) of the router's interface connecting the host. The IP address group associated
with the portal device is the subnet of the host (8.8.8.0/24).
Configuration procedure
Perform the following tasks on Router A.
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<RouterA> system-view
[RouterA] radius scheme rs1
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[RouterA-radius-rs1] primary authentication 192.168.0.112
[RouterA-radius-rs1] primary accounting 192.168.0.112
[RouterA-radius-rs1] key authentication simple radius
[RouterA-radius-rs1] key accounting simple radius