R0106-HP MSR Router Series Security Configuration Guide(V7)
141
portal authentication server and a portal Web server. A RADIUS server serves as the
authentication/accounting server.
Configure extended direct portal authentication. If the host fails security check after passing identity
authentication, it can access only subnet 192.168.0.0/24. After passing security check, the host can
access Internet resources.
Figure 49 Network diagram
Configuration prerequisites
• Configure IP addresses for the host, router, and servers as shown in Figure 49 and make sure they
can reach each other.
• Configure the RADIUS server correctly to provide authentication and accounting functions.
Configuration procedure
Perform the following tasks on the router.
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Router> system-view
[Router] radius scheme rs1
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[Router-radius-rs1] primary authentication 192.168.0.112
[Router-radius-rs1] primary accounting 192.168.0.112
[Router-radius-rs1] key accounting simple radius
[Router-radius-rs1] key authentication simple radius
[Router-radius-rs1] user-name-format without-domain
# Specify the security policy server.
[Router-radius-rs1] security-policy-server 192.168.0.113
[Router-radius-rs1] quit
# Enable RADIUS session control.
[Router] radius session-control enable
2. Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[Router] domain dm1