R0106-HP MSR Router Series Security Configuration Guide(V7)
147
IPv6:
Portal status: Disabled
Authentication type: Disabled
Portal Web server: Not configured
Authentication domain: Not configured
BAS-IPv6: Not configured
User detection: Not configured
Action for server detection:
Server type Server name Action
-- -- --
Layer3 source network:
IP address Prefix length
Destination authenticate subnet:
IP address Prefix length
Before passing portal authentication, a user that uses the HP iNode client can access only the
authentication page http://192.168.0.111:8080/portal. All Web requests from the user will be redirected
to the authentication page.
• The user can access the resources permitted by ACL 3000 after passing only identity
authentication.
• The user can access Internet resources permitted by ACL 3001 after passing both identity
authentication and security check.
# After the user passes identity authentication and security check, use the following command to display
information about the portal user.
[Router] display portal user interface gigabitethernet 2/1/2
Total portal users: 1
Username: abc
Portal server: newpt
State: Online
Authorization ACL: 3001
VPN instance: --
MAC IP VLAN Interface
0015-e9a6-7cfe 20.20.20.2 -- GigabitEthernet2/1/2
Configuring extended cross-subnet portal authentication
Network requirements
As shown in Figure 51, Router A supports portal authentication. The host accesses Router A through
Router B. A portal server serves as both a portal authentication server and a portal Web server. A
RADIUS server serves as the authentication/accounting server.
Configure Router A for extended cross-subnet portal authentication. Before passing portal authentication,
the host can access only the portal server. After passing portal identity authentication, the host accepts
security check. If the host fails the security check it can access only the subnet 192.168.0.0/24. After
passing the security check, the host can access Internet resources.