Manualshelf

R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis
161162163164165166167168169170
151
Configuring portal server detection and portal user
synchronization
Network requirements
As shown in Figure 52, the host is directly connected to the router (the access device). The host is
assigned with a public IP address either manually or through DHCP. A portal server serves as both a
portal authentication server and a portal Web server. A RADIUS server serves as the
authentication/accounting server.
Configure direct portal authentication on the router, so the host can access only the portal server before
passing the authentication and access Internet resources after passing the authentication.
Configure the router to do the following:
Detect the reachability state of the portal authentication server.
Send log messages upon state changes.
Disable portal authentication when the authentication server is unreachable.
Synchronize portal user information with the portal server periodically.
Figure 52 Network diagram
Configuration prerequisites and guidelines
Configure IP addresses for the router and servers as shown in Figure 52 and make sure the host,
router, and servers can reach each other.
Configure the RADIUS server correctly to provide authentication and accounting functions.
Configure the portal authentication server. Be sure to enable the server heartbeat function and the
user heartbeat function.
Configure the router (access device) as follows:
{ Configure direct portal authentication on GigabitEthernet 2/1/2, the interface to which the
host is connected.
{ Configure portal authentication server detection, so that the router can detect the reachability of
the portal authentication server by cooperating with the portal server heartbeat function.
{ Configure portal user synchronization, so that the router can synchronize portal user information
with the portal authentication server by cooperating with the portal user heartbeat function.
Configuring the portal authentication server on IMC PLAT 5.0
This example assumes that the portal server runs on IMC PLAT 5.0(E0101) and IMC UAM 5.0(E0101).