R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

161

162

163

164

165

166

167

168

169

170

155

# Exclude the ISP domain name from the username sent to the RADIUS server.

[Router-radius-rs1] user-name-format without-domain

[Router-radius-rs1] quit

# Enable RADIUS session control.

[Router] radius session-control enable

2. Configure an authentication domain:

# Create an ISP domain named dm1 and enter its view.

[Router] domain dm1

# Configure AAA methods for the ISP domain.

[Router-isp-dm1] authentication portal radius-scheme rs1

[Router-isp-dm1] authorization portal radius-scheme rs1

[Router-isp-dm1] accounting portal radius-scheme rs1

[Router-isp-dm1] quit

# Configure domain dm1 as the default ISP domain. If a user enters the username without the ISP

domain name at login, the authentication and accounting methods of the default domain are used

for the user.

[Router] domain default enable dm1

3. Configure portal authentication:

# Configure a portal authentication server.

[Router] portal server newpt

[Router-portal-server-newpt] ip 192.168.0.111 key simple portal

[Router-portal-server-newpt] port 50100

# Configure reachability detection of the portal authentication server: configure the server

detection interval as 40 seconds, and send log messages upon reachability status changes.

[Router-portal-server-newpt] server-detect timeout 40 log

NOTE:

The value of timeout must be greater than or equal to the portal server heartbeat interval.

# Configure portal user synchronization with the portal authentication server, and configure the

synchronization detection interval as 600 seconds.

[Router-portal-server-newpt] user-sync timeout 600

[Router-portal-server-newpt] quit

NOTE:

The value of timeout must be greater than or equal to the portal user heartbeat interval.

# Configure a portal Web server.

[Router] portal web-server newpt

[Router-portal-websvr-newpt] url http://192.168.0.111:8080/portal

[Router-portal-websvr-newpt] quit

# Enable direct portal authentication on interface GigabitEthernet 2/1/2.

[Router] interface gigabitethernet 2/1/2

[Router–GigabitEthernet2/1/2] portal enable method direct

# Enable the portal fail-permit function for the portal authentication server newpt.

[Router–GigabitEthernet2/1/2] portal fail-permit server newpt