# Enable Layer 3 portal authentication on the interface connecting Router B.
[RouterA] interface gigabitethernet 1/0/2
[RouterA–Gigabitethernet1/0/2] portal server newpt method layer3
[RouterA–Gigabitethernet1/0/2] quit
On Router B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
The configuration steps are omitted.
Configuring direct portal authentication with extended functions
Network requirements
As shown in
The host is directly connected to the router, and the router is configured for direct portal
•
authentication. The host is assigned with a public network IP address either manually or through
DHCP. If a user fails security check after passing identity authentication, the user can access only
subnet 192.168.0.0/24. After the user passes security check, the user can access Internet
resources.
A RADIUS server serves as the authentication/accounting server.
•
Figure 59 Configure direct portal authentication with extended functions
Configure IP addresses for the host, router, and servers as shown in
are available between devices before extended portal is enabled.
Perform configurations on the RADIUS server to ensure that the user authentication and accounting
functions can work normally.
Configuration procedure
Configure the router:
Configure a RADIUS scheme.
1.
# Create a RADIUS scheme named rs1 and enter its view.
<Router> system-view
[Router] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the iMC server, you must set the server type to
extended.
Figure
59:
148
Figure 59
and make sure that routes