Configuring Extended Re-Dhcp Portal Authentication - HP VSR1000 Security Configuration Manual
Virtual services router
Hide thumbs
Also See for VSR1000:
- Configuration manual (463 pages) ,
- High availability configuration manual (91 pages) ,
- Layer 2 - wan access command reference (50 pages)
Table of Contents
Advertisement
Configuring extended re-DHCP portal authentication
Network requirements
As shown in
IP address through the DHCP server. A portal server serves as both a portal authentication server and a
portal Web server. A RADIUS server serves as the authentication/accounting server.
Configure extended re-DHCP portal authentication. Before passing portal authentication, the host is
assigned a private IP address. After passing portal identity authentication, the host obtains a public IP
address and accepts security check. If the host fails the security check, it can access only subnet
192.168.0.0/24. After passing the security check, the host can access Internet resources.
Figure 31 Network diagram
Host
automatically obtains
an IP address
Configuration prerequisites and guidelines
Configure IP addresses for the router and servers as shown in
•
router, and servers can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
For re-DHCP portal authentication, configure a public address pool (20.20.20.0/24) and a private
•
address pool (10.0.0.0/24) on the DHCP server. (Details not shown.)
For re-DHCP portal authentication, the router must be configured as a DHCP relay agent and the
•
portal-enabled interface must be configured with a primary IP address (a public IP address) and a
secondary IP address (a private IP address). For information about DHCP relay agent configuration,
see Layer 3—IP Services Configuration Guide.
Make sure the IP address of the portal device added on the portal server is the public IP address
•
(20.20.20.1) of the router's interface connecting the host. The private IP address range for the IP
address group associated with the portal device is the private subnet 10.0.0.0/24 where the host
resides. The public IP address range for the IP address group is the public subnet 20.20.20.0/24.
Configuration procedure
Perform the following configurations on the router.
1.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
Figure
31, the host is directly connected to the router (the access device). The host obtains an
GE2/0
20.20.20.1/24
GE1/0
10.0.0.1/24 sub
192.168.0.100/24
Router
Portal server
192.168.0.111/24
192.168.0.112/24
RADIUS server
192.168.0.113/24
Security policy server
192.168.0.114/24
97
DHCP server
Figure 31
and make sure the host,
- Quick Links:
- Configuring the Device as an Ssh...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
