[Router–GigabitEthernet3/0/2] quit
Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in
users on the host. If a user fails security check after passing identity authentication, the user can access
only subnet 192.168.0.0/24. After passing the security check, the user can access Internet resources.
A RADIUS server serves as the authentication/authorization server.
Figure 62 Network diagram
Configuration prerequisites and guidelines
•
Configure IP addresses for the host, routers, and servers as shown in
routes are available between devices.
Configure the RADIUS server properly to provide authentication and authorization functions for
•
users.
Make sure the IP address of the portal device added on the portal server is the IP address of the
•
interface connecting users (20.20.20.1 in this example), and the IP address group associated with
the portal device is the network segment where the users reside (8.8.8.0/24 in this example).
Configuration procedure
1.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<RouterA> system-view
[RouterA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[RouterA-radius-rs1] server-type extended
# Specify the primary authentication/authorization server, and configure the keys for
communication with the servers.
[RouterA-radius-rs1] primary authentication 192.168.0.112
Figure
62, configure Router A to perform extended cross-subnet portal authentication for
160
Figure 62
and make sure that