Table of Contents
Advertisement
Session group profile: N/A
ACL: 3001
Inbound CAR: N/A
Outbound CAR: N/A
Inbound priority: N/A
Outbound priority: N/A
Example: Configuring extended cross-subnet portal
authentication
Network configuration
As shown in
through Router B. A portal server acts as both a portal authentication server and a portal Web server.
A RADIUS server acts as the authentication/accounting server.
Configure Router A for extended cross-subnet portal authentication. Before passing portal
authentication, the host can access only the portal server. After passing portal identity authentication,
the host accepts security check. If the host fails the security check it can access only the subnet
192.168.0.0/24. After passing the security check, the host can access other network resources.
Figure 114 Network diagram
20.20.20.1/24
GE1/0/2
8.8.8.1/24
Host
8.8.8.2/24
Configuration prerequisites and guidelines
•
Configure IP addresses for the router and servers as shown in
host, router, and servers can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
•
Make sure the IP address of the portal device added on the portal server is the IP address
(20.20.20.1) of the router's interface connecting the host. The IP address group associated with
the portal device is the subnet of the host (8.8.8.0/24).
Procedure
Perform the following tasks on Router A.
1.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<RouterA> system-view
[RouterA] radius scheme rs1
Figure
114, Router A supports portal authentication. The host accesses Router A
Router A
GE1/0/1
192.168.0.100/24
GE1/0/2
GE1/0/1
20.20.20.2/24
Router B
Portal server
192.168.0.111/24
RADIUS server
192.168.0.112/24
Security policy server
192.168.0.113/24
353
Figure 114
and make sure the
Advertisement
Table of Contents
Troubleshooting
