Layer 3 Portal + Layer 3 Authentication Configuration Examples - 3Com MSR 50 Series Configuration Manual

Layer 3 Portal + Layer 3
Authentication
Configuration Examples
# Configure the access device as a DHCP relay agent, and enable invalid address
check on the DHCP relay agent.
[Router] dhcp enable
[Router] dhcp relay server-group 0 ip 192.168.0.112
[Router] interface ethernet 1/0
[Router-Ethernet1/0] ip address 20.20.20.1 255.255.255.0
[Router-Ethernet1/0] ip address 10.0.0.1 255.255.255.0 sub
[Router-Ethernet1/0] dhcp select relay
[Router-Ethernet1/0] dhcp relay server-select 0
[Router-Ethernet1/0] dhcp relay address-check enable
# Enable the portal+ authentication on the interface connected to the host.
[Router-Ethernet1/0] portal server newpt method redhcp service-type plus
[Router-Ethernet1/0] quit
# Configure the IP address of the interface which communicates with the portal
server.
[Router] interface ethernet 1/1
[Router-Ethernet1/1] ip address 192.168.0.100 255.255.255.0
[Router-Ethernet1/1] quit
Network requirements
Router A enables the portal+ authentication function. The host accesses Router
■
A via Router B.
The Router A is configured with portal+ layer 3 authentication. When users
■
have passed identity authentication but have not passed security
authentication, they can only access subnet 192.168.0.0/24. After passing the
security authentication, users can access external networks.
A RADIUS server serves as the authentication/accounting server.
■
The security policy server is required for portal+ authentication.
■
Network diagram
Figure 544 Network diagram for portal+ layer 3 authentication
Router A
Eth 1/0
20.20. 20.1/24
Eth 1/1
20. 20.20 .2 /24
Eth 1/0
8 .8.8.1/24
Router B
Host
8.8.8.2/24
Portal Configuration Examples (on Routers)
Portal server
Eth 1/1
192. 168.0. 100/24
192.168.0.111/ 24
Radius server
192.168.0 .112/24
Security policy server
192.168.0 .113/24
1869