320
On Router B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown.)
Configuring direct portal authentication with extended
functions
Network requirements
As shown in Figure 102, the host is assigned with a public network IP address either manually or
through DHCP.
Configure the router to perform extended direct portal authentication for users on the host. If a user
fails security check after passing identity authentication, the user can access only subnet
192.168.0.0/24. After the user passes security check, the user can access Internet resources.
A RADIUS server serves as the authentication/accounting server.
Figure 102 Network diagram
Configuration prerequisites
• Configure IP addresses for the host, router, and servers as shown in Figure 102 and make sure
they can reach each other before extended portal is enabled.
• Configure the RADIUS server correctly to provide authentication and accounting functions for
users.
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Router> system-view
[Router] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the CAMS or IMC server, set the
server type to extended.
[Router-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the
keys for communication with the servers.
[Router-radius-rs1] primary authentication 192.168.0.112
[Router-radius-rs1] primary accounting 192.168.0.112
[Router-radius-rs1] key accounting radius
[Router-radius-rs1] key authentication radius
To Next Page
Loading...
