EasyManuals Logo

HPE FlexNetwork MSR Series Comware 5 Security Configuration Guide

HPE FlexNetwork MSR Series
547 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #336 background imageLoading...
Page #336 background image
323
# Specify the primary authentication server and primary accounting server, and configure the
keys for communication with the servers.
[Router-radius-rs1] primary authentication 192.168.0.113
[Router-radius-rs1] primary accounting 192.168.0.113
[Router-radius-rs1] key authentication simple radius
[Router-radius-rs1] key accounting simple radius
[Router-radius-rs1] user-name-format without-domain
# Configure the IP address of the security policy server.
[Router-radius-rs1] security-policy-server 192.168.0.114
[Router-radius-rs1] quit
2. Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[Router] domain dm1
# Configure AAA methods for the ISP domain.
[Router-isp-dm1] authentication portal radius-scheme rs1
[Router-isp-dm1] authorization portal radius-scheme rs1
[Router-isp-dm1] accounting portal radius-scheme rs1
[Router-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters the
username without the ISP domain at logon, the authentication and accounting methods of the
default domain are used for the user.
[Router] domain default enable dm1
3. Configure ACL 3000 for resources on subnet 192.168.0.0/24 and ACL 3001 for Internet
resources:
[Router] acl number 3000
[Router-acl-adv-3000] rule permit ip destination 192.168.0.0 0.0.0.255
[Router-acl-adv-3000] rule deny ip
[Router-acl-adv-3000] quit
[Router] acl number 3001
[Router-acl-adv-3001] rule permit ip
[Router-acl-adv-3001] quit
Make sure you specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL on the
security policy server.
4. Configure extended portal authentication:
# Configure the portal server as follows:
{ Name: newpt
{ IP address: 192.168.0.111
{ Key: portal, in plain text
{ Port number: 50100
{ URL: http://192.168.0.111:8080/portal
[Router] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Configure the router as a DHCP relay agent, and enable the IP address check function.
[Router] dhcp enable
[Router] dhcp relay server-group 0 ip 192.168.0.112
[Router] interface ethernet 1/2
[Router–Ethernet1/2] ip address 20.20.20.1 255.255.255.0
[Router–Ethernet1/2] ip address 10.0.0.1 255.255.255.0 sub

Table of Contents

Other manuals for HPE FlexNetwork MSR Series

Preview: Configuration Guide
Configuration Guide861 pages
Preview: Comware 7 Layer 3 - Ip Services Configuration Guides
Comware 7 Layer 3 - Ip Services Configuration Guides554 pages
Preview: Guide
Guide213 pages
Preview: Command Reference
Command Reference120 pages
Preview: Comware 5 Layer 2 - Wan Access Configuration Guide
Comware 5 Layer 2 - Wan Access Configuration Guide420 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the HPE FlexNetwork MSR Series and is the answer not in the manual?

HPE FlexNetwork MSR Series Specifications

General IconGeneral
BrandHPE
ModelFlexNetwork MSR Series
CategoryNetwork Router
LanguageEnglish

Related product manuals