324
[Router-Ethernet1/2] dhcp select relay
[Router-Ethernet1/2] dhcp relay server-select 0
[Router-Ethernet1/2] dhcp relay address-check enable
# Enable portal authentication on the interface connecting the host.
[Router–Ethernet1/2] portal server newpt method redhcp
[Router–Ethernet1/2] quit
Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in Figure 104, configure Router A to perform extended cross-subnet portal authentication
for users on the host. If a user fails security check after passing identity authentication, the user can
access only subnet 192.168.0.0/24. After passing the security check, the user can access Internet
resources.
A RADIUS server serves as the authentication/accounting server.
Figure 104 Network diagram
Configuration prerequisites and guidelines
• Configure IP addresses for the host, routers, and servers as shown in Figure 104 and make
sure that routes are available between devices.
• Configure the RADIUS server correctly to provide authentication and accounting functions for
users.
• Make sure the IP address of the portal device added on the portal server is the IP address of the
interface connecting users (20.20.20.1 in this example), and the IP address group associated
with the portal device is the network segment where the users reside (8.8.8.0/24 in this
example).
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<RouterA> system-view
[RouterA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the CAMS or IMC server, set the
server type to extended.
Router A
Host
8.8.8.2/24
Eth1/2
20.20.20.1/24
Portal server
192.168.0.111/24
Radius server
192.168.0.112/24
Eth1/1
192.168.0.100/24
Router B
Eth1/2
8.8.8.1/24
Eth1/1
20.20.20.2/24
Security policy server
192.168.0.113/24
To Next Page
Loading...
Need help?
General
