162
•
Configure an authentication domain.
# Create ISP domain
dm1
and enter its view.
[RouterB] domain dm1
# Configure AAA methods for the ISP domain.
[RouterB-isp-dm1] authentication portal radius-scheme rs1
[RouterB-isp-dm1] authorization portal radius-scheme rs1
[RouterB-isp-dm1] accounting portal radius-scheme rs1
[RouterB-isp-dm1] quit
# Configure
dm1
as the default ISP domain for all users. Then, if a user enters a username without any
ISP domain at logon, the authentication and accounting methods of the default domain are used for the
user.
[RouterB] domain default enable dm1
•
Enable portal authentication on the interface connecting the host.
# Configure the portal server as needed.
[RouterB] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting the host.
[RouterB] interface gigabitethernet 0/1
[RouterB–Gigabitethernet0/1] portal server newpt method layer3
# Specify the source IP address for outgoing portal packets as 9.9.1.1, the virtual IP address of VRRP
group 1.
[RouterB–GigabitEthernet0/1] portal nas-ip 9.9.1.1
•
Configure portal stateful failover.
# Assign interface Gigabitethernet 0/1 to portal group 1.
[RouterB–GigabitEthernet0/1] portal backup-group 1
[RouterB–GigabitEthernet0/1] quit
# Set the ID of the router in the stateful failover mode to 2.
[RouterB] nas device-id 2
# Configure the source IP address for outgoing RADIUS packets as 192.168.0.1, the virtual IP address
of VRRP group 2.
[RouterB] radius nas-ip 192.168.0.1
NOTE:
Make sure that you have added the access device with IP address 192.168.0.1 on the RADIUS server.
•
Configure stateful failover.
# Configure the stateful failover interface as Gigabitethernet 0/3.
[RouterB] dhbk interface gigabitethernet0/3
# Enable stateful failover and configure it to support the symmetric path.
[RouterB] dhbk enable backup-type symmetric-path