135
• With re-DHCP authentication, the IP address check function of the DHCP relay agent is enabled on
the access device, and the DHCP server is installed and configured properly.
• The portal client, access device, and servers can reach each other.
• With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS
server, and the RADIUS client configurations are performed on the access device. For information
about RADIUS client configuration, see "Configuring AAA."
• T
o implement extended portal functions, install and configure IMC EAD, and make sure that the
ACLs configured on the access device correspond to those specified for the resources in the
quarantined area and for the restricted resources on the security policy server. For information
about security policy server configuration on the access device, see "Configuring AAA."
F
or installation and configuration about the security policy server, see IMC EAD Security Policy Help.
The ACL for resources in the quarantined area and that for restricted resources correspond to isolation
ACL and security ACL, respectively, on the security policy server.
You can modify the authorized ACLs on the access device. However, your changes take effect only for
portal users logging on after the modification.
For portal authentication to work normally, make sure that the system name of the access device is no
more than 16 characters.
Specifying the portal server
Specifying the local portal server for Layer 2 portal
authentication
Layer 2 portal authentication uses the local portal server. Specify the IP address of a Layer 3 interface on
the device that is routable to the portal client as the listening IP address of the local portal server. HP
recommends using the IP address of a loopback interface rather than a physical Layer 3 interface,
because:
• The status of a loopback interface is stable. There will be no authentication page access failures
caused by interface failures.
• A loopback interface does not forward received packets to any network, avoiding impact on system
performance when there are many network access requests.
To specify the local portal server for Layer 2 portal authentication:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Specify the listening IP
address of the local portal
server for Layer 2 portal
authentication.
portal local-server ip ip-address
By default, no listening IP address
is specified.
NOTE:
The specified listening IP address can be changed or deleted only if Layer 2 portal authentication is not
enabled on any port.
To Next Page
Loading...
Need help?
General