HP 5120 SI Series

HP 5120 SI Series

385 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

157

NOTE:

• Make sure that the host, switch, and servers can reach each other before portal authentication is

enabled.

• Configure the RADIUS server properly to provide normal authentication/authorization/accounting

functions for users. In this example, you must create a portal user account with the account name userpt

on the RADIUS server, and configure an authorized VLAN for the account.

• On the DHCP server, you must specify the IP address ran

g

es (192.168.1.0/24, 3.3.3.0/24, 2.2.2.0/24),

specify the default

g

ateway addresses (192.168.1.1, 3.3.3.1, 2.2.2.1), exclude the update server's address

2.2.2.2 from the address ran

g

es for address allocation, specify the leases for the assi

g

ned IP addresses

and make sure there is a route to the host. To shorten the IP address update time in case of an

authentication state change, set a short lease for each address.

• Because the DHCP server and the DHCP client are not in the same subnet, you must confi

g

ure a DHCP

relay agent on the subnet of the client. For more information about DHCP relay agent, see

Layer 3—I

P

Services Configuration Guide

.

1. Configure portal authentication

# Add Ethernet ports to related VLANs and configure IP addresses for the VLAN interfaces. (Details not

shown)

# Configure PKI domain pkidm, and apply for a local certificate and CA certificate. For more

configuration information, see the chapter "PKI configuration."

# Edit the user-defined authentication pages file, compress it into a zip file named defaultfile, and save

the file in the root directory of the access device.

# Configure SSL server policy sslsvr, and specify to use PKI domain pkidm.

<Switch> system-view

[Switch] ssl server-policy sslsvr

[Switch-ssl-server-policy-sslsvr] pki pkidm

[Switch-ssl-server-policy-sslsvr] quit

# Configure the local portal server to support HTTPS and reference SSL server policy sslsvr.

[Switch] portal local-server https server-policy sslsvr

# Configure the IP address of loopback interface 12 as 4.4.4.4.

[Switch] interface loopback 12

[Switch-LoopBack12] ip address 4.4.4.4 32

[Switch-LoopBack12] quit

# Specify IP address 4.4.4.4 as the listening IP address of the local portal server for Layer 2 portal

authentication.

[Switch] portal local-server ip 4.4.4.4

# Enable portal authentication on port GigabitEthernet 1/0/1, and specify the Auth-Fail VLAN of the

port as VLAN 2.

[Switch] interface gigabitethernet 1/0/1

[Switch–GigabitEthernet1/0/1] port link-type hybrid

[Switch–GigabitEthernet1/0/1] mac-vlan enable

[Switch–GigabitEthernet1/0/1] portal local-server enable

[Switch–GigabitEthernet1/0/1] portal auth-fail vlan 2

[Switch–GigabitEthernet1/0/1] quit

2. Configure a RADIUS scheme

Table of Contents

Other manuals for HP 5120 SI Series

Command Reference395 pages

Specification33 pages

Related product manuals

Preview: HP 5120 EI Switch Series

HP 5120 EI Switch Series

Preview: HP 5120 series

Preview: HP 5120 EI Series

HP 5120 EI Series

Preview: HP A3100-8 v2 SI

HP A3100-8 v2 SI

Preview: HP A5500 SI Switch Series

HP A5500 SI Switch Series

Preview: HP 5130 EI series

HP 5130 EI series

Preview: HP 5130-24G-4SFP+ EI

HP 5130-24G-4SFP+ EI

Preview: HP 5130 EI Switch Series

HP 5130 EI Switch Series

HP HPE 5140 24G 4SFP+ EI

Preview: HP FlexNetwork 5130 HI series

HP FlexNetwork 5130 HI series

Preview: HP FlexNetwork 5140 EI Series

HP FlexNetwork 5140 EI Series

Preview: HP 5920