R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

141

142

143

144

145

146

147

148

149

150

129

Task Remarks

Controlling access of portal

users

Configuring a portal-free rule

Optional.

Configuring an authentication source

Configuring an authentication destination subnet

Setting the maximum number of online portal

Specifying an authentication domain for portal users

Configuring RADIUS related

Specifying the NAS ID value carried in a RADIUS request

Optional.

Specifying NAS-Port-Type for an

Specifying the NAS-Port-ID for an

Specifying a NAS ID profile for an

Specifying a source IP address for outgoing portal Optional.

Specifying a device ID for the access device Optional.

Specifying an autoredirection URL for authenticated portal Optional.

Configuring portal detection

Configuring online Layer 3 portal user detection

Optional. Configuring the portal server detection function

Configuring portal user information

Logging off portal Optional.

Configuration prerequisites

Although the portal feature provides a solution for user identity authentication and security check, the

portal feature cannot implement this solution by itself. RADIUS authentication must be configured on the

access device to cooperate with the portal feature to complete user authentication.

The prerequisites for portal authentication configuration are as follows:

• The portal server and the RADIUS server have been installed and configured properly. Local portal

authentication requires no independent portal server be installed.

• With re-DHCP authentication, the IP address check function of the DHCP relay agent is enabled on

the access device, and the DHCP server is installed and configured properly.

• The portal client, access device, and servers can reach each other.

• With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS

server, and the RADIUS client configurations are performed on the access device. For information

about RADIUS client configuration, see "Configuring AAA."

• To implement extended portal functions, install and configure IMC EAD, and make sure that the

ACLs configured on the access device correspond to those specified for the resources in the

quarantined area and for the restricted resources on the security policy server. For information

about security policy server configuration on the access device, see "Configuring AAA."

For installation and configuration about the security policy server, see IMC EAD Security Policy Help.

The ACL for resources in the quarantined area and that for restricted resources correspond to isolation

ACL and security ACL on the security policy server respectively.