Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
12345678910
iii
Setting the EAD rule timer ··········································································································································· 106
Displaying and maintaining EAD fast deployment ··································································································· 106
EAD fast deployment configuration example ············································································································ 107
Network requirements ········································································································································· 107
Configuration procedure ···································································································································· 107
Verifying the configuration ································································································································· 108
Troubleshooting EAD fast deployment ······················································································································· 109
Web browser users cannot be correctly redirected ························································································ 109
Configuring MAC authentication ··························································································································· 110
Overview ······································································································································································· 110
User account policies ·········································································································································· 110
Authentication methods······································································································································· 110
MAC authentication timers ································································································································· 111
Using MAC authentication with other features ········································································································· 111
VLAN assignment ················································································································································ 111
ACL assignment ··················································································································································· 111
Configuration task list ·················································································································································· 111
Basic configuration for MAC authentication ············································································································· 112
Configuring MAC authentication globally ········································································································ 112
Configuring MAC authentication on a port ····································································································· 113
Specifying a MAC authentication domain ················································································································ 113
Displaying and maintaining MAC authentication ···································································································· 114
MAC authentication configuration examples ············································································································ 114
Local MAC authentication configuration example··························································································· 114
RADIUS-based MAC authentication configuration example··········································································· 116
ACL assignment configuration example············································································································ 118
Configuring portal authentication ·························································································································· 121
Overview ······································································································································································· 121
Extended portal functions ··································································································································· 121
Portal system components ··································································································································· 121
Portal authentication modes ······························································································································· 123
Portal support for EAP ········································································································································· 124
Layer 3 portal authentication process ··············································································································· 124
Portal authentication across VPNs ····················································································································· 128
Portal configuration task list ········································································································································ 128
Configuration prerequisites ········································································································································· 129
Specifying a portal server for Layer 3 portal authentication ··················································································· 130
Enabling Layer 3 portal authentication ······················································································································ 130
Controlling access of portal users ······························································································································ 131
Configuring a portal-free rule····························································································································· 131
Configuring an authentication source subnet ··································································································· 132
Configuring an authentication destination subnet ··························································································· 133
Setting the maximum number of online portal users ························································································ 133
Specifying an authentication domain for portal users ····················································································· 133
Configuring RADIUS related attributes ······················································································································ 134
Specifying the NAS ID value carried in a RADIUS request ············································································ 134
Specifying NAS-Port-Type for an interface ······································································································· 134
Specifying the NAS-Port-ID for an interface ····································································································· 135
Specifying a NAS ID profile for an interface ··································································································· 135
Specifying a source IP address for outgoing portal packets ··················································································· 136
Specifying a device ID for the access device ··········································································································· 136
Specifying an autoredirection URL for authenticated portal users ·········································································· 137
Configuring portal detection functions ······················································································································· 137