F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
171
Configure the firewall to perform direct portal authentication for users on the host. Before a user passes
portal authentication, the user can access only the portal server. After passing portal authentication, the
user can access Internet resources.
Use a RADIUS server as the authentication, authorization, and accounting server.
Figure 129 Network diagram
386BConfiguration prerequisites
• Configure IP addresses for the host, firewall, and servers as shown in 680HFigure 129 and make sure that
they can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
• Configure the portal server parameters as needed. For more information about portal server
configuration, see the configuration manual provided with the portal server.
387BConfiguration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Firewall> system-view
[Firewall] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[Firewall-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[Firewall-radius-rs1] primary authentication 192.168.0.112
[Firewall-radius-rs1] primary accounting 192.168.0.112
[Firewall-radius-rs1] key authentication radius
[Firewall-radius-rs1] key accounting radius
# Specify that the ISP domain name should not be included in the username sent to the RADIUS
server.
[Firewall-radius-rs1] user-name-format without-domain
[Firewall-radius-rs1] quit
2. Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[Firewall] domain dm1
# Configure AAA methods for the ISP domain.
FirewallHost
2.2.2.2/24
Gateway : 2.2.2.1/24
GE0/2
2.2.2.1/24
GE0/1
192.168.0.100/24
Portal server
192.168.0.111/24
RADIUS server
192.168.0.112/24