Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
181182183184185186187188189190
173
215BConfiguring re-DHCP portal authentication
389BNetwork requirements
As shown in 681HFigure 130, the host obtains an IP address from the DHCP server.
Configure the firewall to perform re-DHCP portal authentication for users on the host. Before a user
passes portal authentication, the DHCP server assigns a private IP address to the host. After the user
passes portal authentication, the DHCP server assigns a public IP address to the host and then the user
can access Internet resources.
A RADIUS server serves as the authentication/accounting server.
Figure 130 Network diagram
390BConfiguration prerequisites and guidelines
Configure IP addresses for the firewall and servers as shown in 682HFigure 130 and make sure the host,
firewall, and servers can reach each other.
Configure the RADIUS server properly to provide authentication and accounting functions for users.
For re-DHCP portal authentication, configure a public address pool (20.20.20.0/24, in this
example) and a private address pool (10.0.0.0/24, in this example) on the DHCP server. (Details
not shown.)
For re-DHCP portal authentication, the firewall must be configured as a DHCP relay agent and the
portal-enabled interface must be configured with a primary IP address (a public IP address) and a
secondary IP address (a private IP address). For information about DHCP relay agent configuration,
see Network Management Configuration Guide.
Make sure the IP address of the portal device added on the portal server is the public IP address of
the interface connecting users (20.20.20.1 in this example), the private IP address range for the IP
address group associated with the portal device is the private network segment where the users
reside (10.0.0.0/24 in this example), and the public IP address range for the IP address group is
the public network segment 20.20.20.0/24.
391BConfiguration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1, and enter its view.
<Firewall> system-view
[Firewall] radius scheme rs1