Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
181182183184185186187188189190
181
# Enable portal authentication on the interface connecting the host.
[Firewall–GigabitEthernet0/2] portal server newpt method redhcp
[Firewall–GigabitEthernet0/2] quit
219BConfiguring cross-subnet portal authentication with extended
functions
401BNetwork requirements
As shown in 689HFigure 134, configure the firewall to perform extended cross-subnet portal authentication for
users on the host. If a user fails security check after passing identity authentication, the user can access
only subnet 192.168.0.0/24. After passing the security check, the user can access Internet resources.
A RADIUS server serves as the authentication/accounting server.
Figure 134 Network diagram
402BConfiguration prerequistes and guidelines
Configure IP addresses for the host, firewalls, and servers as shown in 690HFigure 134 and make sure
routes are available between devices.
Configure the RADIUS server properly to provide authentication and accounting functions for users.
Make sure the IP address of the portal device added on the portal server is the IP address of the
interface connecting users (20.20.20.1 in this example), and the IP address group associated with
the portal device is the network segment where the users reside (8.8.8.0/24 in this example).
403BConfiguration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Firewall> system-view
[Firewall] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[Firewall-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[Firewall-radius-rs1] primary authentication 192.168.0.112