F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

241

242

243

244

245

246

247

248

249

250

241

472BConfiguration prerequisites

Configure IP addresses for the devices as shown in 761HFigure 150 and make sure that devices can reach

each other. (Details not shown.)

473BConfiguring the RADIUS server

For more information about RADIUS server configuration, see the configuration manual provided with the

RADIUS server.

474BConfiguring the firewall

1. Configure a RADIUS scheme:

# Create a RADIUS scheme named rs1 and enter its view.

<Firewall> system-view

[Firewall] radius scheme rs1

# Set the server type for the RADIUS scheme. When using IMC, set the server type to extended.

[Firewall-radius-rs1] server-type extended

# Specify the primary authentication server and primary accounting server, and configure the keys

for communication with the servers.

[Firewall-radius-rs1] primary authentication 10.1.1.1

[Firewall-radius-rs1] primary accounting 10.1.1.1

[Firewall-radius-rs1] key authentication expert

[Firewall-radius-rs1] key accounting expert

# Include the domain names in usernames sent to the RADIUS server.

[Firewall-radius-rs1] user-name-format with-domain

[Firewall-radius-rs1] quit

Configure an authentication domain:

# Create an ISP domain named dm1 and enter its view.

[Firewall] domain dm1

# Configure the ISP domain to use RADIUS scheme rs1.

[Firewall-isp-dm1] authentication portal radius-scheme rs1

[Firewall-isp-dm1] authorization portal radius-scheme rs1

[Firewall-isp-dm1] accounting portal radius-scheme rs1

[Firewall-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without

any ISP domain at login, the authentication and accounting methods of the default domain will be

used for the user.

[Firewall] domain default enable dm1

Configure portal authentication:

# Configure the portal server.

[Firewall] portal server newpt ip 10.1.1.1 key portal port 50100 url

http://10.1.1.1:8080/portal

# Enable portal authentication on the interface connecting the host.

[Firewall] interface gigabitethernet 0/1

[Firewall-GigabitEthernet0/1] portal server newpt method direct

[Firewall-GigabitEthernet0/1] quit