R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
102
---------------------------------------------------------------------
0015-e9a6-7cfe 2.2.2.2 0 GigabitEthernet0/1
On interface GigabitEthernet0/1:total 1 user(s) matched, 1 listed.
Configuring re-DHCP portal authentication
Network requirements
As shown in Figure 76:
• The host is directly connected to the firewall and the firewall is configured for re-DHCP
authentication. The host is assigned with an IP address through the DHCP server. Before passing
portal authentication, the host uses an assigned private IP address. After passing portal
authentication, it can get a public IP address and then users using the host can access Internet
resources.
• A RADIUS server serves as the authentication/accounting server.
Figure 76 Configure re-DHCP portal authentication
Configuration procedure
NOTE:
• For re-DHCP authentication, configure a public address pool (20.20.20.0/24, in this example) and a
private address pool (10.0.0.0/24, in this example) on the DHCP server. The configuration steps are
omitted.
• For re-DHCP authentication, the firewall must be configured as a DHCP relay agent (instead of a DHCP
server) and the portal-enabled interface must be configured with a primary IP address (a public IP
address) and a secondary IP address (a private IP address).
• Configure IP addresses for the firewall and servers as shown in Figure 76 an
d ensure that the host,
firewall, and server can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
Configure the firewall:
1. Configure a RADIUS scheme
# Create a RADIUS scheme named rs1, and enter its view.
<Firewall> system-view
192.168.0.111/ 24
192.168.0.113/ 24
192.168.0.112/ 24
FirewallHost
Automatically obtains
an IP address
GE0 /1
20.20.20.1/24
10.0. 0.1/24 sub
GE0 /0
192.168.0.100 /24
Portal server
RADIUS server
DHCP server