R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

101

102

103

104

105

106

107

108

109

110

103

[Firewall] radius scheme rs1

# Set the server type for the RADIUS scheme. When using the IMC server, you need set the server type

to extended.

[Firewall-radius-rs1] server-type extended

# Specify the primary authentication server and primary accounting server, and configure the keys for

communication with the servers.

[Firewall-radius-rs1] primary authentication 192.168.0.113

[Firewall-radius-rs1] primary accounting 192.168.0.113

[Firewall-radius-rs1] key authentication radius

[Firewall-radius-rs1] key accounting radius

# Specify that the ISP domain name should not be included in the username sent to the RADIUS server.

[Firewall-radius-rs1] user-name-format without-domain

[Firewall-radius-rs1] quit

2. Configure an authentication domain

# Create an ISP domain named dm1 and enter its view.

[Firewall] domain dm1

# Configure the ISP domain to use RADIUS scheme rs1.

[Firewall-isp-dm1] authentication portal radius-scheme rs1

[Firewall-isp-dm1] authorization portal radius-scheme rs1

[Firewall-isp-dm1] accounting portal radius-scheme rs1

[Firewall-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username without any

ISP domain at login, the authentication and accounting methods of the default domain are used for the

user.

[Firewall] domain default enable dm1

3. Configure portal authentication

# Configure the portal server as follows:

• Name: newpt

• IP address: 192.168.0.111

• Key: portal

• Port number: 50100

• U R L : h t t p : / / 19 2.16 8 . 0 .111/portal.

[Firewall] portal server newpt ip 192.168.0.111 key portal port 50100 url

http://192.168.0.111/portal

# Configure the firewall as a DHCP relay agent, and enable the invalid address check function.

[Firewall] dhcp enable

[Firewall] dhcp relay server-group 0 ip 192.168.0.112

[Firewall] interface gigabitethernet 0/1

[Firewall–GigabitEthernet0/1] ip address 20.20.20.1 255.255.255.0

[Firewall–GigabitEthernet0/1] ip address 10.0.0.1 255.255.255.0 sub

[Firewall-GigabitEthernet0/1] dhcp select relay

[Firewall-GigabitEthernet0/1] dhcp relay server-select 0

[Firewall-GigabitEthernet0/1] dhcp relay address-check enable

# Enable re-DHCP portal authentication on the interface connecting the host.