R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101
108
Figure 79 Configure re-DHCP portal authentication with extended functions
Configuration procedure
NOTE:
• For re-DHCP authentication, configure a public address pool (20.20.20.0/24, in this example) and a
private address pool (10.0.0.0/24, in this example) on the DHCP server. The configuration steps are
omitted.
• For re-DHCP authentication, the firewall must be configured as a DHCP relay agent (instead of a DHCP
server) and the portal-enabled interface must be configured with a primary IP address (a public IP
address) and a secondary IP address (a private IP address).
• Configure IP addresses for the firewall and servers as shown in Figure 79 an
d ensure that the host,
firewall, and servers can reach each other.
• Configure the RADIUS server properly to provide authentication and accounting functions for users.
Configure the firewall:
1. Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<Firewall> system-view
[Firewall] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, you need set the server type
to extended.
[Firewall-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[Firewall-radius-rs1] primary authentication 192.168.0.113
[Firewall-radius-rs1] primary accounting 192.168.0.113
[Firewall-radius-rs1] key authentication radius
[Firewall-radius-rs1] key accounting radius
[Firewall-radius-rs1] user-name-format without-domain
# Configure the IP address of the security policy server.
192.168.0.111/24
192.168.0.114/ 24
192 .168.0.112
/
24
Firewall
Host
automatically obtains
an IP address
GE0/1
20.20.20.1/24
1 0 .0 .0. 1/2 4 sub
GE0/0
192.168.0.100/24
Portal server
Security policy server
DHCP server
192.168.0.113
/
24
RADIUS server