R3166-R3206-HP High-End Firewalls Access Control Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

iii

ASPF configuration example ········································································································································· 79

Configuration guidelines ··············································································································································· 80

Connection limit configuration ·································································································································· 81

Connection limit overview ············································································································································· 81

Connection limit configuration task list ························································································································ 81

Creating a connection limit policy ······························································································································· 81

Configuring the connection limit policy ······················································································································· 81

Configuring an IP address-based connection limit rule ····················································································· 82

Applying the connection limit policy ···························································································································· 82

Displaying and maintaining connection limiting ········································································································ 82

Connection limit configuration example ······················································································································ 83

Troubleshooting connection limiting ····························································································································· 84

Connection limit rules with overlapping segments ····························································································· 84

Connection limit rules with overlapping protocol types ···················································································· 84

Portal configuration ···················································································································································· 86

Portal overview ······························································································································································· 86

Introduction to portal ············································································································································· 86

Extended portal functions ····································································································································· 86

Portal system components ····································································································································· 86

Portal authentication modes ································································································································· 88

Portal authentication process ······························································································································· 89

Portal configuration task list ·········································································································································· 91

Basic portal configuration ············································································································································· 91

Configuration prerequisites ·································································································································· 91

Configuration procedure ······································································································································ 92

Configuring a portal-free rule ······································································································································· 92

Configuring an authentication subnet ·························································································································· 93

Specifying the source IP address for outgoing portal packets ·················································································· 93

Logging out users ··························································································································································· 94

Specifying an authentication domain for portal users ······························································································· 94

Specifying the NAS ID value carried in a RADIUS request ······················································································· 95

Specifying a NAS ID profile for an interface ·············································································································· 95

Setting the maximum number of online portal users ·································································································· 96

Displaying and maintaining portal ······························································································································ 96

Portal configuration examples ······································································································································ 97

Configuring direct portal authentication ············································································································· 97

Configuring re-DHCP portal authentication ······································································································ 102

Configuring Layer 3 portal authentication ········································································································ 104

Configuring direct portal authentication with extended functions·································································· 105

Configuring re-DHCP portal authentication with extended functions ···························································· 107

Configuring Layer 3 portal authentication with extended functions ······························································ 110

Troubleshooting portal ················································································································································· 112

Inconsistent keys on the access device and the portal server ········································································· 112

Incorrect server port number on the access device ·························································································· 112

AAA configuration ·················································································································································· 113

AAA overview ······························································································································································ 113

RADIUS ································································································································································· 114

HWTACACS ························································································································································ 119

Domain-based user management ······················································································································ 121

Protocols and standards ····································································································································· 122

RADIUS attributes ················································································································································ 122

AAA configuration considerations and task list ········································································································ 125

Configuring AAA schemes ·········································································································································· 127