R3721-F3210-F3171-HP High-End Firewalls Access Control Configuration Guide-6PW101
233
[Firewall-isp-dm1] quit
# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without
any ISP domain at login, the authentication and accounting methods of the default domain are
used for the user.
[Firewall] domain default enable dm1
3. Configure portal authentication
# Configure the portal server.
[Firewall] portal server newpt ip 10.1.1.1 key portal port 50100 url
http://10.1.1.1:8080/portal
# Enable portal authentication on the interface connecting the host.
[Firewall] interface GigabitEthernet 0/1
[Firewall–GigabitEthernet0/1] portal server newpt method direct
[Firewall–GigabitEthernet0/1] quit
Verifying the configuration
The user can initiate portal authentication by using the HP iNode client or by accessing a web page. All
the initiated web requests are redirected to the portal authentication page at http://10.1.1.1:8080/portal.
Before passing portal authentication, the user can access only the authentication page. After passing
portal authentication, the user can access the Internet.
# After the user passes portal authentication, view the portal user information on Firewall.
[Firewall] display portal user interface GigabitEthernet 0/1
Index:19
State:ONLINE
SubState:NONE
ACL:NONE
Work-mode:stand-alone
MAC IP Vlan Interface
---------------------------------------------------------------------
0015-e9a6-7cfe 192.168.1.58 0 GigabitEthernet 0/1
On interface GigabitEthernet 0/1:total 1 user(s) matched, 1 listed.
# View the connection information on Firewall.
[Firewall] display connection
Index=20 ,Username=portal@dm1
MAC=00-15-E9-A6-7C-FE
IP=192.168.1.58
IPv6=N/A
Total 1 connection(s) matched.
Troubleshooting AAA
Troubleshooting RADIUS
Symptom 1
User authentication/authorization always fails.