R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-G Router

iii

Configuring the redirect URL ······································································································································· 107

Setting the EAD rule timer ··········································································································································· 107

Displaying and maintaining EAD fast deployment ··································································································· 107

EAD fast deployment configuration example (1) ······································································································ 108

Network requirements ········································································································································· 108

Configuration procedure ···································································································································· 108

Verifying the configuration ································································································································· 109

EAD fast deployment configuration example (2) ······································································································ 110

Troubleshooting EAD fast deployment ······················································································································· 112

Web browser users cannot be correctly redirected ························································································ 112

Configuring MAC authentication ··························································································································· 113

Overview ······································································································································································· 113

User account policies ·········································································································································· 113

Authentication methods······································································································································· 113

MAC authentication timers ································································································································· 114

Using MAC authentication with other features ········································································································· 114

VLAN assignment ················································································································································ 114

ACL assignment ··················································································································································· 114

Configuration task list ·················································································································································· 114

Basic configuration for MAC authentication ············································································································· 115

Configuring MAC authentication globally ········································································································ 115

Configuring MAC authentication on a port ····································································································· 116

Specifying a MAC authentication domain ················································································································ 116

Displaying and maintaining MAC authentication ···································································································· 117

MAC authentication configuration examples ············································································································ 117

Local MAC authentication configuration example··························································································· 117

RADIUS-based MAC authentication configuration example··········································································· 119

ACL assignment configuration example············································································································ 121

Configuring portal authentication ·························································································································· 123

Extended portal functions ··································································································································· 123

Portal system components ··································································································································· 123

Portal authentication modes ······························································································································· 125

Portal support for EAP ········································································································································· 126

Layer 3 portal authentication process ··············································································································· 126

Portal stateful failover ·········································································································································· 130

Portal authentication across VPNs ····················································································································· 131

Portal configuration task list ········································································································································ 132

Configuration prerequisites ········································································································································· 132

Specifying a portal server for Layer 3 portal authentication ··················································································· 133

Enabling Layer 3 portal authentication ······················································································································ 133

Controlling access of portal users ······························································································································ 134

Configuring a portal-free rule····························································································································· 134

Configuring an authentication source subnet ··································································································· 135

Configuring an authentication destination subnet ··························································································· 136

Setting the maximum number of online portal users ························································································ 136

Specifying an authentication domain for portal users ····················································································· 137

Configuring RADIUS related attributes ······················································································································ 137

Specifying the NAS ID value carried in a RADIUS request ············································································ 137

Specifying NAS-Port-Type for an interface ······································································································· 138