Manualshelf

R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router
12345678910
iii
Configuring the redirect URL ······································································································································· 107
Setting the EAD rule timer ··········································································································································· 107
Displaying and maintaining EAD fast deployment ··································································································· 107
EAD fast deployment configuration example ············································································································ 108
Network requirements ········································································································································· 108
Configuration procedure ···································································································································· 108
Verifying the configuration ································································································································· 109
Troubleshooting EAD fast deployment ······················································································································· 110
Web browser users cannot be correctly redirected ························································································ 110
Configuring MAC authentication ··························································································································· 111
Overview ······································································································································································· 111
User account policies ·········································································································································· 111
Authentication methods······································································································································· 111
MAC authentication timers ································································································································· 112
Using MAC authentication with other features ········································································································· 112
VLAN assignment ················································································································································ 112
ACL assignment ··················································································································································· 112
Configuration task list ·················································································································································· 112
Basic configuration for MAC authentication ············································································································· 113
Configuring MAC authentication globally ········································································································ 113
Configuring MAC authentication on a port ····································································································· 114
Specifying a MAC authentication domain ················································································································ 114
Displaying and maintaining MAC authentication ···································································································· 115
MAC authentication configuration examples ············································································································ 115
Local MAC authentication configuration example··························································································· 115
RADIUS-based MAC authentication configuration example··········································································· 117
ACL assignment configuration example············································································································ 119
Configuring portal authentication ·························································································································· 121
Overview ······································································································································································· 121
Extended portal functions ··································································································································· 121
Portal system components ··································································································································· 121
Portal authentication modes ······························································································································· 123
Portal support for EAP ········································································································································· 124
Layer 3 portal authentication process ··············································································································· 124
Portal stateful failover ·········································································································································· 128
Portal authentication across VPNs ····················································································································· 129
Portal configuration task list ········································································································································ 130
Configuration prerequisites ········································································································································· 130
Specifying a portal server for Layer 3 portal authentication ··················································································· 131
Enabling Layer 3 portal authentication ······················································································································ 131
Controlling access of portal users ······························································································································ 132
Configuring a portal-free rule····························································································································· 132
Configuring an authentication source subnet ··································································································· 133
Configuring an authentication destination subnet ··························································································· 134
Setting the maximum number of online portal users ························································································ 134
Specifying an authentication domain for portal users ····················································································· 135
Configuring RADIUS related attributes ······················································································································ 135
Specifying the NAS ID value carried in a RADIUS request ············································································ 135
Specifying NAS-Port-Type for an interface ······································································································· 136
Specifying the NAS-Port-ID for an interface ····································································································· 136
Specifying a NAS ID profile for an interface ··································································································· 137
Specifying a source IP address for outgoing portal packets ··················································································· 138
Specifying a device ID for the access device ··········································································································· 138