R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

311

312

313

314

315

316

317

318

319

320

298

The prerequisites for portal authentication configuration are as follows:

• The portal server and the RADIUS server have been installed and configured correctly. Local portal

authentication requires no independent portal server be installed.

• With re-DHCP authentication, the IP address check function of the DHCP relay agent is enabled on

the access device, and the DHCP server is installed and configured correctly.

• The portal client, access device, and servers can reach each other.

• With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS

server, and the RADIUS client configurations are performed on the access device. For information

about RADIUS client configuration, see "Configuring AAA."

• To implement extended portal functions, install and configure IMC EAD, and make sure that the

ACLs configured on the access device correspond to those specified for the resources in the

quarantined area and for the restricted resources on the security policy server. For information

about security policy server configuration on the access device, see "Configuring AAA."

For installation and configuration about the security policy server, see IMC EAD Security Policy Help.

The ACL for resources in the quarantined area and that for restricted resources correspond to isolation

ACL and security ACL on the security policy server respectively.

You can modify the authorized ACLs on the access device. However, your changes take effect only for

portal users logging on after the modification.

For portal authentication to operate correctly, make sure the device name is no more than 16 characters.

Specifying the portal server

Specifying the local portal server for Layer 2 portal

authentication

The following matrix shows the feature and router compatibility:

Feature

MSR9

MSR2

0-1

MSR2

MSR30 MSR50

MSR1

000

Specifying the listening IP

address of the local portal

server for Layer 2 portal

authentication

No No No No

Supported on

MIM-FSW modules,

MSR30-11E, and

MSR30-11F

No No

Layer 2 portal authentication uses the local portal server. Specify the IP address of a Layer 3 interface on

the device that is routable to the portal client as the listening IP address of the local portal server. HP

recommends using the IP address of a loopback interface rather than a physical Layer 3 interface,

because:

• The status of a loopback interface is stable. There will be no authentication page access failures

caused by interface failures.

• A loopback interface does not forward received packets to any network, avoiding impact on system

performance when there are many network access requests.

To specify the local portal server for Layer 2 portal authentication: