HP MSR2000/3000/4000 Router Series Security Configuration Guide
viii
Configuring a portal authentication server················································································································ 299
Configuring a portal Web server ······························································································································· 300
Enabling portal authentication on an interface ········································································································· 300
Configuration restrictions and guidelines ········································································································· 300
Configuration procedure ···································································································································· 301
Referencing a portal Web server for an interface ···································································································· 301
Controlling portal user access ···································································································································· 302
Configuring a portal-free rule····························································································································· 302
Configuring an authentication source subnet ··································································································· 303
Configuring an authentication destination subnet ··························································································· 304
Setting the maximum number of portal users ··································································································· 304
Specifying a portal authentication domain ······································································································ 305
Configuring portal detection functions ······················································································································· 306
Configuring online detection of portal users ···································································································· 306
Configuring portal authentication server detection ·························································································· 306
Configuring portal Web server detection ········································································································· 307
Configuring portal user synchronization ··········································································································· 308
Configuring the portal fail-permit function ················································································································· 309
Configuring BAS-IP for unsolicited portal packets sent to the portal authentication server ·································· 309
Enabling portal roaming ············································································································································· 310
Logging out portal users ·············································································································································· 310
Displaying and maintaining portal ···························································································································· 311
Portal configuration examples ···································································································································· 311
Configuring direct portal authentication ··········································································································· 311
Configuring re-DHCP portal authentication ······································································································ 316
Configuring cross-subnet portal authentication ································································································ 319
Configuring extended direct portal authentication ·························································································· 320
Configuring extended re-DHCP portal authentication ····················································································· 322
Configuring extended cross-subnet portal authentication ··············································································· 325
Configuring portal server detection and portal user synchronization ··························································· 327
Configuring cross-subnet portal authentication for MPLS L3VPNs ································································· 333
Troubleshooting portal ················································································································································· 335
No portal authentication page is pushed for users ························································································· 335
Cannot log out portal users on the access device ··························································································· 335
Cannot log out portal users on the RADIUS server ·························································································· 336
Users logged out by the access device still exist on the portal authentication server ·································· 336
Re-DHCP portal authenticated users cannot log in successfully······································································ 336
Configuring FIPS······················································································································································ 338
Overview ······································································································································································· 338
Configuration restrictions and guidelines ·················································································································· 338
Configuring FIPS mode ················································································································································ 339
Entering FIPS mode ············································································································································· 339
Configuration changes in FIPS mode ················································································································ 340
Exiting FIPS mode ················································································································································ 341
FIPS self-tests ································································································································································· 342
Power-up self-tests ················································································································································ 342
Conditional self-tests ············································································································································ 343
Triggering self-tests ·············································································································································· 343
Displaying and maintaining FIPS ······························································································································· 343
FIPS configuration examples ······································································································································· 343
Entering FIPS mode through automatic reboot ································································································· 343
Entering FIPS mode through manual reboot ····································································································· 344
Exiting FIPS mode through automatic reboot ··································································································· 346
Exiting FIPS mode through manual reboot ······································································································· 346