4000 Router Series Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

341

342

343

344

345

346

347

348

349

350

332

# Configure reachability detection of the portal authentication server: configure the server

detection interval as 40 seconds, and send log messages upon reachability status changes.

[Router-portal-server-newpt] server-detect timeout 40 log

NOTE:

The value of timeout must be greater than or equal to the portal server heartbeat interval.

# Configure portal user synchronization with the portal authentication server, and configure the

synchronization detection interval as 600 seconds.

[Router-portal-server-newpt] user-sync timeout 600

[Router-portal-server-newpt] quit

NOTE:

The value of timeout must be greater than or equal to the portal user heartbeat interval.

# Configure a portal Web server.

[Router] portal web-server newpt

[Router-portal-websvr-newpt] url http://192.168.0.111:8080/portal

[Router-portal-websvr-newpt] quit

# Enable direct portal authentication on interface Ethernet 1/2.

[Router] interface ethernet 1/2

[Router–Ethernet1/2] portal enable method direct

# Enable the portal fail-permit function for the portal authentication server newpt.

[Router–Ethernet1/2] portal fail-permit server newpt

# Reference the portal Web server newpt on interface Ethernet 1/2.

[Router–Ethernet1/2] portal apply web-server newpt

# Configure the BAS-IP as 2.2.2.1 for portal packets sent from Ethernet 1/2 to the portal

authentication server.

[Router–Ethernet1/2] portal bas-ip 2.2.2.1

[Router–Ethernet1/2] quit

Verifying the configuration

Use the following command to display information about the portal authentication server.

[Router] display portal server newpt

Portal server: newpt

IP : 192.168.0.111

VPN instance :

Port : 50100

Server Detection : Timeout 40s Action: log

User synchronization : Timeout 600s

URL : http://192.168.0.111:8080/portal

Status : Up

The Up status of the portal authentication server indicates that the portal authentication server is

reachable. If the access device detects that the portal authentication server is unreachable, the Status

field in the command output displays Down. The access device generates a server unreachable log

"portal server newpt lost" and disables portal authentication on the access interface, so the host can

access the external network without authentication.