R0106-HP MSR Router Series Security Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR4060 Router Chassis

iii

Configuring MAC authentication ······························································································································ 99

Overview ········································································································································································· 99

User account policies ············································································································································ 99

Authentication methods········································································································································· 99

Authorization VLAN assignment ························································································································ 100

Feature and hardware compatibility ·························································································································· 100

Configuration prerequisites ········································································································································· 100

Configuration task list ·················································································································································· 101

Enabling MAC authentication ···································································································································· 101

Specifying a MAC authentication domain ················································································································ 102

Configuring the user account format ·························································································································· 102

Configuring MAC authentication timers ···················································································································· 102

Setting the maximum number of concurrent MAC authentication users on a port ················································ 103

Configuring MAC authentication delay ····················································································································· 103

Enabling MAC authentication multi-VLAN mode ······································································································ 104

Configuring the keep-online feature ··························································································································· 104

Displaying and maintaining MAC authentication ···································································································· 105

MAC authentication configuration examples ············································································································ 105

Local MAC authentication configuration example··························································································· 105

RADIUS-based MAC authentication configuration example··········································································· 107

Configuring portal authentication ·························································································································· 110

Extended portal functions ··································································································································· 110

Portal system components ··································································································································· 110

Interaction between portal system components ································································································ 112

Portal authentication modes ······························································································································· 112

Portal authentication process ····························································································································· 113

Portal configuration task list ········································································································································ 115

Configuring a portal authentication server················································································································ 116

Configuring a portal Web server ······························································································································· 117

Enabling portal authentication on an interface ········································································································· 117

Configuration restrictions and guidelines ········································································································· 117

Configuration procedure ···································································································································· 118

Referencing a portal Web server for an interface ···································································································· 118

Controlling portal user access ···································································································································· 119

Configuring a portal-free rule····························································································································· 119

Configuring an authentication source subnet ··································································································· 120

Configuring an authentication destination subnet ··························································································· 121

Setting the maximum number of portal users ··································································································· 121

Specifying a portal authentication domain ······································································································ 122

Configuring portal detection functions ······················································································································· 123

Configuring online detection of portal users ···································································································· 123

Configuring portal authentication server detection ·························································································· 123

Configuring portal Web server detection ········································································································· 124

Configuring portal user synchronization ··········································································································· 125

Configuring the portal fail-permit function ················································································································· 126

Configuring BAS-IP for unsolicited portal packets sent to the portal authentication server ·································· 127

Enabling portal roaming ············································································································································· 127

Logging out portal users ·············································································································································· 128

Displaying and maintaining portal ···························································································································· 128

Portal configuration examples ···································································································································· 129

Configuring direct portal authentication ··········································································································· 129

Configuring re-DHCP portal authentication ······································································································ 134