HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

151

152

153

154

155

156

157

158

159

160

152

Task Remarks

Specifying an autoredirection URL for authenticated portal users Optional.

Configuring portal detection

functions

Configuring online Layer 3 portal user detection

Optional.

Configuring the portal server detection function

Configuring portal user information synchronization

Logging off portal users Optional.

Configuration prerequisites

Although the portal feature provides a solution for user identity authentication and security check, the

portal feature cannot implement this solution by itself. RADIUS authentication must be configured on the

access device to cooperate with the portal feature to complete user authentication.

The prerequisites for portal authentication configuration are as follows:

• The portal server and the RADIUS server have been installed and configured correctly. Local portal

authentication requires no independent portal server be installed.

• With re-DHCP authentication, the IP address check function of the DHCP relay agent is enabled on

the access device, and the DHCP server is installed and configured correctly.

• The portal client, access device, and servers can reach each other.

• With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS

server, and the RADIUS client configurations are performed on the access device. For information

about RADIUS client configuration, see "Configuring AAA."

• To implement extended portal functions, install and configure IMC EAD, and make sure that the

ACLs configured on the access device correspond to those specified for the resources in the

quarantined area and for the restricted resources on the security policy server. For information

about security policy server configuration on the access device, see "Configuring AAA."

For installation and configuration about the security policy server, see IMC EAD Security Policy Help.

The ACL for resources in the quarantined area and that for restricted resources correspond to isolation

ACL and security ACL on the security policy server respectively.

You can modify the authorized ACLs on the access device. However, your changes take effect only for

portal users logging on after the modification.

For portal authentication to operate correctly, make sure the device name is no more than 16 characters.

Specifying the portal server for Layer 3 portal

authentication

Perform this task to specify portal server parameters for Layer 3 portal authentication, including the portal

server IP address, shared encryption key, server port, and the URL address for Web authentication.

According to the networking environment, you can configure a remote portal server or a local portal

server as needed.

• To configure a remote portal server, specify the IP address of the remote portal server.