Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
171172173174175176177178179180
173
[Firewall-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username
without any ISP domain at logon, the authentication and accounting methods of the default
domain are used for the user.
[Firewall] domain default enable dm1
3. Configure portal authentication:
# Configure the portal server as follows:
{ Name: newpt
{ IP address: 192.168.0.111
{ Key: portal
{ Port number: 50100
{ U R L : h t t p : / / 19 2 .16 8 . 0 .111:8080/portal
[Firewall] portal server newpt ip 192.168.0.111 key portal port 50100 url
http://192.168.0.111:8080/portal
# Enable Layer 3 portal authentication on the interface connecting the router.
[Firewall] interface gigabitethernet 0/2
[Firewall–GigabitEthernet0/2] portal server newpt method layer3
[Firewall–GigabitEthernet0/2] quit
On the router, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown.)
Configuring direct portal authentication with extended
functions
Network requirements
As shown in Figure 124, the host is assigned with a public network IP address either manually or through
DHCP.
Configure the firewall to perform extended direct portal authentication for users on the host. If a user fails
security check after passing identity authentication, the user can access only subnet 192.168.0.0/24.
After the user passes security check, the user can access Internet resources.
A RADIUS server serves as the authentication/accounting server.