Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
181182183184185186187188189190
178
# Enable portal authentication on the interface connecting the host.
[Firewall–GigabitEthernet0/2] portal server newpt method redhcp
[Firewall–GigabitEthernet0/2] quit
Configuring cross-subnet portal authentication with extended
functions
Network requirements
As shown in Figure 126, configure the firewall to perform extended cross-subnet portal authentication for
users on the host. If a user fails security check after passing identity authentication, the user can access
only subnet 192.168.0.0/24. After passing the security check, the user can access Internet resources.
A RADIUS server serves as the authentication/accounting server.
Figure 126 Network diagram
Configuration prerequisites and guidelines
Configure IP addresses for the host, firewalls, and servers as shown in Figure 126 and make sure
routes are available between devices.
Configure the RADIUS server correctly to provide authentication and accounting functions for users.
Make sure the IP address of the portal device added on the portal server is the IP address of the
interface connecting users (20.20.20.1 in this example), and the IP address group associated with
the portal device is the network segment where the users reside (8.8.8.0/24 in this example).
Configuration procedure
1. Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Firewall> system-view
[Firewall] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[Firewall-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.