HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

241

242

243

244

245

246

247

248

249

250

239

Configuring the firewall

# Create a RADIUS scheme named rs1 and enter its view.

<Firewall> system-view

[Firewall] radius scheme rs1

# Set the server type for the RADIUS scheme. When using IMC, set the server type to extended.

[Firewall-radius-rs1] server-type extended

# Specify the primary authentication server and primary accounting server, and configure the keys for

communication with the servers.

[Firewall-radius-rs1] primary authentication 10.1.1.1

[Firewall-radius-rs1] primary accounting 10.1.1.1

[Firewall-radius-rs1] key authentication expert

[Firewall-radius-rs1] key accounting expert

# Include the domain names in usernames sent to the RADIUS server.

[Firewall-radius-rs1] user-name-format with-domain

[Firewall-radius-rs1] quit

Configure an authentication domain:

# Create an ISP domain named dm1 and enter its view.

[Firewall] domain dm1

# Configure the ISP domain to use RADIUS scheme rs1.

[Firewall-isp-dm1] authentication portal radius-scheme rs1

[Firewall-isp-dm1] authorization portal radius-scheme rs1

[Firewall-isp-dm1] accounting portal radius-scheme rs1

[Firewall-isp-dm1] quit

# Configure dm1 as the default ISP domain for all users. Then, if a user enters a username without any

ISP domain at login, the authentication and accounting methods of the default domain will be used for

the user.

[Firewall] domain default enable dm1

Configure portal authentication:

# Configure the portal server.

[Firewall] portal server newpt ip 10.1.1.1 key portal port 50100 url

http://10.1.1.1:8080/portal

# Enable portal authentication on the interface connecting the host.

[Firewall] interface gigabitethernet 0/1

[Firewall-GigabitEthernet0/1] portal server newpt method direct

[Firewall-GigabitEthernet0/1] quit

Verifying the configuration

The user can initiate portal authentication by using the HP iNode client or by accessing a Web page. All

the initiated Web requests will be redirected to the portal authentication page at

http://10.1.1.1:8080/portal. Before passing portal authentication, the user can access only the

authentication page. After passing portal authentication, the user can access the Internet.

# After the user passes portal authentication, view the portal user information on the firewall.

[Firewall] display portal user interface gigabitethernet 0/1

Index:19

State:ONLINE