Manualshelf

HP VPN Firewall Appliances Access Control Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
12345678910
iv
Portal support for EAP ········································································································································· 147
Layer 3 portal authentication process ··············································································································· 147
Portal configuration task list ········································································································································ 151
Configuration prerequisites ········································································································································· 152
Specifying the portal server for Layer 3 portal authentication ················································································ 152
Configuring the local portal server ···························································································································· 153
Customizing authentication pages ···················································································································· 153
Configuring the protocol type and welcome banner for the local portal server ·········································· 157
Enabling Layer 3 portal authentication ······················································································································ 157
Configuration prerequisites ································································································································ 157
Configuration guidelines ···································································································································· 158
Configuration procedure ···································································································································· 158
Controlling access of portal users ······························································································································ 158
Configuring an IPv4 portal-free rule ·················································································································· 158
Configuring an IPv4 authentication source subnet ·························································································· 159
Setting the maximum number of online portal users ························································································ 159
Specifying a portal authentication domain ······································································································ 160
Configuring RADIUS related attributes ······················································································································ 160
Specifying NAS-Port-Type for an interface ······································································································· 160
Specifying the NAS-Port-ID for an interface ····································································································· 161
Specifying a NAS ID profile for an interface ··································································································· 161
Specifying a source IPv4 address for outgoing portal packets ··············································································· 162
Specifying an autoredirection URL for authenticated portal users ·········································································· 162
Configuring portal detection functions ······················································································································· 163
Configuring online Layer 3 portal user detection ···························································································· 163
Configuring the portal server detection function ······························································································ 164
Configuring portal user information synchronization ······················································································ 165
Logging off portal users ··············································································································································· 166
Displaying and maintaining portal ···························································································································· 166
Portal configuration examples ···································································································································· 167
Configuring direct portal authentication ··········································································································· 167
Configuring re-DHCP portal authentication ······································································································ 169
Configuring cross-subnet portal authentication ································································································ 171
Configuring direct portal authentication with extended functions·································································· 173
Configuring re-DHCP portal authentication with extended functions ···························································· 175
Configuring cross-subnet portal authentication with extended functions ······················································· 178
Configuring portal server detection and portal user information synchronization ······································· 180
Troubleshooting portal ················································································································································· 182
Inconsistent keys on the access device and the portal server ········································································· 182
Incorrect server port number on the access device ·························································································· 183
Configuring AAA ···················································································································································· 184
Overview ······································································································································································· 184
RADIUS ································································································································································· 185
HWTACACS ························································································································································ 190
Domain-based user management ······················································································································ 192
AAA for VPNs ······················································································································································ 193
Protocols and standards ····································································································································· 194
RADIUS attributes ················································································································································ 194
Configuring AAA at the CLI ········································································································································ 197
Configuring local users ······································································································································· 198
Configuring RADIUS schemes ···························································································································· 204
Configuring HWTACACS schemes ··················································································································· 215
Configuring AAA methods for ISP domains ····································································································· 221
Tearing down user connections ························································································································· 230