HP 3600 v2 Series Security Configuration Manual page 187
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
# Configure the server type for the RADIUS scheme. When using the iMC server, configure the RADIUS
server type as extended.
[SwitchA-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys for
communication with the servers.
[SwitchA-radius-rs1] primary authentication 192.168.0.111
[SwitchA-radius-rs1] primary accounting 192.168.0.111
[SwitchA-radius-rs1] key authentication expert
[SwitchA-radius-rs1] key accounting expert
# Configure the access device to not carry the ISP domain name in the username sent to the RADIUS
server. (Optional, configure the username format as needed.)
[SwitchA-radius-rs1] user-name-format without-domain
[SwitchA-radius-rs1] quit
Configure an authentication domain
•
# Create ISP domain dm1 and enter its view.
[SwitchA] domain dm1
# Configure AAA methods for the ISP domain.
[SwitchA-isp-dm1] authentication portal radius-scheme rs1
[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username
without any ISP domain at logon, the authentication and accounting methods of the default domain are
used for the user.
[SwitchA] domain default enable dm1
•
Enable portal authentication on the interface connecting the host
# Configure a portal server on the switch, making sure that the IP address, port number and URL match
those of the actual portal server.
[SwitchA]
portal
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting the host.
[SwitchA] interface vlan-interface 10
[SwitchA–Vlan-interface10] portal server newpt method layer3
# Specify the source IP address of outgoing portal packets as 9.9.1.1, the virtual IP address of VRRP group
1.
[SwitchA–Vlan-interface10] portal nas-ip 9.9.1.1
•
Configure portal stateful failover
# Assign interface VLAN-interface 10 to portal group 1.
[SwitchA–Vlan-interface10] portal backup-group 1
[SwitchA–Vlan-interface10] quit
# Set the device ID for Switch A in stateful failover mode to 1.
[SwitchA] nas device-id 1
# Specify the source IP address of outgoing RADIUS packets as 192.168.0.1, the virtual IP address of
VRRP group 2.
server
newpt
ip
176
192.168.0.111
key
portal
port
50100
url
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
