Cross-Subnet Portal Authentication Across Vpns - HP 5500 HI Series Configuration Manual
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
[Switch] portal server newpt user-sync interval 600 retry 2
The product of interval and retry must be greater than or equal to the portal user heartbeat interval,
and HP recommends configuring the interval as a value greater than the portal user heartbeat
interval configured on the portal server.
Verifying the configuration
Use the following command to view information about the portal server:
<Switch> display portal server newpt
Portal server:
1)newpt:
IP
Key
Port : 50100
URL
Status
Cross-subnet portal authentication across VPNs
Network requirements
As shown in
portal authentication for hosts in VPN 1 through communication with the RADIUS server and portal
server in VPN 3.
Figure 68 Network diagram
Configuration procedure
Before enabling portal authentication, be sure to configure the MPLS L3VPN capabilities properly and
specify VPN targets for VPN 1 and VPN 3 so that VPN 1 and VPN 3 can communicate with each other.
This example gives only the access authentication configuration on the user-side PE. For information
about MPLS L3VPN, see MPLS Configuration Guide.
Configure the RADIUS server properly to provide normal authentication/accounting functions for users.
Configure Switch A:
1.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<SwitchA> system-view
[SwitchA] radius scheme rs1
# Configure the VPN instance to which the RADIUS scheme belongs as vpn3.
[SwitchA-radius-rs1] vpn-instance vpn3
: 192.168.0.111
: ******
: http://192.168.0.111:8080/portal
: Up
Figure
68, Switch A, as the PE device connecting the user side, needs to provide cross-subnet
177
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
