HP 5500 HI Series Configuration Manual page 203

802.1X terminals use IP addresses in 192.168.1.0/24 before authentication, and request IP
•
addresses in 3.3.3.0/24 through DHCP after passing authentication. If the terminal fails
authentication, it uses an IP address in 2.2.2.0/24.
• After passing authentication, the printer obtains the IP address 3.3.3.1 1 1/24 that is bound with its
MAC address through DHCP.
Use the remote RADIUS server to perform authentication, authorization, and accounting and
•
configure the switch to remove the ISP domain names from usernames sent to the RADIUS server.
The local portal authentication server on the switch uses listening IP address 4.4.4.4. The switch
•
sends a default authentication page to the web user and forwards authentication data by using
HTTPS.
• Configure VLAN 3 as the authorized VLAN on the RADIUS server. Users passing authentication are
added to this VLAN.
Configure VLAN 2 as the Auth-Fail VLAN on the access device. Users failing authentication are
•
added to this VLAN, and are allowed to access only the Update server.
Figure 72 Network diagram
Configuration procedure
Make sure that the terminals, the servers, and the switch can reach each other.
When using an external DHCP server, make sure that the terminals can get IP addresses from the server
before and after authentication.
1. Configure the RADIUS server, and make sure the authentication, authorization, and accounting
functions work normally. In this example, configure on the RADIUS server an 802.1X user (with
username userdot), a portal user (with username userpt), a MAC authentication user (with a
username and password both being the MAC address of the printer 001588f80dd7), and an
authorized VLAN (VLAN 3).
2. Configure PKI domain pkidm and acquire the local and CA certificates. For more information, see
"Configuring
3. Complete the editing of a self-defined default authentication page file, compress the file to a zip
file named defaultfile and save the zip file at the root directory.
4. Configure DHCP:
PKI."
190