Configuring Extended Re-Dhcp Portal Authentication - HP FlexFabric 5700 Series Security Configuration Manual

Portal server: newpt
State: Online
Authorization ACL: 3001
VPN instance: --
MAC
0015-e9a6-7cfe

Configuring extended re-DHCP portal authentication

Network requirements
As shown in
an IP address through the DHCP server. A portal server acts as both a portal authentication server and
a portal Web server. A RADIUS server acts as the authentication/accounting server.
Configure extended re-DHCP portal authentication. Before passing portal authentication, the host is
assigned a private IP address. After passing portal identity authentication, the host obtains a public IP
address and accepts security check. If the host fails the security check, it can access only subnet
192.168.0.0/24. After passing the security check, the host can access Internet resources.
Figure 54 Network diagram
Configuration prerequisites and guidelines
• Configure IP addresses for the switch and servers as shown in
switch, and servers can reach each other.
Configure the RADIUS server properly to provide authentication and accounting functions.
•
For re-DHCP portal authentication, configure a public address pool (20.20.20.0/24) and a private
•
address pool (10.0.0.0/24) on the DHCP server. (Details not shown.)
For re-DHCP portal authentication:
•
The switch must be configured as a DHCP relay agent.
The portal-enabled interface must be configured with a primary IP address (a public IP address)
and a secondary IP address (a private IP address).
For information about DHCP relay agent configuration, see Layer 3—IP Services Configuration
Guide.
IP
2.2.2.2
Figure 54, the host is directly connected to the switch (the access device). The host obtains
VLAN Interface
100 Vlan-interface100
155
Figure 54 and make sure the host,