HP 3600 v2 Series Configuration Manual page 186
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
[SwitchA] interface vlan-interface 20
[SwitchA–Vlan-interface20] vrrp vrid 2 virtual-ip 192.168.0.1
# Set the priority of VLAN-interface 20 in VRRP group 2 to 200.
[SwitchA–Vlan-interface20] vrrp vrid 2 priority 200
# On VLAN-interface 20, configure the interface to be tracked as VLAN-interface 10 and reduce
the priority of VLAN-interface 20 in VRRP group 2 by 150 when the interface state of
VLAN-interface 10 becomes Down or Removed.
[SwitchA–Vlan-interface20] vrrp vrid 2 track interface vlan-interface10 reduced 150
[SwitchA–Vlan-interface20] quit
2.
Configure a RADIUS scheme:
# Create RADIUS scheme rs1 and enter its view.
[SwitchA] radius scheme rs1
# Configure the server type for the RADIUS scheme. When using the IMC server, configure the
RADIUS server type as extended.
[SwitchA-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[SwitchA-radius-rs1] primary authentication 192.168.0.111
[SwitchA-radius-rs1] primary accounting 192.168.0.111
[SwitchA-radius-rs1] key authentication simple expert
[SwitchA-radius-rs1] key accounting simple expert
# Configure the access device to not carry the ISP domain name in the username sent to the
RADIUS server. (Optional, configure the username format as needed.)
[SwitchA-radius-rs1] user-name-format without-domain
[SwitchA-radius-rs1] quit
3.
Configure an authentication domain:
# Create ISP domain dm1 and enter its view.
[SwitchA] domain dm1
# Configure AAA methods for the ISP domain.
[SwitchA-isp-dm1] authentication portal radius-scheme rs1
[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username
without any ISP domain at logon, the authentication and accounting methods of the default
domain are used for the user.
[SwitchA] domain default enable dm1
4.
Enable portal authentication on the interface connecting the host:
# Configure a portal server on the switch, making sure the IP address, port number and URL match
those of the actual portal server.
[SwitchA] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting the host.
[SwitchA] interface vlan-interface 10
[SwitchA–Vlan-interface10] portal server newpt method layer3
173
Advertisement
Table of Contents
Troubleshooting
