HP 3600 v2 Series Configuration Manual page 196
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (441 pages) ,
- Security configuration manual (398 pages)
Table of Contents
Advertisement
for the assigned IP addresses and make sure there is a route to the host. To shorten the IP address
update time in case of an authentication state change, set a short lease for each address.
Because the DHCP server and the DHCP client are not in the same subnet, you need to configure
•
a DHCP relay agent on the subnet of the client. For more information about DHCP relay agent, see
Layer 3—IP Services Configuration Guide.
Perform the following configuration on the switch to implement Layer 2 portal authentication:
1.
Configure portal authentication:
# Add Ethernet ports to related VLANs and configure IP addresses for the VLAN interfaces. (Details
not shown.)
# Configure PKI domain pkidm, and apply for a local certificate and CA certificate. For more
configuration information, see
# Edit the user-defined authentication pages file, compress it into a zip file named defaultfile, and
save the file in the root directory of the access device.
# Configure SSL server policy sslsvr, and specify to use PKI domain pkidm.
<Switch> system-view
[Switch] ssl server-policy sslsvr
[Switch-ssl-server-policy-sslsvr] pki pkidm
[Switch-ssl-server-policy-sslsvr] quit
# Configure the local portal server to support HTTPS and reference SSL server policy sslsvr.
[Switch] portal local-server https server-policy sslsvr
# Configure the IP address of loopback interface 12 as 4.4.4.4.
[Switch] interface loopback 12
[Switch-LoopBack12] ip address 4.4.4.4 32
[Switch-LoopBack12] quit
# Specify IP address 4.4.4.4 as the listening IP address of the local portal server for Layer 2 portal
authentication.
[Switch] portal local-server ip 4.4.4.4
# Enable portal authentication on port Ethernet 1/0/1, and specify the Auth-Fail VLAN of the port
as VLAN 2.
[Switch] interface ethernet 1/0/1
[Switch–Ethernet1/0/1] port link-type hybrid
[Switch–Ethernet1/0/1] mac-vlan enable
[Switch–Ethernet1/0/1] portal local-server enable
[Switch–Ethernet1/0/1] portal auth-fail vlan 2
[Switch–Ethernet1/0/1] quit
2.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Switch> system-view
[Switch] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[Switch-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[Switch-radius-rs1] primary authentication 1.1.1.2
"Configuring
PKI."
183
Advertisement
Table of Contents
Troubleshooting
