Configuring Extended Direct Portal Authentication - HPE FlexNetwork 7500 Series Security Configuration Manual

A user can perform portal authentication by using the HPE iNode client or through a Web browser.
Before passing the authentication, the user can access only the authentication page
http://192.168.0.111:8080/portal. All Web requests from the user will be redirected to the
authentication page. After passing the authentication, the user can access other network resources.
# After the user passes authentication, use the following command to display information about the
portal user.
[SwitchA] display portal user interface vlan-interface 4
Total portal users: 1
Username: abc
Portal server: newpt
State: Online
VPN instance: N/A
MAC
0000-0000-0000
Authorization information:
DHCP IP pool: N/A
ACL: N/A
CAR: N/A

Configuring extended direct portal authentication

Network requirements
As shown in
assigned a public IP address either manually or through DHCP. A portal server acts as both a portal
authentication
authentication/accounting server.
Configure extended direct portal authentication. If the host fails security check after passing identity
authentication, it can access only subnet 192.168.0.0/24. After passing security check, the host can
access other network resources.
Figure 62 Network diagram
Host
2.2.2.2/24
Gateway: 2.2.2.1/24
Configuration prerequisites
•
Configure IP addresses for the host, switch, and servers as shown in
they can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
IP
8.8.8.2
Figure 62, the host is directly connected to the switch (the access device). The host is
server and a
Vlan-int100
Vlan-int2
2.2.2.1/24
192.168.0.100/24
Switch
VLAN Interface
4 Vlan-interface4
portal Web server.
Portal server
192.168.0.111/24
RADIUS server
192.168.0.112/24
Security policy server
192.168.0.113/24
196
A RADIUS server
Figure 62
acts as the
and make sure