HPE FlexNetwork 7500 Series Security Configuration Manual page 6

Portal system components ····················································································································· 151
Portal system using the local portal Web server ···················································································· 153
Interaction between portal system components ····················································································· 153
Portal authentication modes ··················································································································· 154
Portal support for EAP ··························································································································· 154
Portal authentication process ················································································································· 155
Portal filtering rules ································································································································ 157
MAC-based quick portal authentication ································································································· 157
Portal configuration task list ··························································································································· 158
Configuration prerequisites ···························································································································· 159
Configuring a portal authentication server ····································································································· 159
Configuring a portal Web server ···················································································································· 160
Enabling portal authentication ························································································································ 161
Configuration restrictions and guidelines ······························································································· 161
Configuration procedure ························································································································· 162
Specifying a portal Web server ······················································································································ 162
Controlling portal user access ························································································································ 163
Configuring a portal-free rule ················································································································· 163
Configuring an authentication source subnet ························································································· 164
Configuring an authentication destination subnet ·················································································· 165
Setting the maximum number of portal users ························································································ 165
Specifying a portal authentication domain ····························································································· 166
Specifying a preauthentication domain ·································································································· 167
Specifying a preauthentication IP address pool for portal users ···························································· 167
Enabling strict-checking on portal authorization information ·································································· 168
Enabling portal authentication only for DHCP users ·············································································· 169
Enabling outgoing packets filtering on a portal-enabled interface ·························································· 169
Configuring portal detection features ············································································································· 170
Configuring online detection of portal users ··························································································· 170
Configuring portal authentication server detection ················································································· 171
Configuring portal Web server detection ································································································ 172
Configuring portal user synchronization ································································································· 172
Configuring the portal fail-permit feature ········································································································ 173
Configuring BAS-IP for unsolicited portal packets sent to the portal authentication server ··························· 174
Enabling portal roaming ································································································································· 174
Specifying a format for the NAS-Port-ID attribute ·························································································· 175
Logging out online portal users ······················································································································ 175
Configuring Web redirect ······························································································································· 176
Applying a NAS-ID profile to an interface ······································································································ 176
Configuring the local portal Web server feature ····························································································· 177
Customizing authentication pages ········································································································· 177
Configuring a local portal Web server ···································································································· 179
Enabling ARP or ND entry conversion for portal clients ················································································ 180
Configuring HTTPS redirect ··························································································································· 180
Configuring MAC-based quick portal authentication ······················································································ 181
Configuring a MAC binding server ········································································································· 181
Specifying a MAC binding server on an interface ·················································································· 182
Enabling logging for user logins and logouts ································································································· 182
Displaying and maintaining portal ·················································································································· 182
Portal configuration examples ························································································································ 183
Configuring direct portal authentication ·································································································· 183
Configuring re-DHCP portal authentication ···························································································· 189
Configuring cross-subnet portal authentication ······················································································ 193
Configuring extended direct portal authentication ·················································································· 196
Configuring extended re-DHCP portal authentication ············································································ 199
Configuring extended cross-subnet portal authentication ······································································ 203
Configuring portal server detection and portal user synchronization ····················································· 207
Configuring cross-subnet portal authentication for MPLS L3VPNs························································ 212
Configuring direct portal authentication with a preauthentication domain ·············································· 214
Configuring re-DHCP portal authentication with a preauthentication domain ········································ 216
Configuring direct portal authentication using local portal Web server ·················································· 218
Troubleshooting portal ··································································································································· 221
iv