HP 5120 SI Series Security Configuration Manual page 179

Hide thumbs Also See for 5120 SI Series:
Table of Contents

Advertisement

NOTE:
Make sure that the terminals, the servers, and the switch can reach each other.
When using an external DHCP server, ensure that the terminals can get IP addresses from the server
before and after authentication.
Complete the configuration on the RADIUS server, and make sure the authentication, authorization, and
accounting functions work normally. In this example, configure on the RADIUS server an 802.1X user
(with username userdot), a portal user (with username userpt), a MAC authentication user (with a
username and password both being the MAC address of the printer 001588f80dd7), and an
authorized VLAN (VLAN 3).
Complete the configuration of PKI domain pkidm and acquire the local and CA certificates. For more
information, see the chapter "PKI configuration."
Complete the editing of a self-defined default authentication page file, compress the file to a zip file
named defaultfile and save the zip file at the root directory.
1.
Configure DHCP
# Configure VLANs and IP addresses for the VLAN interfaces, and add ports to specific VLANs
(omitted).
# Enable DHCP.
<Switch> system-view
[Switch] dhcp enable
# Exclude the IP address of the update server from assignment.
[Switch] dhcp server forbidden-ip 2.2.2.2
# Configure IP address pool 1, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals passing
or failing authentication.
[Switch] dhcp server ip-pool 1
[Switch-dhcp-pool-1] network 192.168.1.0 mask 255.255.255.0
[Switch-dhcp-pool-1] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-1] gateway-list 192.168.1.1
[Switch-dhcp-pool-1] quit
NOTE:
A short lease is recommended to shorten the time that terminals use to re-acquire IP addresses after
passing or failing authentication. However, in some applications, a terminal can require a new IP address
before the lease duration expires. For example, the iNode 802.1X client automatically renews its IP
address after disconnecting from the server.
# Configure IP address pool 2, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals pass
authentication.
[Switch] dhcp server ip-pool 2
[Switch-dhcp-pool-2] network 2.2.2.0 mask 255.255.255.0
[Switch-dhcp-pool-2] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-2] gateway-list 2.2.2.1
[Switch-dhcp-pool-2] quit
167

Advertisement

Table of Contents
loading

Table of Contents