HP 5120 SI Series Security Configuration Manual page 5

Configuration prerequisites ································································································································ 101
Configuration procedure ···································································································································· 101
Displaying and maintaining MAC authentication ···································································································· 101
MAC authentication configuration examples ············································································································ 102
Local MAC authentication configuration example··························································································· 102
RADIUS-based MAC authentication configuration example··········································································· 103
ACL assignment configuration example············································································································ 105
Portal configuration ················································································································································· 108
Overview ······································································································································································· 108
Extended portal functions ··································································································································· 108
Portal system components ··································································································································· 108
Portal system using the local portal server ········································································································ 110
Portal authentication modes ······························································································································· 111
Portal support for EAP ········································································································································· 111
Layer 2 portal authentication process ··············································································································· 112
Layer 3 portal authentication process ··············································································································· 113
Portal configuration task list ········································································································································ 116
Configuration prerequisites ········································································································································· 117
Specifying the portal server ········································································································································ 118
Specifying the local portal server for Layer 2 portal authentication ······························································ 118
Specifying a portal server for Layer 3 portal authentication ·········································································· 118
Configuring the local portal server ···························································································································· 119
Customizing authentication pages ···················································································································· 119
Configuring the local portal server ···················································································································· 122
Enabling portal authentication ···································································································································· 123
Enabling Layer 2 portal authentication ············································································································· 123
Enabling Layer 3 portal authentication ············································································································· 123
Controlling access of portal users ······························································································································ 124
Configuring a portal-free rule····························································································································· 124
Configuring an authentication source subnet ··································································································· 125
Setting the maximum number of online portal users ························································································ 126
Specifying an authentication domain for portal users ····················································································· 126
Configuring Layer 2 portal authentication to support web proxy ·································································· 127
Enabling support for portal user moving ·········································································································· 127
Specifying an Auth-Fail VLAN for portal authentication ·························································································· 128
Configuring RADIUS related attributes ······················································································································ 128
Specifying NAS-Port-Type for an interface ······································································································· 129
Specifying a NAS ID profile for an interface ··································································································· 129
Specifying a source IP address for outgoing portal packets ··················································································· 130
Specifying an auto redirection URL for authenticated portal users ········································································· 130
Configuring portal detection functions ······················································································································· 131
Configuring online Layer 2 portal user detection ···························································································· 131
Configuring the portal server detection function ······························································································ 131
Configuring portal user information synchronization ······················································································ 133
Logging off portal users ··············································································································································· 134
Displaying and maintaining portal ···························································································································· 134
Portal configuration examples ···································································································································· 135
Configuring direct portal authentication ··········································································································· 135
Configuring cross-subnet portal authentication ································································································ 142
Configuring direct portal authentication with extended functions·································································· 144
Configuring cross-subnet portal authentication with extended functions ······················································· 146
Configuring portal server detection and portal user information synchronization ······································· 148
Configuring Layer 2 portal authentication ········································································································ 156
Troubleshooting portal ················································································································································· 159
iii