HP 3600 v2 Series Security Configuration Manual page 207
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
Configure the RADIUS server, and make sure the authentication, authorization, and accounting
1.
functions work normally. In this example, configure on the RADIUS server an 802.1X user (with
username userdot), a portal user (with username userpt), a MAC authentication user (with a
username and password both being the MAC address of the printer 001588f80dd7), and an
authorized VLAN (VLAN 3).
Configure PKI domain pkidm and acquire the local and CA certificates. For more information, see
2.
the chapter "PKI configuration."
Complete the editing of a self-defined default authentication page file, compress the file to a zip
3.
file named defaultfile and save the zip file at the root directory.
Configure DHCP.
4.
# Configure VLANs and IP addresses for the VLAN interfaces, and add ports to specific VLANs. (Details
not shown)
# Enable DHCP.
<Switch> system-view
[Switch] dhcp enable
# Exclude the IP address of the update server from assignment.
[Switch] dhcp server forbidden-ip 2.2.2.2
# Configure IP address pool 1, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals passing
or failing authentication.
[Switch] dhcp server ip-pool 1
[Switch-dhcp-pool-1] network 192.168.1.0 mask 255.255.255.0
[Switch-dhcp-pool-1] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-1] gateway-list 192.168.1.1
[Switch-dhcp-pool-1] quit
NOTE:
A short lease is recommended to shorten the time that terminals use to re-acquire IP addresses after
passing or failing authentication. However, in some applications, a terminal can require a new IP address
before the lease duration expires. For example, the iNode 802.1X client automatically renews its IP
address after disconnecting from the server.
# Configure IP address pool 2, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals pass
authentication.
[Switch] dhcp server ip-pool 2
[Switch-dhcp-pool-2] network 2.2.2.0 mask 255.255.255.0
[Switch-dhcp-pool-2] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-2] gateway-list 2.2.2.1
[Switch-dhcp-pool-2] quit
# Configure IP address pool 3, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals are
offline.
[Switch] dhcp server ip-pool 3
[Switch-dhcp-pool-3] network 3.3.3.0 mask 255.255.255.0
[Switch-dhcp-pool-3] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-3] gateway-list 3.3.3.1
196
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
