HP 6600 Security Configuration Manual page 6

Specifying the NAS-Port-ID for an interface ····································································································· 138
Specifying a NAS ID profile for an interface ··································································································· 139
Specifying a source IP address for outgoing portal packets ··················································································· 140
Configuring portal stateful failover ····························································································································· 140
Specifying an autoredirection URL for authenticated portal users ·········································································· 142
Configuring portal detection functions ······················································································································· 142
Configuring online Layer 3 portal user detection ···························································································· 142
Configuring the portal server detection function ······························································································ 143
Configuring portal user information synchronization ······················································································ 145
Logging off portal users ··············································································································································· 145
Displaying and maintaining portal ···························································································································· 146
Portal configuration examples ···································································································································· 147
Configuring direct portal authentication ··········································································································· 147
Configuring re-DHCP portal authentication ······································································································ 151
Configuring cross-subnet portal authentication ································································································ 153
Configuring direct portal authentication with extended functions·································································· 155
Configuring re-DHCP portal authentication with extended functions ···························································· 157
Configuring cross-subnet portal authentication with extended functions ······················································· 160
Configuring portal stateful failover(6600/HSR6600) ····················································································· 162
Configuring portal server detection and portal user information synchronization ······································· 169
Cross-subnet portal authentication across Vans ······························································································· 174
Troubleshooting portal ················································································································································· 176
Inconsistent keys on the access device and the portal server ········································································· 176
Incorrect server port number on the access device ·························································································· 177
Configuring port security ········································································································································ 178
Overview ······································································································································································· 178
Configuring port security ···································································································································· 178
Port security modes ············································································································································· 179
Working with guest VLAN and Auth-Fail VLAN ······························································································ 181
Configuration task list ·················································································································································· 181
Enabling port security ·················································································································································· 182
Setting port security's limit on the number of MAC addresses on a port······························································· 182
Setting the port security mode ···································································································································· 183
Configuration prerequisites ································································································································ 183
Configuration procedure ···································································································································· 183
Configuring port security features ······························································································································ 184
Configuring NTK ················································································································································· 184
Configuring intrusion protection ························································································································ 184
Enabling port security traps ································································································································ 185
Configuring secure MAC addresses ·························································································································· 185
Configuration prerequisites ································································································································ 186
Configuration procedure ···································································································································· 186
Ignoring authorization information from the server ·································································································· 187
Displaying and maintaining port security ·················································································································· 188
Port security configuration examples ························································································································· 188
Configuring the autoLearn mode ······················································································································· 188
Configuring the userLoginWithOUI mode ········································································································ 190
Configuring the macAddressElseUserLoginSecure mode ················································································ 195
Troubleshooting port security ······································································································································ 198
Cannot set the port security mode ····················································································································· 198
Cannot configure secure MAC addresses ········································································································ 198
Cannot change port security mode when a user is online ·············································································· 199
iv