1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 12500 Series
  6. Configuration manual

HP 12500 Series Configuration Manual page 144

Routing
Hide thumbs Also See for 12500 Series:
Table of Contents

Advertisement

Configuration prerequisites and guidelines
Make sure the IP address of the portal device added on the portal server is the IP address of the
interface connecting users (20.20.20.1 in this example), and the IP address group associated with
the portal device is the network segment where the users reside (8.8.8.0/24 in this example).
Configure IP addresses for the host, switches, and servers as shown in
can reach each other.
Configure the RADIUS server properly to provide authentication and accounting for users.
Configuration procedure
Configure a RADIUS scheme:
1.
# Create a RADIUS scheme named rs1 and enter its view.
<SwitchA> system-view
[SwitchA] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, you need set the server
type to extended.
[SwitchA-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[SwitchA-radius-rs1] primary authentication 192.168.0.112
[SwitchA-radius-rs1] primary accounting 192.168.0.112
[SwitchA-radius-rs1] key accounting simple radius
[SwitchA-radius-rs1] key authentication simple radius
# Specify to exclude ISP domain from the usernames to be sent to the RADIUS server.
[SwitchA-radius-rs1] user-name-format without-domain
# Configure the IP address of the security policy server.
[SwitchA-radius-rs1] security-policy-server 192.168.0.113
[SwitchA-radius-rs1] quit
Configure an authentication domain:
2.
# Create an ISP domain named dm1 and enter its view.
[SwitchA] domain dm1
# Configure AAA methods for the ISP domain.
[SwitchA-isp-dm1] authentication portal radius-scheme rs1
[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure dm1 as the default ISP domain for all users. Then, if a user enters the username without
the ISP domain at login, the authentication and accounting methods of the default domain are used
for the user.
[SwitchA] domain default enable dm1
Configure the ACL (ACL 3000 ) for resources on segment 192.168.0.0/24 and the ACL (ACL
3.
3001) for Internet resources.
NOTE:
On the security policy server, specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL.
[SwitchA] acl number 3000
134
Figure 49
and make sure they

Advertisement

Table of Contents
loading

Related Manuals for HP 12500 Series

Related Products for HP 12500 Series

Table of Contents