Configuring Extended Cross-Subnet Portal Authentication - HPE FlexNetwork 10500 Series Security Configuration Manual

Pre-auth IP pool: Not configured
Max Portal users: Not configured
Bas-ipv6: Not configured
User detection: Not configured
Action for server detection:
Server type
--
Layer3 source network:
IP address
Destination authenticate subnet:
IP address
Before passing portal authentication, a user that uses the HPE iNode client can access only the
authentication page http://192.168.0.111:8080/portal. All Web requests from the user will be
redirected to the authentication page.
•
The user can access the resources permitted by ACL 3000 after passing only identity
authentication.
•
The user can access network resources permitted by ACL 3001 after passing both identity
authentication and security check.
# After the user passes identity authentication and security check, use the following command to
display information about the portal user.
[Switch] display portal user interface vlan-interface 100
Total portal users: 1
Username: abc
Portal server: newpt
State: Online
VPN instance: N/A
MAC
0015-e9a6-7cfe
Authorization information:
DHCP IP pool: N/A
ACL: 3001
CAR: N/A

Configuring extended cross-subnet portal authentication

Network requirements
As shown in
Switch B. A portal server acts as both a portal authentication server and a portal Web server. A
RADIUS server acts as the authentication/accounting server.
Configure Switch A for extended cross-subnet portal authentication. Before passing portal
authentication, the host can access only the portal server. After passing portal identity authentication,
the host accepts security check. If the host fails the security check it can access only the subnet
192.168.0.0/24. After passing the security check, the host can access other network resources.
Server name
--
IP
20.20.20.2
Figure 66, Switch A supports portal authentication. The host accesses Switch A through
VLAN Interface
100 Vlan-interface100
219
Action
--
Prefix length
Prefix length