HPE FlexNetwork 10500 Series Security Configuration Manual page 246
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
# For the RADIUS scheme, specify the VPN instance that is bound to the interface connected to
the portal/RADIUS server. This example uses VPN instance vpn3. (For information about the
VPN instance, see the MPLS L3VPN configuration on Switch A.)
[SwitchA-radius-rs1] vpn-instance vpn3
# Specify the primary authentication server and primary accounting server, and configure the
keys for communication with the servers.
[SwitchA-radius-rs1] primary authentication 192.168.0.111
[SwitchA-radius-rs1] primary accounting 192.168.0.111
[SwitchA-radius-rs1] key accounting simple radius
[SwitchA-radius-rs1] key authentication simple radius
# Exclude the ISP domain name from the username sent to the RADIUS server.
[SwitchA-radius-rs1] user-name-format without-domain
# Specify the source IP address for RADIUS packets to be sent as 3.3.0.3. This address must
be the same as that of the portal device specified on the portal authentication server to avoid
authentication failures.
[SwitchA-radius-rs1] nas-ip 3.3.0.3
[SwitchA-radius-rs1] quit
# Enable RADIUS session control.
[SwitchA] radius session-control enable
2.
Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[SwitchA] domain dm1
# Configure AAA methods for the ISP domain.
[SwitchA-isp-dm1] authentication portal radius-scheme rs1
[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure domain dm1 as the default ISP domain. If a user enters the username without the
ISP domain name at login, the authentication and accounting methods of the default domain
are used for the user.
[SwitchA] domain default enable dm1
3.
Configure portal authentication:
# Configure a portal authentication server.
[SwitchA] portal server newpt
[SwitchA-portal-server-newpt] ip 192.168.0.111 vpn-instance vpn3 key simple portal
[SwitchA-portal-server-newpt] port 50100
[SwitchA-portal-server-newpt] quit
# Configure a portal Web server.
[SwitchA] portal web-server newpt
[SwitchA-portal-websvr-newpt] url http://192.168.0.111:8080/portal
[SwitchA-portal-websvr-newpt] vpn-instance vpn3
[SwitchA-portal-websvr-newpt] quit
# Enable cross-subnet portal authentication on VLAN-interface 3.
[SwitchA] interface vlan-interface 3
[SwitchA–Vlan-interface3] portal enable method layer3
# Specify portal Web server newpt on VLAN-interface 3.
[SwitchA–Vlan-interface3] portal apply web-server newpt
229
Advertisement
Table of Contents
Troubleshooting
