Configuring Re-Dhcp Portal Authentication With A Preauthentication Domain - HPE FlexNetwork 10500 Series Security Configuration Manual

Verifying the configuration
# Verify the portal configuration by executing the display portal interface command. (Details not
shown.)
# Display information about preauthentication portal users.
[Switch] display portal user pre-authenticate interface vlan-interface 100
MAC
0015-e9a6-7cfe
State: Online
VPN instance: --
Authorization information:
DHCP IP pool: N/A
ACL number: 3010
Inbound CAR: N/A
Outbound CAR: N/A
Configuring re-DHCP portal authentication with a
preauthentication domain
Network requirements
As shown in
obtains an IP address through the DHCP server. A portal server acts as both a portal authentication
server and a portal Web server. A RADIUS server acts as the authentication/accounting server.
Configure re-DHCP portal authentication. Before passing the authentication, the host is assigned a
private IP address and can access only the subnet 192.168.0.0/24. After passing the authentication,
the host gets a public IP address and can access other network resources.
Figure 75 Network diagram
Host
automatically obtains
an IP address
Configuration prerequisites and guidelines
•
Configure IP addresses for the switch and servers as shown in
host, switch, and servers can reach each other.
•
Configure the RADIUS server correctly to provide authentication and accounting functions.
•
For re-DHCP portal authentication, configure a public address pool (20.20.20.0/24) and a
private address pool (10.0.0.0/24) on the DHCP server. (Details not shown.)
IP
10.10.10.4
Figure 75, the host is directly connected to the switch (the access device). The host
Vlan-int100
20.20.20.1/24 Vlan-int2
10.0.0.1/24 sub 192.168.0.100/24
Switch
VLAN Interface
100 Vlan-interface100
Portal Server
192.168.0.111/24
DHCP server
192.168.0.112/24
RADIUS server
192.168.0.113/24
232
Figure 75 and make sure the