HPE FlexNetwork 10500 Series Security Configuration Manual page 625
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
•
Use the remote RADIUS server to perform authentication, authorization, and accounting.
Configure the device to send usernames carrying no ISP domain names to the RADIUS server.
•
Configure the local Web authentication server on the device to use listening IP address 4.4.4.4.
Configure the device to send a default authentication page to the Web user and forward
authentication data by using HTTP.
Figure 169 Network diagram
192.168.1.2/24
802.1X client
192.168.1.3/24
Printer
192.168.1.4/24
Web user
Configuration prerequisites and restrictions
•
Make sure that the terminals, the server, and the device can reach each other.
•
Make sure the terminal of the Web user has a route to the listening IP address of the local Web
authentication server.
•
Configure the RADIUS server to provide normal authentication, authorization, and accounting
for users. In this example, configure the following on the RADIUS server:
An 802.1X user with username userdot.
A Web authentication user with username userpt.
A MAC authentication user with a username and password both being the MAC address of
the printer f07d6870725f.
•
Edit authentication pages, compress the pages to a .zip file named abc, and upload the .zip file
to the device by FTP.
Configuration procedure
1.
Configure Web authentication:
# Configure VLANs and IP addresses for the VLAN interfaces, and add ports to specific VLANs.
(Details not shown.)
# Configure the local Web server to use HTTP. Configure file abc.zip as the default
authentication page file of the local Web server.
<Device> system-view
[Device] portal local-web-server http
[Device-portal-local-websvr-http] default-logon-page abc.zip
[Device-portal-local-websvr-http] quit
# Configure the IP address of interface loopback 0 as 4.4.4.4.
[Device] interface loopback 0
[Device-LoopBack0] ip address 4.4.4.4 32
[Device-LoopBack0] quit
# Create a Web authentication server named webserver and enter its view.
RADIUS server
1.1.1.2/24
Vlan-int1
GE1/0/1
1.1.1.1/24
Vlan-int8
192.168.1.1/24
Vlan-int3
Device
3.3.3.1/24
Loop0
4.4.4.4/32
608
IP network
Advertisement
Table of Contents
Troubleshooting
