HP 5500 HI Series Configuration Manual page 194
Security
Hide thumbs
Also See for 5500 HI Series:
- Installation manual (72 pages) ,
- Compliance and safety manual (62 pages) ,
- Quickspecs (35 pages)
Table of Contents
Advertisement
# Configure the local portal server to support HTTPS and reference SSL server policy sslsvr.
[Switch] portal local-server https server-policy sslsvr
# Configure the IP address of loopback interface 12 as 4.4.4.4.
[Switch] interface loopback 12
[Switch-LoopBack12] ip address 4.4.4.4 32
[Switch-LoopBack12] quit
# Specify IP address 4.4.4.4 as the listening IP address of the local portal server for Layer 2 portal
authentication.
[Switch] portal local-server ip 4.4.4.4
# Enable portal authentication on port GigabitEthernet 1/0/1, and specify the Auth-Fail VLAN of
the port as VLAN 2.
[Switch] interface gigabitethernet 1/0/1
[Switch–GigabitEthernet1/0/1] port link-type hybrid
[Switch–GigabitEthernet1/0/1] mac-vlan enable
[Switch–GigabitEthernet1/0/1] portal local-server enable
[Switch–GigabitEthernet1/0/1] portal auth-fail vlan 2
[Switch–GigabitEthernet1/0/1] quit
2.
Configure a RADIUS scheme:
# Create a RADIUS scheme named rs1 and enter its view.
<Switch> system-view
[Switch] radius scheme rs1
# Set the server type for the RADIUS scheme. When using the IMC server, set the server type to
extended.
[Switch-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[Switch-radius-rs1] primary authentication 1.1.1.2
[Switch-radius-rs1] primary accounting 1.1.1.2
[Switch-radius-rs1] key accounting simple radius
[Switch-radius-rs1] key authentication simple radius
[Switch-radius-rs1] quit
3.
Configure an authentication domain:
# Create and enter ISP domain triple.
[Switch] domain triple
# Configure AAA methods for the ISP domain.
[Switch-isp-triple] authentication portal radius-scheme rs1
[Switch-isp-triple] authorization portal radius-scheme rs1
[Switch-isp-triple] accounting portal radius-scheme rs1
[Switch-isp-triple] quit
# Configure domain triple as the default ISP domain for all users. Then, if a user enters a username
without any ISP domain at logon, the authentication and accounting methods of the default
domain are used for the user.
[Switch] domain default enable triple
4.
Configure the DHCP relay agent:
# Enable DHCP.
[Switch] dhcp enable
181
- Quick Links:
- Configuration Guide
- Configuring Aaa
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
