HPE FlexNetwork 5510 HI Series Security Configuration Manual page 5

ACL assignment ·············································································································· 105
User profile assignment ···································································································· 106
Periodic MAC reauthentication ··························································································· 106
Configuration prerequisites ······································································································ 106
Configuration task list·············································································································· 107
Enabling MAC authentication ···································································································· 107
Specifying a MAC authentication domain ···················································································· 108
Configuring the user account format ··························································································· 108
Configuring MAC authentication timers ······················································································· 108
Setting the maximum number of concurrent MAC authentication users on a port ································· 109
Enabling MAC authentication multi-VLAN mode on a port ······························································· 109
Configuring MAC authentication delay ························································································ 110
Enabling parallel processing of MAC authentication and 802.1X authentication ··································· 110
Configuration restrictions and guidelines ·············································································· 111
Configuration procedure ··································································································· 111
Configuring a MAC authentication guest VLAN ············································································· 111
Configuring a MAC authentication critical VLAN ··········································································· 112
Enabling the MAC authentication critical voice VLAN ····································································· 113
Configuration prerequisites ································································································ 113
Configuration procedure ··································································································· 114
Configuring the keep-online feature ··························································································· 114
Enabling MAC authentication offline detection ·············································································· 114
Displaying and maintaining MAC authentication ··········································································· 115
MAC authentication configuration examples ················································································ 115
Local MAC authentication configuration example ··································································· 115
RADIUS-based MAC authentication configuration example ······················································ 117
ACL assignment configuration example ··············································································· 119
Configuring portal authentication ····················································· 123
Overview ······························································································································ 123
Extended portal functions ·································································································· 123
Portal system components ································································································ 123
Portal system using the local portal Web server ····································································· 125
Interaction between portal system components ······································································ 125
Portal authentication modes ······························································································ 126
Portal authentication process ····························································································· 127
Portal configuration task list ······································································································ 129
Configuration prerequisites ······································································································ 129
Configuring a portal authentication server ··················································································· 130
Configuring a portal Web server ································································································ 130
Enabling portal authentication on an interface ·············································································· 131
Configuration restrictions and guidelines ·············································································· 131
Configuration procedure ··································································································· 131
Referencing a portal Web server for an interface ·········································································· 132
Controlling portal user access ··································································································· 132
Configuring a portal-free rule ····························································································· 132
Configuring an authentication source subnet ········································································· 133
Configuring an authentication destination subnet ···································································· 134
Setting the maximum number of portal users ········································································· 135
Specifying a portal authentication domain ············································································· 135
Configuring portal detection features ·························································································· 136
Configuring online detection of portal users ··········································································· 136
Configuring portal authentication server detection ·································································· 137
Configuring portal Web server detection ··············································································· 138
Configuring portal user synchronization ················································································ 138
Configuring the portal fail-permit feature ····················································································· 139
Configuring BAS-IP for portal packets sent to the portal authentication server ····································· 140
Applying a NAS-ID profile to an interface ···················································································· 141
Enabling portal roaming ··········································································································· 141
Logging out portal users ·········································································································· 142
Configuring the local portal Web server feature ············································································ 142
Customizing authentication pages ······················································································· 142
iii