HPE Moonshot 45Gc Security Configuration Manual page 5

Configuration prerequisites ···························································································································· 106
Configuration task list ····································································································································· 106
Enabling MAC authentication ························································································································· 107
Specifying a MAC authentication domain ······································································································ 107
Configuring the user account format ·············································································································· 108
Setting MAC authentication timers ················································································································· 108
Enabling MAC authentication offline detection ······························································································ 109
Setting the maximum number of concurrent MAC authentication users on a port ········································· 109
Enabling MAC authentication multi-VLAN mode on a port ············································································ 110
Configuring MAC authentication delay ··········································································································· 110
Enabling parallel processing of MAC authentication and 802.1X authentication ··········································· 111
Configuration restrictions and guidelines ······························································································· 111
Configuration procedure ························································································································· 111
Configuring a MAC authentication guest VLAN ····························································································· 112
Configuring a MAC authentication critical VLAN ···························································································· 112
Enabling the MAC authentication critical voice VLAN ···················································································· 113
Configuration prerequisites ···················································································································· 113
Configuration procedure ························································································································· 114
Configuring the keep-online feature ··············································································································· 114
Including user IP addresses in MAC authentication requests ········································································ 114
Displaying and maintaining MAC authentication ···························································································· 115
MAC authentication configuration examples ·································································································· 115
Local MAC authentication configuration example ·················································································· 115
RADIUS-based MAC authentication configuration example ·································································· 117
ACL assignment configuration example································································································· 119
Configuring portal authentication ································································ 123
Overview ························································································································································ 123
Extended portal functions ······················································································································· 123
Portal system components ····················································································································· 123
Portal system using the local portal Web server ···················································································· 125
Interaction between portal system components ····················································································· 125
Portal authentication modes ··················································································································· 126
Portal authentication process ················································································································· 126
Portal configuration task list ··························································································································· 128
Configuration prerequisites ···························································································································· 129
Configuring a portal authentication server ····································································································· 130
Configuring a portal Web server ···················································································································· 130
Enabling portal authentication on an interface ······························································································· 131
Configuration restrictions and guidelines ······························································································· 131
Configuration procedure ························································································································· 131
Referencing a portal Web server for an interface ·························································································· 132
Controlling portal user access ························································································································ 132
Configuring a portal-free rule ················································································································· 132
Configuring an authentication source subnet ························································································· 133
Configuring an authentication destination subnet ·················································································· 134
Setting the maximum number of portal users ························································································ 135
Specifying a portal authentication domain ····························································································· 135
Enabling outgoing packets filtering on a portal-enabled interface ·························································· 136
Configuring portal detection features ············································································································· 136
Configuring online detection of portal users ··························································································· 136
Configuring portal authentication server detection ················································································· 137
Configuring portal Web server detection ································································································ 138
Configuring portal user synchronization ································································································· 139
Configuring the portal fail-permit feature ········································································································ 140
Configuring BAS-IP for unsolicited portal packets sent to the portal authentication server ··························· 140
Applying a NAS-ID profile to an interface ······································································································ 141
Enabling portal roaming ································································································································· 142
Logging out portal users ································································································································ 142
Configuring the local portal Web server feature ····························································································· 142
Customizing authentication pages ········································································································· 143
Configuring a local portal Web server ···································································································· 145
iii