Configuring Direct Portal Authentication With Extended Functions - HP 3600 v2 Series Configuration Manual

[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters the
username without the ISP domain at logon, the authentication and accounting methods of the
default domain are used for the user.
[SwitchA] domain default enable dm1
3. Configure portal authentication:
# Configure the portal server as follows:
Name: newpt
IP address: 192.168.0.1 1 1
Key: portal in plain text
Port number: 50100
URL: http://192.168.0.1 1 1:8080/portal
[SwitchA] portal server newpt ip 192.168.0.111 key simple portal port 50100 url
http://192.168.0.111:8080/portal
# Enable portal authentication on the interface connecting Switch B.
[SwitchA] interface vlan-interface 4
[SwitchA–Vlan-interface4] portal server newpt method layer3
[SwitchA–Vlan-interface4] quit
On Switch B, configure a default route to subnet 192.168.0.0/24, setting the next hop as 20.20.20.1.
(Details not shown.)
Configuring direct portal authentication with extended
functions
Network requirements
As shown in
The host is directly connected to the switch and the switch is configured for direct extended portal
•
authentication. The host is assigned with a public network IP address either manually or through
DHCP. If the host fails security check after passing identity authentication, the host can access only
subnet 192.168.0.0/24. After passing security check, the host can access Internet resources.
• A RADIUS server serves as the authentication/accounting server.
Figure 53:
162