Redirect Url Assignment; Periodic Mac Reauthentication; Configuration Prerequisites; General Guidelines And Restrictions - HP FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Configuration manual (512 pages) ,
- Specifications (42 pages) ,
- Datasheet (20 pages)
Table of Contents
Advertisement
•
Specify another authorization ACL on the authentication server.
For more information about ACLs, see ACL and QoS Configuration Guide.
Redirect URL assignment
The device supports the URL attribute assigned by a RADIUS server. During MAC authentication, a
user is redirected to the Web interface specified by the server-assigned URL attribute. After the user
passes the Web authentication, the RADIUS server records the MAC address of the Web user and
uses a DM (Disconnect Message) to log off the Web user. When the user initiates MAC
authentication again, it will pass the authentication and come online successfully.
Periodic MAC reauthentication
Periodic MAC reauthentication tracks the connection status of online users, and updates the
authorization attributes assigned by the RADIUS server. The attributes include the ACL and VLAN.
The device reauthenticates an online MAC authentication user periodically only after it receives the
termination action Radius-request from the authentication server for this user. The
Session-Timeout attribute (session timeout period) assigned by the server is the reauthentication
interval. To display the server-assigned Session-Timeout and Termination-Action attributes, use the
display mac-authentication connection command. Support for the server configuration and
assignment of Session-Timeout and Termination-Action attributes depends on the server model.
When no server is reachable for MAC reauthentication, the device keeps the MAC authentication
users online or logs off the users, depending on the keep-online feature configuration on the device.
For information about the keep-online feature, see
Configuration prerequisites
Before you configure MAC authentication, complete the following tasks:
1.
Configure an ISP domain and specify an AAA method. For more information, see
AAA."
For local authentication, you must also create local user accounts (including usernames
and passwords), and specify the lan-access service for local users.
For RADIUS authentication, make sure the device and the RADIUS server can reach each
other, and create user accounts on the RADIUS server. If you are using MAC-based
accounts, make sure the username and password for each account are the same as the
MAC address of each MAC authentication user.
2.
Make sure the port security feature is disabled. For more information about port security, see
"Configuring port
General guidelines and restrictions
When you configure MAC authentication, follow these guidelines and restrictions:
•
MAC authentication is exclusive with link aggregation group or service loopback group.
You cannot enable MAC authentication on a port already in a link aggregation group or a
service loopback group.
You cannot add a MAC authentication-enabled port to a link aggregation group or a service
loopback group.
•
Do not configure MAC authentication and EVB on the same port. For information about EVB,
see EVB Configuration Guide.
security."
117
"Configuring the keep-online
feature."
"Configuring
Advertisement
Table of Contents
Troubleshooting
