HP 10500 Series Configuration Manual page 174

[SwitchA-radius-rs1] nas-ip 3.3.0.3
[SwitchA-radius-rs1] quit
IMPORTANT:
Use the nas-ip command to specify the source IP address for RADIUS packets to be sent, and make sure
the source IP address is consistent with the IP address of the access device specified on the server to avoid
authentication failures.
2. Configure an authentication domain:
# Create an ISP domain named dm1 and enter its view.
[SwitchA] domain dm1
# Configure AAA methods for the ISP domain.
[SwitchA-isp-dm1] authentication portal radius-scheme rs1
[SwitchA-isp-dm1] authorization portal radius-scheme rs1
[SwitchA-isp-dm1] accounting portal radius-scheme rs1
[SwitchA-isp-dm1] quit
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username
without any ISP domain at logon, the authentication and accounting methods of the default
domain are used for the user.
[SwitchA] domain default enable dm1
3. Configure portal authentication:
# Configure the portal server as follows:
Name: newpt
IP address: 192.168.0.1 1 1
VPN: vpn3
Key: portal, in plain text
Port number: 50100
URL: http://192.168.0.1 1 1:8080/portal.
[SwitchA] portal server newpt ip 192.168.0.111 vpn-instance vpn3 key simple portal
port 50100 url http://192.168.0.111:8080/portal
# Enable Layer 3 portal authentication on the interface connecting the user side.
[SwitchA] interface vlan-interface 3
[SwitchA–Vlan-interface3] portal server newpt method layer3
[SwitchA–Vlan-interface3] quit
Verifying the configuration
Execute the display portal interface command to check whether the portal configuration has taken effect.
After Host passes portal authentication, execute the display portal user command to view information
about online portal users on Switch A.
[SwitchA] display portal user all
Index:2
State:ONLINE
SubState:NONE
ACL:NONE
Work-mode:stand-alone
VPN instance:vpn1
164