Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 1801

    Page 1801 136 3. The portal server assembles the username and pa ssword into an authentication request message and sends it to the access device. Meanwhile, the portal server starts a timer to wait for an authentication acknow ledgment message. 4. The access device and the RADIUS server exchan ge RADIUS packets to authenticate the user. 5. The access device sends an authentication reply to the portal server. 6. The portal server sends an authentication success mess age to the authentication client to... 
     136 
3.
 
The portal server assembles the username and pa ssword into an authentication request message 
and sends it to the access device. Meanwhile, the portal server starts a timer to wait for an 
authentication acknow ledgment message. 
4. The access device and the RADIUS server exchan ge RADIUS packets to authenticate the user. 
5. The access device sends an authentication reply to the portal server. 
6. The portal server sends an authentication success mess age to the authentication client to...

    Page 1802

    Page 1802 137 10. The portal server notifies the authentication client of logon success. 11. The portal server sends a user IP address change acknowledgment message to the access device. With extended portal functions, the process includes additional steps: 12. The security policy server exchanges security check information with the authentication client to check whether the authentication client meets the security requirements. 13. Based on the security check result, the security policy server... 
     137 
10.
 
The portal server notifies the authentication client of logon success. 
11. The portal server sends a user IP address change  acknowledgment message to the access device. 
With extended portal functions, the process includes additional steps: 
12.  The security policy server exchanges security check information with the authentication client to 
check whether the authentication client meets the security requirements. 
13. Based on the security check result,  the security policy server...

    Page 1803

    Page 1803 138 5. After receiving the certificate requ est, the portal server sends an EAP authentication reply to the authentication client, carrying th e EAP-Message attribute values. 6. The authentication client sends another EAP reques t to continue the EAP authentication with the RADIUS server, during which there may be several portal authentication requests. The subsequent authentication processes are the same as that initia ted by the first EAP request, except that the EAP request types vary with... 
     138 
5.
 
After receiving the certificate requ est, the portal server sends an EAP authentication reply to the 
authentication client, carrying th e EAP-Message attribute values. 
6. The authentication client sends another EAP reques t to continue the EAP authentication with the 
RADIUS server, during which there may be several  portal authentication requests. The subsequent 
authentication processes are the same as that initia ted by the first EAP request, except that the EAP 
request types vary with...

    Page 1804

    Page 1804 139 Figure 58 Network diagram for portal stat eful failover configuration As shown in Figure 58, u sers have to pass portal authentication to access the Internet. To avoid portal service interruption caused by single point failures, you can deploy two access devices (Gateway A and Gateway B) and configure the portal stateful failover function on them, so that they back up the portal online user information of each other through the failover link. When one of them (Gateway A or Gateway B)... 
     139 
Figure 58 Network diagram for portal stat eful failover configuration 
 
 
As shown in Figure 58, u sers have to pass portal authentication to access the Internet. To avoid portal 
service interruption caused by single point failures, you can deploy two access devices (Gateway A and 
Gateway B) and configure the portal stateful failover function on them, so that they back up the portal 
online user information of each other through the failover link. When one of them (Gateway A or 
Gateway B)...

    Page 1805

    Page 1805 140 • Secondary: Indicates that the user logs in from the peer device, and the user data is synchronized from the peer device to the local device. The local device is in synchronization state. It only receives and processes the synchronization messages and does not process packets from the server. Portal authentication across VPNs (available only on the HP 5500 EI series) This feature is not applicable to VPNs with overlapping address spaces. In a scenario where the branches belong to differen... 
     140 
•  Secondary: Indicates that the user logs in from the peer device, and the user data is synchronized 
from the peer device to the local device. The local device is in synchronization state. It only receives 
and processes the synchronization messages and does not process packets from the server.  
Portal authentication across VPNs (available only on the HP 
5500 EI series) 
This feature is not applicable to VPNs with overlapping address spaces. 
In a scenario where the branches belong to differen...

    Page 1806

    Page 1806 141 Task Remarks users Setting the maximum number of online portal users Specifying an authentication domain for portal users Configuring Layer 2 portal authentication to support web proxy Enabling support for portal user moving Specifying an Auth-Fail VLAN for portal authentication Optional Specifying an auto redirection URL for authenticated portal users Optional Configuring online Layer 2 portal user detection Optional Logging off portal users Optional Complete these tasks to configure... 
     141 
Task Remarks 
users Setting the maximum number of online portal users 
Specifying an authentication domain for portal 
users 
Configuring Layer 2 portal authentication to 
support web proxy 
Enabling support for portal user moving 
Specifying an Auth-Fail VLAN for portal authentication  Optional 
Specifying an auto redirection URL for authenticated portal users Optional 
Configuring online Layer 2 portal user detection Optional 
Logging off portal users Optional 
 
Complete these tasks to configure...

    Page 1807

    Page 1807 142 • With re-DHCP authentication, the IP address check function of the DHCP relay agent is enabled on the access device, and the DHCP server is installe d and configured properly. (Available only on the HP 5500 EI series) • The portal client, access device, and servers can reach each other. • With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS server, and the RADIUS client configurations are performed on the access device. For information about... 
     142 
•  With re-DHCP authentication, the IP address check function of the DHCP relay agent is enabled on 
the access device, and the DHCP server is installe d and configured properly. (Available only on the 
HP 5500 EI series) 
•   The portal client, access device, and servers can reach each other. 
•   With RADIUS authentication, usernames and passwords of the users are configured on the RADIUS 
server, and the RADIUS client configurations are performed on the access device. For information 
about...

    Page 1808

    Page 1808 143 Specifying a portal server for Layer 3 portal authentication (available only on the HP 5500 EI series) This task allows you to specify the portal server parameters for Layer 3 portal authentication, including the portal server IP address, shared encryption key, server port, and the URL address for web authentication. According to the networking environmen t, you can configure a remote portal server or a local portal server as needed. • To configure a remote portal server, specify the IP... 
     143 
Specifying a portal server for Layer 3 portal authentication 
(available only on the HP 5500 EI series) 
This task allows you to specify the portal server parameters for Layer 3 portal authentication, including 
the portal server IP address, shared encryption key, server port, and the URL address for web 
authentication. According to the networking environmen t, you can configure a remote portal server or a 
local portal server as needed. 
•   To configure a remote portal server, specify the IP...

    Page 1809

    Page 1809 144 For the local portal server to operate normally and steadily, follow the following rules when customizing authentication pages: Rules on file names The main authentication pages have predefin ed file names, which cannot be changed. Table 10 Main authentication page file names Main authentication page File name Logon page logon.htm Logon success page logonSuccess.htm Logon failure page logonFail.htm Online page Pushed after the user gets on line for online notification online.htm... 
     144 
For the local portal server to operate normally and steadily, follow the following rules when customizing 
authentication pages: 
Rules on file names 
The main authentication pages have predefin ed file names, which cannot be changed. 
Table 10  Main authentication page file names 
Main authentication 
page File  name 
Logon page  logon.htm 
Logon success page logonSuccess.htm 
Logon failure page  logonFail.htm 
Online page 
Pushed after the user gets on line for online notification
 online.htm...

    Page 1810

    Page 1810 145 Password : 3. Authentication pages logonSuccess.htm and online.htm must contain the logoff Post request. The following example shows part of the script in page online.htm. Rules on page file compression and saving • A set of authentication page files must be compressed into a standard zip file. The name of a zip file can contain only letters, numerals, and unders cores. The zip file of the default authentication pages must be saved with name defaultfile.zip. • The set of... 
     145 
Password : 
 
 
3. Authentication pages  logonSuccess.htm and online.htm  must contain the logoff Post request. 
The following example shows part of the script in page  online.htm. 
 
 
 
Rules on page file compression and saving 
•  A set of authentication page files must be compressed into a standard zip file. The name of a zip 
file can contain only letters, numerals, and unders cores. The zip file of the default authentication 
pages must be saved with name  defaultfile.zip. 
•   The set of...
    Start reading HP 5500 Ei 5500 Si Switch Series Configuration Guide

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide

    All HP manuals