Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual HP 5500 Ei 5500 Si Switch Series Configuration Guide. The HP manuals for Printer are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 1841

    Page 1841 176 [SwitchA-acl-adv-3001] quit On the security policy server, specify ACL 3000 as the isolation ACL and ACL 3001 as the security ACL. 4. Configure portal authentication # Configure the portal server as follows: { Name: newpt { IP address: 192.168.0.1 11 { Key: portal { Port number: 50100 { U R L : h t t p : / / 1 9 2 .16 8 . 0 .1 11:8080/portal. [SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url\ http://192.168.0.111:8080/portal # Enable portal authentication on... 
     176 
[SwitchA-acl-adv-3001] quit 
On the security policy server, specify ACL 3000 as the isolation ACL and ACL 3001 as the security 
ACL. 
4. Configure portal authentication 
# Configure the portal server as follows:  
{  Name: newpt 
{ IP address: 192.168.0.1 11 
{  Key: portal 
{ Port number: 50100 
{ U R L :  h t t p : / / 1 9 2 .16 8 . 0 .1 11:8080/portal. 
[SwitchA] portal server newpt ip 192.168.0.111 key portal port 50100 url\
 
http://192.168.0.111:8080/portal 
# Enable portal authentication on...

    Page 1842

    Page 1842 177 Figure 71 Network diagram Configure IP addresses for the host, server, and switches as shown in Figure 71 and mak e sure that they can reach to each other. Make sure that Host can access the authentication server through Switch A and Switch B. Configure VRRP group 1 and VRRP group 2 to implement backup for downstream and upstream links, respectively. For more information about VRRP, see High Availability Configuration Guide. For information about stateful failover configuration, see... 
     177 
Figure 71 Network diagram 
 
 
Configure IP addresses for the host, server, and switches as shown in  Figure 71 and mak e sure that they 
can reach to each other. 
Make sure that Host can access the authentication server through Switch A and Switch B. 
Configure VRRP group 1 and VRRP group 2 to implement backup for downstream and upstream links, 
respectively. For more information about VRRP, see  High Availability Configuration Guide. 
For information about stateful failover configuration, see...

    Page 1843

    Page 1843 178 Figure 72 Portal server configuration # Configure the IP address group. Select User Access Manager > Portal Service Management > IP Group from the navigation tree to enter the portal IP address group configuration page. Then, click Add to enter the page shown in Figure 62. • Enter the I P group name. • Enter the start IP address and end IP address of the IP group. Make sure that the host IP address is in the IP group. • Select a service group. By default, the group Ungrouped... 
     178 
Figure 72 Portal server configuration 
 
 
# Configure the IP address group. 
Select User Access Manager  > Portal Service Management  > IP Group from the navigation tree to enter 
the portal IP address group configuration page. Then, click  Add to enter the page shown in  Figure 62.  
•   Enter the I

P group name. 
•   Enter the start IP address and end IP address of the IP group. Make sure that the host IP address is 
in the IP group. 
•   Select a service group. By default, the group  Ungrouped...

    Page 1844

    Page 1844 179 • Enter the device name NAS. • Enter the virtual IP address of the VRRP grou p that holds the portal-enabled interface. • Enter the key, which must be the same as that configured on the switch. • Set whether to enable IP address reallocation. This example uses direct portal authentication, and therefore select No from the Reallocate IP list. • Select whether to support sever heartbeat and user heartbeat functions. In this example, select No for both Support Server Heartbeat and... 
     179 
•  Enter the device name  NAS. 
•   Enter the virtual IP address of the VRRP grou p that holds the portal-enabled interface. 
•   Enter the key, which must be the same as that configured on the switch. 
•   Set whether to enable IP address reallocation. This  example uses direct portal authentication, and 
therefore select  No from the Reallocate IP  list. 
•   Select whether to support sever heartbeat and user  heartbeat functions. In this example, select No 
for both Support Server Heartbeat  and...

    Page 1845

    Page 1845 180 Figure 76 Adding a port group # Select User Access Manager > Service Parameters > Validate System Configuration from the navigation tree to validate the configurations. Configuring Switch A 1. Configure VRRP: # Create VRRP group 1, and configure the virtua l IP address of the VRRP group 1 as 9.9.1.1. system-view [SwitchA] interface vlan-interface 10 [SwitchA–Vlan-interface10] vrrp vrid 1 virtual-ip 9.9.1.1 # Set the priority of VLAN-interface 10 in VRRP group 1 to 200.... 
     180 
Figure 76 Adding a port group 
 
 
# Select User Access Manager  > Service Parameters  > Validate System Configuration  from the 
navigation tree to validate the configurations. 
Configuring Switch A 
1.  Configure VRRP: 
# Create VRRP group 1, and configure the virtua l IP address of the VRRP group 1 as 9.9.1.1. 
 system-view 
[SwitchA] interface vlan-interface 10 
[SwitchA–Vlan-interface10] vrrp vrid 1 virtual-ip 9.9.1.1 
# Set the priority of VLAN-interface 10 in VRRP group 1 to 200....

    Page 1846

    Page 1846 181 # Configure the server type for the RADIUS scheme. When using the IMC server, configure the RADIUS server type as extended. [SwitchA-radius-rs1] server-type extended # Specify the primary authentication server and primary accounting server, and configure the keys for communication with the servers. [SwitchA-radius-rs1] primary authentication 192.168.0.111 [SwitchA-radius-rs1] primary accounting 192.168.0.111 [SwitchA-radius-rs1] key authentication expert [SwitchA-radius-rs1] key accounting... 
     181 
# Configure the server type for the RADIUS scheme. When using the IMC server, configure the 
RADIUS server type as extended. 
[SwitchA-radius-rs1] server-type extended 
# Specify the primary authentication server and primary accounting server, and configure the keys 
for communication with the servers.  
[SwitchA-radius-rs1] primary authentication 192.168.0.111 
[SwitchA-radius-rs1] primary accounting 192.168.0.111 
[SwitchA-radius-rs1] key authentication expert 
[SwitchA-radius-rs1] key accounting...

    Page 1847

    Page 1847 182 6. Configure the stateful failover function: # Configure the VLAN for stateful failover as VLAN 8. [SwitchA] dhbk vlan 8 # Enable stateful failover and configure it to support the symmetric path. [SwitchA] dhbk enable backup-type symmetric-path Configuring Switch B 1. Configure VRRP: # Create VRRP group 1, and configure the virtua l IP address of the VRRP group 1 as 9.9.1.1. system-view [SwitchB] interface vlan-interface 10 [SwitchB–Vlan-interface10] vrrp vrid 1 virtual-ip 9.9.1.1 #... 
     182 
6.
 
Configure the stateful failover function: 
# Configure the VLAN for stateful failover as VLAN 8. 
[SwitchA] dhbk vlan 8 
# Enable stateful failover and configure it to support the symmetric path. 
[SwitchA] dhbk enable backup-type symmetric-path 
Configuring Switch B 
1. Configure VRRP: 
# Create VRRP group 1, and configure the virtua l IP address of the VRRP group 1 as 9.9.1.1. 
 system-view 
[SwitchB] interface vlan-interface 10 
[SwitchB–Vlan-interface10] vrrp vrid 1 virtual-ip 9.9.1.1 
#...

    Page 1848

    Page 1848 183 # Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username without any ISP domain at logon, the authenti cation and accounting methods of the default domain are used for the user. [SwitchB] domain default enable dm1 4. Enable portal authentication on the interface connecting the host: # Configure the portal server as needed. [SwitchB] portal server newpt ip 192.168.0.111 key portal port 50100 url\ http://192.168.0.111:8080/portal # Enable portal... 
     183 
# Configure domain dm1 as the default ISP domain for all users. Then, if a user enters a username 
without any ISP domain at logon, the authenti cation and accounting methods of the default 
domain are used for the user. 
[SwitchB] domain default enable dm1 
4.  Enable portal authentication on the interface connecting the host: 
# Configure the portal server as needed. 
[SwitchB] portal server newpt ip 192.168.0.111 key portal port 50100 url\
 
http://192.168.0.111:8080/portal 
# Enable portal...

    Page 1849

    Page 1849 184 State:ONLINE SubState:NONE ACL:NONE Work-mode: secondary VPN instance:NONE MAC IP Vlan Interface --------------------------------------------------------------------- 000d-88f8-0eac 9.9.1.2 10 Vlan-interface10 Total 1 user(s) matched, 1 listed. The output shows that the information of user Host is saved on both Switch A and Switch B. The users working mode on Switch A is primary, and that on Switch B is secondary, which... 
     184 
 State:ONLINE 
 SubState:NONE 
 ACL:NONE 
 Work-mode: secondary 
 VPN instance:NONE 
 MAC                IP                 Vlan   Interface 
 --------------------------------------------------------------------- 
 000d-88f8-0eac     9.9.1.2            10      Vlan-interface10 
 Total 1 user(s) matched, 1 listed. 
The output shows that the information of user Host is saved on both Switch A and Switch B. The users 
working mode on Switch A is primary, and that on Switch B is secondary, which...

    Page 1850

    Page 1850 185 3. Configure direct portal authentication on interf ace VLAN-interface 100, which is connected with the user host. 4. Configure the portal server detection function on the access device, so that the access device can detect the status of the portal se rver by cooperating with the port al server heartbeat function. 5. Configure the portal user information synchroniz ation function, so that the access device can synchronize portal user information with the port al server by cooperating... 
     185 
3.
 
Configure direct portal authentication on interf ace VLAN-interface 100, which is connected with 
the user host.  
4.  Configure the portal server detection function on  the access device, so that the access device can 
detect the status of the portal se rver by cooperating with the port al server heartbeat function.   
5. Configure the portal user information synchroniz ation function, so that the access device can 
synchronize portal user information with the port al server by cooperating...
    Start reading HP 5500 Ei 5500 Si Switch Series Configuration Guide

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide

    All HP manuals