H3c-technologies H3C SecPath F1000-E Manual de usuario Pagina 30
- Pagina / 182
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
29
portal authentication, the host uses an assigned private IP address. After passing the authentication,
the host can get a public IP address.
• When users using the host have passed identity authentication but have not passed security check,
they can access only subnet 192.168.0.0/24. After passing security check, they can access Internet
resources.
• A RADIUS server serves as the authentication/accounting server.
Figure 13 Configure re-DHCP portal authentication with extended functions
Host
automatically obtains
an IP address
192.168.0.111/24
192.168.0.114/24
192.168.0.112/24
Device
GE0/2
20.20.20.1/24
10.0.0.1/24 sub
GE0/1
192.168.0.100/24
Portal server
Security policy server
DHCP server
192.168.0.113/24
RADIUS server
Configuration procedure
NOTE:
• For re-DHCP authentication, you need to configure a public address pool (20.20.20.0/24, in this
example) and a private address pool (10.0.0.0/24, in this example) on the DHCP server. The
configuration steps are omitted. For DHCP configuration information, see
DHCP Configuration
in the
Firewall Web Configuration Manual
.
• For re-DHCP authentication, Device must be configured as a DHCP relay agent (instead of a DHCP
server) and the portal-enabled interface must be configured with a primary IP address (a public IP
address) and a secondary IP address (a private IP address).
• Make sure that the IP address of the portal device added on the portal server is the private IP address of
the interface connecting users (10.0.0.1
in this example), and the IP address
g
roup associated with the
portal device is the private network segment where the users reside (10.0.0.0/24 in this example).
• You need to configure IP addresses for Host, Device, and the servers as shown in
Figure 13 and ensure
that they can reach each other.
• Perform configurations on the RADIUS server to ensure that the user authentication and accounting
functions can work normally.
Perform the following configuration on Device:
Step1 Configure a RADIUS scheme
# Create a RADIUS scheme named rs1 and enter its view.
<Device> system-view
[Device] radius scheme rs1
- Table of Contents 1
- Portal Configuration 2
- Portal System Components 3
- Portal Authentication Modes 4
- Configuration Prerequisites 8
- RADIUS Configuration 12
- Firewall Web 12
- Configuration Manual 12
- Portal Packets 13
- 2. Probe parameters 15
- Logging Off Portal Users 17
- Step2 Configure Device 21
- DHCP Configuration 24
- Functions 27
- Information Synchronization 34
- Configuration considerations 35
- Troubleshooting Portal 42
- ALG Configuration 45
- 2. Authenticating the user 46
- Enabling ALG 47
- ALG Configuration Examples 47
- # Enable ALG for NBT 50
- # Configure NAT 50
- RSH Configuration 52
- RSH Configuration Example 53
- SSH2.0 Configuration 57
- Version negotiation 58
- Authentication 58
- Session request 59
- Interaction 59
- SSH Connection Across VPNs 60
- Public Key Commands 61
- Security Volume 61
- Interface Commands 62
- System Volume 62
- Configuring an SSH User 63
- SFTP Service 80
- Working with SFTP Files 83
- Displaying Help Information 84
- SSL Configuration 91
- SSL Configuration Task List 92
- Configuration Procedure 93
- Troubleshooting SSL 97
- Web Filtering Configuration 100
- Java Blocking 101
- ActiveX Blocking 101
- Configuring Web Filtering 102
- Network requirements 103
- Configuration procedure 104
- Invalid Use of Wildcard 107
- Invalid Blocking Suffix 107
- Public Key Configuration 109
- Connection Limit Overview 118
- Verification 121
- Symptom 121
- Analysis 121
- Solution 122
- Contents 123
- Firewall configuration 124
- IPsec Configuration 129
- Implementation of IPsec 130
- Basic Concepts of IPsec 130
- Encapsulation modes 131
- IPsec Tunnel Interface 132
- Configuring IPsec 134
- Implementing ACL-Based IPsec 135
- Mirror image ACLs 137
- Protection modes 138
- Configuring an IPsec Policy 139
- NOTE: 143
- Configuring an IPsec Profile 148
- Tunneling Commands 150
- IP Services Volume 150
- IPsec Configuration Examples 152
- 2. Configure Device B 153
- Configuation procedure 157
- 3. Configure Device C 162
- IKE Configuration 165
- Operation of IKE 166
- IKE Configuration Task List 167
- Gateway 168
- Configuring an IKE Proposal 168
- Configuring an IKE Peer 169
- Setting Keepalive Timers 171
- Configuring a DPD 172
- IKE Configuration Examples 173
- Traversal 175
- Troubleshooting IKE 180
- Proposal Mismatch 181
- ACL Configuration Error 181
Relacionado con productos y manuales para La Seguridad H3c-technologies H3C SecPath F1000-E
(95 paginas)
(17 paginas)© 2020, manymanuals.es. Todos los derechos reservados | 0.113 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales