Login
- Released At: 05-07-2024
- Page Views:
- Downloads:
- Table of Contents
- Related Documents
-
|
|
|
H3C IMC EIA IPv6 Scenario Configuration Examples |
|
|
|
|
Software version: EIA 7.3 (E0623)
Document version: 5W108-20230627
Copyright © 2023 New H3C Technologies Co., Ltd. All rights reserved.
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.
Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.
The information in this document is subject to change without notice.
Contents
General restrictions and guidelines
Configuring IPv6 portal authentication on IMC EIA
Configuring IPv6 SSL VPN authentication on IMC EIA
Configuring generic IPv6 802.1X authentication on IMC EIA
Introduction
The following information provides IMC EIA IPv6 scenario configuration examples. The IMC EIA IPv6 function supports configuring IPv6 addresses for devices that access IMC EIA or devices that collaborate with IMC, which expands the IP address types supported on EIA. Both IPv4 and IPv6 addresses are supported on EIA currently. You can configure the IP addresses as needed. EIA does not change the IPv6 features configured on devices.
Prerequisites
Before using IPv6 features on EIA, you must enable IPv6 and enable policy server for IPv6 on IMC:
Enabling IPv6
1. On the top navigation bar, click User.
2. From the left navigation pane, select User Access Policy > Service Parameters > System Settings.
3. Click the Configure icon 
for System Parameters.
Figure 1 System settings page
4. Select Yes for the Enable IPv6 field.
Figure 2 System parameter settings
5. Click OK.
Configuring policy server parameter settings
1. On the top navigation bar, click User.
2. From the left navigation pane, select User Access Policy > Service Parameters > System Settings.
3. Click the Configure
icon 
for Policy Server Parameters.
4. Select the check box before Enable Policy Server for IPv6.
Figure 3 Policy server parameter settings
5. Click OK.
General restrictions and guidelines
After you enable IPv6 on EIA, follow the following restrictions and guidelines:
· IPv6 addresses are supported in RADIUS authentication and portal authentication. You can configure IPv6 addresses on user service settings pages such as the access device and portal device settings page. Users' IPv6 addresses will be displayed in the access user list, online user list, roaming online user list, denylist user list, authentication failure logs, access details, roaming access details, and other pages. You can enter an IPv6 address as the filter criteria to search the target information.
· To avoid IPv6 user authentication failures, you must enter correct IPv6 address of the EIA server when you install EIA subcomponents.
Feature usage guidelines
Configuring IPv6 portal authentication on IMC EIA
Applicable scenarios
The following information applies to enterprise networks or campus networks requiring portal authentication.
Prerequisites
The access devices support the portal protocol.
Restrictions and guidelines
You must select version Portal 3.0 when configuring an IPv6 access device because only the version supports IPv6.
Configure the following parameters for the access device.
· Enter a device name.
· Select Portal 3.0 from the version list.
· Specify the IPv6 address of the device.
· Enter a key in the Key field and enter the key again in the Confirm Key filed for confirmation.
The key must be identical with the configuration on the device for communication with the portal server.
· Select Directly Connect from the access method list.
· Use the default settings for other parameters.
Figure 4 Adding the access device
Procedure
The following information provides only simple configuration steps. For more information about the detailed configuration, see IMC EIA IPv6 Portal Authentication Configuration Examples on the official website of H3C.
To configure IPv6 portal authentication on EIA, complete the following steps:
1. Enable IPv6.
2. Configure the EIA server:
a. Add an access device.
b. Add an access policy.
c. Add an access service.
d. Add an access user.
3. Configure a portal service:
a. Configure a portal server.
b. Configure a portal IP group.
c. Configure a portal device.
4. Configure the access device.
5. Use an iNode client to perform portal authentication:
a. Install an iNode client with the portal connection function.
b. Perform portal authentication connection.
Configuring IPv6 SSL VPN authentication on IMC EIA
Applicable scenarios
The following information applies to scenarios where a user enters the username and password on an iNode PC client to perform SSL VPN authentication for accessing network resources.
Prerequisites
Make sure the network has connectivity.
Restrictions and guidelines
When you configure IPv6 SSL VPN authentication on EIA, follow the following restrictions and guidelines:
· As a best practice, use a PC iNode with a version between 7.3 (E0574) and 7.3 (E0582).
· In the network, the user and the device use IPv6 addresses for communication, and the device and the portal server use IPv4 addresses for communication. You must add the IPv4 access device on EIA (the portal server).
Procedure
The following information provides only simple configuration steps. For more information about the detailed configuration, see IMC EIA SSL VPN Authentication (IPv6) Configuration Examples on the official website of H3C.
To configure IPv6 SSL VPN authentication on EIA, complete the following steps:
1. Configure authentication on EIA:
a. Configure system parameters on EIA:
- Configure system parameters.
- Configure policy server parameters.
b. Add an IPv4 access device.
c. Add an access policy.
d. Add an access service.
e. Adding an access user.
2. Configure an SSL VPN device.
3. Verify the results:
a. Perform SSL VPN authentication.
b. View the authentication success information on EIA.
Configuring generic IPv6 802.1X authentication on IMC EIA
Applicable scenarios
The following information applies to an enterprise network or campus network that performs 802.1X authentication without additional access control or security checks.
Prerequisites
The access devices support the 802.1X protocol.
Procedure
The following information provides only simple configuration steps. For more information about the detailed configuration, see IMC EIA Generic 802.1X Authentication (IPv6) Configuration Examples on the official website of H3C.
To configure generic IPv6 802.1X authentication on EIA, complete the following steps:
1. Configure the EIA server:
a. Configure system parameters on EIA.
b. Add an access device.
c. Add an access policy.
d. Add an access service.
e. Configure an access user.
2. Configure an access device.
3. Use an iNode client to perform authentication:
a. Install an iNode client with the 802.1X authentication function.
b. Perform 802.1X authentication connection.
c. View information about the online user on EIA.
