9.1.4 Web Authentication Parameter Settings
This section describes how to set the parameters for Web authentication.
- <Structure of this section>
-
-
(6) Setting Web authentication-only IP addressing (fixed VLAN mode, dynamic VLAN mode)
-
(7) Web Authentication-Only IP and FQDN Settings (Fixed VLAN Mode, Dynamic VLAN Mode)
-
(8) Disables URL redirection function (fixed VLAN mode, dynamic VLAN mode).
-
(11) Disables the connection monitoring function (fixed VLAN mode.).
(1) Setting the maximum authentication time
- Points to note
-
Set the length of time after which authenticated terminals are forcibly logged out.
Command examples
-
(config)# web-authentication max-timer 60
Configures the switch to forcibly log out terminals after 60 minutes.
(2) Set the number of authenticated users (fixed VLAN)
- Points to note
-
Set the maximum number of Web-authenticated users allowed in fixed VLAN mode.
Command examples
-
(config)# web-authentication static-vlan max-user 100
Specifies 100 as the maximum number of Web-authenticated users allowed in fixed VLAN mode.
(3) Set the number of authenticated users (in dynamic VLAN)
- Points to note
-
Sets the number of users that can be authenticated in dynamic VLAN of Web authentication.
Command examples
-
(config)# web-authentication max-user 5
Specifies a maximum of five Web-authenticated users.
(4) Setting up the RADIUS server
- Points to note
-
Configure the RADIUS server used to implement RADIUS authentication.
Command examples
-
(config)# aaa authentication web-authentication default group radius
Specifies that user authentication takes place using a RADIUS server.
- Notes
-
If the total of the response wait time (number of retransmissions NG response timeout time) set by web-authentication radius-server host command of RADIUS servers exceeds 60 seconds, authentication may fail during authentication requesting from RADIUS servers.
(5) Configuring Accounting
- Points to note
-
Enable the collection of accounting information for Web authentication.
Command examples
-
(config)# aaa accounting web-authentication default start-stop group radius
Enables the collection of accounting information by the RADIUS server.
(6) Setting Web authentication-only IP addressing (fixed VLAN mode, dynamic VLAN mode)
- Points to note
-
Set the Web authentication IP address.
Command examples
-
(config)# web-authentication ip address 10.10.10.1
Sets the Web authentication IP address (10.10.10.1).
- Notes
-
If you change the settings while using Web authentication, immediately restart Web servers using the operation-command restart web-authentication web-server. Note that a user who is in the middle of authentication must log in again.
(7) Web Authentication-Only IP and FQDN Settings (Fixed VLAN Mode, Dynamic VLAN Mode)
- Points to note
-
Specify the Web authentication IP address and associated FQDN.
Command examples
-
(config)# web-authentication ip address 10.10.10.1 fqdn host.example.com
Specifies the Web authentication IP address (10.10.10.1) and FQDN (host.example.com).
- Notes
-
If you change the settings while using Web authentication, immediately restart Web servers using the operation-command restart web-authentication web-server. Note that a user who is in the middle of authentication must log in again.
(8) Disables URL redirection function (fixed VLAN mode, dynamic VLAN mode).
- Points to note
-
Disable the URL redirection functionality for Web authentication.
Command examples
-
(config)# no web-authentication redirect enable
Disables the URL redirection functionality for Web authentication.
- Notes
-
If you change the settings while using Web authentication, immediately restart Web servers using the operation-command restart web-authentication web-server. Note that a user who is in the middle of authentication must log in again.
(9) Setting the Login Operation Protocol for URL Redirection Function (Fixed VLAN Mode, Dynamic VLAN Mode)
- Points to note
-
Specify the protocol used for login operations that are subject to URL redirection.
Command examples
-
(config)# web-authentication redirect-mode https
Uses the HTTPS protocol for Web authentication via URL redirection.
- Notes
-
If you change the settings while using Web authentication, immediately restart Web servers using the operation-command restart web-authentication web-server. Note that a user who is in the middle of authentication must log in again.
(10) Connection Monitoring Feature Settings (Fixed VLAN)
- Points to note
-
Configure the connection monitoring functionality that monitors the status of authenticated terminals.
Command examples
-
(config)# web-authentication logout polling enable
Enables the connection monitoring functionality.
-
(config)# web-authentication logout polling interval 300
Specifies a 300-second interval between transmissions of monitoring packets.
-
(config)# web-authentication logout polling retry-interval 10
Specifies a resending interval of 10 seconds for monitoring packets.
-
(config)# web-authentication logout polling count 5
Specifies a retry count of 5 for monitoring packets.
(11) Disables the connection monitoring function (fixed VLAN mode.).
- Points to note
-
Disable the connection monitoring functionality that monitors the status of authenticated terminals.
Command examples
-
(config)# no web-authentication logout polling enable
Disables the connection monitoring functionality.
(12) Setting the port number for accessing Web servers
- Points to note
-
Set the service port numbers for the Web server used in Web authentication.You can use these parameters to provide access to the Web server via a port other than the default (80 for HTTP and 443 for HTTPS). Note that numbers 49152 and later may be used for other than Web authentication. If the service port number is used by another function, Web authentication does not work. For this reason, set the service port number to a number earlier than 49152.
Command examples
-
(config)# web-authentication web-port http 8080
Specifies port 8080 as an alternate to port 80 for accessing the Web server via HTTP.
-
(config)# web-authentication web-port https 8443
Specifies port 8443 as an alternate to port 443 for accessing the Web server via HTTPS.
- Notes
-
If you change the settings while using Web authentication, immediately restart Web servers using the operation-command restart web-authentication web-server. Note that a user who is in the middle of authentication must log in again.
(13) URL Settings After Successful authentication
- Points to note
-
Set the URL that a terminal accesses after successful authentication.
[Setting by command]
-
(config)# web-authentication jump-url "http://www.example.com/"
Directs to http://www.example.com/ after successful authentication.