9.1.5 Web authentication Parameter Settings
This section describes how to set the parameters for Web authentication.
- <Structure of this section>
-
-
(3) Set the number of authenticated users (dynamic VLAN mode, legacy mode)
-
(6) Setting Web authentication-only IP addressing (fixed VLAN mode, dynamic VLAN mode)
-
(7) Web Authentication-Only IP and FQDN Settings (Fixed VLAN Mode, Dynamic VLAN Mode)
-
(8) Disables URL redirection function (fixed VLAN mode, dynamic VLAN mode).
-
(12) Disables the connection monitoring function (fixed VLAN mode.).
(1) Setting the maximum authentication time
- Points to note
-
Set the length of time after which authenticated terminals are forcibly logged out.
Command examples
-
(config)# web-authentication max-timer 60
Configures the switch to forcibly log out terminals after 60 minutes.
(2) Set the number of authenticated users (fixed VLAN)
- Points to note
-
Set the maximum number of Web-authenticated users allowed in fixed VLAN mode.
Command examples
-
(config)# web-authentication static-vlan max-user 100
Specifies 100 as the maximum number of Web-authenticated users allowed in fixed VLAN mode.
(3) Set the number of authenticated users (dynamic VLAN mode, legacy mode)
- Points to note
-
Set the maximum number of Web-authenticated users allowed in dynamic VLAN mode or legacy mode.
Command examples
-
(config)# web-authentication max-user 5
Specifies a maximum of five Web-authenticated users.
(4) Setting up the RADIUS server
- Points to note
-
Configure the RADIUS server used to implement RADIUS authentication.
Command examples
-
(config)# aaa authentication web-authentication default group radius
Specifies that user authentication takes place using a RADIUS server.
- Notes
-
If the total wait time for each RADIUS server as specified by the radius-server command is longer than 60 seconds, authentication might fail while the switch is still waiting for a response from the RADIUS servers. Because the parameters set by the radius-server command apply universally to login authentication, command authorization, and IEEE 802.1X authentication, take care when setting the wait time.
(5) Configuring Accounting
- Points to note
-
Enable the collection of accounting information for Web authentication.
Command examples
-
(config)# aaa accounting web-authentication default start-stop group radius
Enables the collection of accounting information by the RADIUS server.
(6) Setting Web authentication-only IP addressing (fixed VLAN mode, dynamic VLAN mode)
- Points to note
-
Set the Web authentication IP address.
Command examples
-
(config)# web-authentication ip address 10.10.10.1
Sets the Web authentication IP address (10.10.10.1).
- Notes
-
-
After setting the access ports, use the restart web-authentication web-server operation command to restart the Web server. Users in the process of authentication will need to log in again.
-
In legacy mode (in an environment without the web-authentication port command configured), if you execute the web-authentication port command after you specify this command, you must then restart the Web server by using the restart web-authentication web-server operation command.
-
(7) Web Authentication-Only IP and FQDN Settings (Fixed VLAN Mode, Dynamic VLAN Mode)
- Points to note
-
Specify the Web authentication IP address and associated FQDN.
Command examples
-
(config)# web-authentication ip address 10.10.10.1 fqdn host.example.com
Specifies the Web authentication IP address (10.10.10.1) and FQDN (host.example.com).
- Notes
-
-
After setting the access ports, use the restart web-authentication web-server operation command to restart the Web server. Users in the process of authentication will need to log in again.
-
In legacy mode (in an environment without the web-authentication port command configured), if you execute the web-authentication port command after you specify this command, you must then restart the Web server by using the restart web-authentication web-server operation command.
-
(8) Disables URL redirection function (fixed VLAN mode, dynamic VLAN mode).
- Points to note
-
Disable the URL redirection functionality for Web authentication.
Command examples
-
(config)# no web-authentication redirect enable
Disables the URL redirection functionality for Web authentication.
- Notes
-
After setting the access ports, use the restart web-authentication web-server operation command to restart the Web server. Users in the process of authentication will need to log in again.
(9) Setting the Login Operation Protocol for URL Redirection Function (Fixed VLAN Mode, Dynamic VLAN Mode)
- Points to note
-
Specify the protocol used for login operations that are subject to URL redirection.
Command examples
-
(config)# web-authentication redirect-mode https
Uses the HTTPS protocol for Web authentication via URL redirection.
- Notes
-
After setting the access ports, use the restart web-authentication web-server operation command to restart the Web server. Users in the process of authentication will need to log in again.
(10) Settings for outputting to syslog servers
- Points to note
-
Configure the Switch to output authentication results and operation logs to the syslog server.
Command examples
-
(config)# web-authentication logging enable
(config)# logging event-kind aut
Configures the Switch to output Web authentication results and operation logs to the syslog server.
(11) Connection Monitoring Feature Settings (Fixed VLAN)
- Points to note
-
Configure the connection monitoring functionality that monitors the status of authenticated terminals.
Command examples
-
(config)# web-authentication logout polling enable
Enables the connection monitoring functionality.
-
(config)# web-authentication logout polling interval 300
Specifies a 300-second interval between transmissions of monitoring packets.
-
(config)# web-authentication logout polling retry-interval 10
Specifies a resending interval of 10 seconds for monitoring packets.
-
(config)# web-authentication logout polling count 5
Specifies a retry count of 5 for monitoring packets.
(12) Disables the connection monitoring function (fixed VLAN mode.).
- Points to note
-
Disable the connection monitoring functionality that monitors the status of authenticated terminals.
Command examples
-
(config)# no web-authentication logout polling enable
Disables the connection monitoring functionality.
(13) Setting the port number for accessing Web servers
- Points to note
-
Set the service port numbers for the Web server used in Web authentication.You can use these parameters to provide access to the Web server via a port other than the default (80 for HTTP and 443 for HTTPS).
In an environment running OAN, use this procedure to set the service port numbers used by OAN (832 and 9698). You cannot use the OAN service ports to perform Web authentication login and logout operations.
Command examples
-
(config)# web-authentication web-port http 8080
Specifies port 8080 as an alternate to port 80 for accessing the Web server via HTTP.
-
(config)# web-authentication web-port https 8443
Specifies port 8443 as an alternate to port 443 for accessing the Web server via HTTPS.
- Notes
-
After setting the access ports, use the restart web-authentication web-server operation command to restart the Web server. Users in the process of authentication will need to log in again.
(14) URL Settings After Successful Authorization
- Points to note
-
Set the URL that a terminal accesses after successful authentication.
[Setting by command]
-
(config)# web-authentication jump-url "http://www.example.com/"
Directs to http://www.example.com/ after successful authentication.