Specifications
New and Enhanced Features in AlliedWare Plus 5.4.4 Major and Minor Versions 21
■ Previously, you could set the HTTPS port number for the web authentication server.
Now, you no longer need to set the port number and the default port number 443 is
used. As a result, the auth-web-server sslport command has been deleted.
■ The default behavior of web-authentication packet forwarding has changed.
Previously, packet forwarding for port authentication was disabled by default. Now,
ARP, DHCP, DNS forwarding for port authentication are enabled by default. TCP and
UDP forwarding for port authentication are disabled by default. As a result, the
default behavior of the auth-web forward command has been changed.
■ Previously, you could use either HTTP protocol or HTTPS protocol for the web
authentication server. Both HTTP and HTTPS packets were redirected to HTTP server
or HTTPS server. Now, you can use both HTTP protocol and HTTPS protocol. When
both protocols are used, HTTP packet is redirected to HTTP server and HTTPS packet
is redirected to HTTPS server respectively. As a result, the auth-web-server ssl
command has been changed and you can use the hybrid option of this command to
enable both HTTP and HTTPS for the web authentication server.
■ Previously, you could register only HTTP intercept port numbers. Now, you can use
the auth-web-server ssl intercept-port new command to register HTTPS intercept
port numbers when the HTTPS server uses custom port numbers.
■ Previously, you couldn’t assign a hostname to the web authentication server. Now,
you can use the auth-web-server host-name new command to assign a hostname
to the web authentication server.
■ As a result of the enhancements, the output of the show auth-web-server command
has been changed.
■ If you configure a virtual IP address for the web-authentication server by using the
auth-web-server ipaddress command or the auth-web-server dhcp ipaddress
command, you must add a hardware ACL which sends the packets going to the virtual
IP address to the CPU on the web-authentication enabled interfaces. If the hardware
ACL is not set, the web-authentication success page will not appear on the
supplicant’s web browser. For example, if you configure the virtual IP address 1.2.3.4
and web-authentication is enabled on port1.0.1 and port1.0.7, you must add the
hardware filter send-to-cpu ip any 1.2.3.4/32 to port1.0.1 and port1.0.7 as shown in
the following show running-config command output:
…
auth-web-server ipaddress 1.2.3.4
access-list hardware acl-web
send-to-cpu ip any 1.2.3.4/32
!
interface port1.0.1
auth-web enable
access-group acl-web
!
interface port1.0.7
auth-web enable
access-group acl-web
!