Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

411

412

413

414

415

416

417

418

419

420

414 | Chapter 16. Network Login

NETGEAR 8800 User Manual

This redirection information is used only in case the redirection info is missing from RADIUS

server. For example,

configure netlogin base-url http://www.netgear.com redirects all

users to this URL after they get logged in.

If you cannot find HTTPS commands, your XCM8800 image probably does not have SSH

preinstalled. To download the SSH module, go to

http://kbserver.netgear.com/products/8806.asp or

http://kbserver.netgear.com/products/8810.asp. For more information about SSH2, see

Chapter 17, Security. For information on installing the SSH module, see Software Upgrade

and Boot Options in Appendix B.

Configuring Proxy Ports

To configure the ports to be hijacked and redirected, use the following commands:

configure netlogin add proxy-port <tcp_port> {http | https}

configure netlogin delete proxy-port

For each hijacked or proxy port, you must specify whether the port is to be used for HTTP or

HTTPS traffic. No more that five hijack or proxy ports are supported for HTTP in addition to

port 80 (for HTTP) and port 443 (for HTTPS), both of which cannot be deleted.

Configuring Session Refresh

To enable or disable the network login session refresh, use one of the following commands:

enable netlogin session-refresh {<refresh_minutes>} 

disable netlogin session-refresh

Where <minutes> ranges from 1 - 255. The default setting is 3 minutes. enable netlogin

session-refresh

and configure netlogin session-refresh makes the logout window refresh

itself at every configured time interval. Session refresh is enabled by default. When you

configure the network login session refresh for the logout window, ensure that the FDB aging

timer is greater than the network login session refresh timer.

Note: If an attempt is made to authenticate the client in a non-existent

VLAN, and the move fail action setting is

authenticate, then the

client is successfully authenticated in the port’s original VLAN, but

subsequent session refreshes fail and cause the client to become

unauthenticated.

When web-based Network login is configured with proxy ports and session-refresh are also

enabled, you must configure the web browser to bypass the web proxy server for the IP

address of the VLAN into which the client moves after authentication.