Installation manual
4-156
SIGNAMAX LLC • www.signamax.eu
Command Usage
When using a bit mask to filter displayed MAC addresses, a 1 means “care” and a
0 means “don't care”. For example, a MAC of 00-00-01-02-03-04 and mask
FF-FF-FF-00-00-00 would result in all MACs in the range 00-00-01-00-00-00 to
00-00-01-FF-FF-FF to be displayed. All other MACs would be filtered out.
Example
Web Authentication
Web authentication allows stations to authenticate and access the network in situations
where 802.1X or Network Access authentication methods are infeasible or impractical.
The web authentication feature allows unauthenticated hosts to request and receive a
DHCP assigned IP address and perform DNS queries. All other traffic, except for http
protocol traffic, is blocked. The switch intercepts http protocol traffic and redirects it to a
switch-generated web page that facilitates user name and password authentication via
RADIUS. Once authentication is successful, the web browser is forwarded on to the
originally requested web page. Successful authentication is valid for all hosts connected
to the port.
Notes: 1.
RADIUS authentication must be activated and configured properly for the web
authentication feature to work properly. (See “Configuring Local/Remote Logon
Authentication” on page 3-58)
2. Web authentication cannot be configured on trunk ports.
Console#show network-access mac-address-table
---- ----------------- --------------- --------- -------------------------
Port MAC-Address RADIUS-Server Attribute Time
---- ----------------- --------------- --------- -------------------------
1/1 00-00-01-02-03-04 172.155.120.17 Static 00d06h32m50s
1/1 00-00-01-02-03-05 172.155.120.17 Dynamic 00d06h33m20s
1/1 00-00-01-02-03-06 172.155.120.17 Static 00d06h35m10s
1/3 00-00-01-02-03-07 172.155.120.17 Dynamic 00d06h34m20s
Console#
Table 4-43 Web Authentication
Command Function Mode Page
web-auth login-attempts Defines the limit for failed web authentication login attempts GC 4-157
web-auth quiet-period Defines the amount of time to wait after the limit for failed
login attempts is exceeded.
GC 4-157
web-auth session-timeout Defines the amount of time a session remains valid GC 4-158
web-auth system-auth-control Enables web authentication globally for the switch GC 4-158
web-auth Enables web authentication for an interface IC 4-159
web-auth re-authenticate (Port) Ends all web authentication sessions on the port and forces
the users to re-authenticate
PE 4-159
web-auth re-authenticate (IP) Ends the web authentication session associated with the
designated IP and forces the user to re-authenticate
PE 4-159