Automatic authentication, Web authentication options configuration, Enabling radius accounting for web authentication – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 304: Password or passcode is not required. refer to

Advertising
background image

Automatic authentication

By default, if Web Authentication is enabled, hosts need to login and enter authentication credentials
in order to gain access to the network. If a re-authentication period is configured, the host will be
asked to re-enter authentication credentials once the re-authentication period ends.

You can configure Web Authentication to authenticate a host when the user presses the ’Login’ button.
When a host enters a valid URL address, Web Authentication checks the list of blocked MAC
addresses. If the hosts’ MAC address is not on the list and the number of allowable hosts has not
been reached, after pressing the ’Login’ button, the host is automatically authenticated for the duration
of the configured re-authentication period, if one is configured. Once the re-authentication period ends,
the host is logged out and needs to enter the URL address again.

NOTE
Automatic authentication is not the same as permanent authentication. (Refer to

Specifying hosts that

are permanently authenticated

on page 305). You must still specify devices that are to be

permanently authenticated even if automatic authentication is enabled.

To enable automatic authentication, enter the following command.

device(config)# vlan 10

device(config-vlan-10)#webauth

device(config-vlan-10-webauth)# auth-mode none

Syntax: [no] auth-mode none

If automatic authentication is enabled and a host address is not in the blocked MAC address list, Web
Authentication authenticates the host and displays the Login page without user credentials, then
provides a hyperlink to the requested URL site..

To determine if automatic authentication is enabled on your device, issue the show webauth vlan
vlan-id command at the VLAN configuration level.

Syslog messages are generated under the following conditions:

• The feature is enabled
• The feature is disabled
• A MAC address is successfully authenticated
• Automatic authentication cannot occur because the maximum number of hosts allowed has been

reached

Web authentication options configuration

The sections below explain other configuration options for Web Authentication.

Enabling RADIUS accounting for web authentication

When Web Authentication is enabled, you can enable RADIUS accounting to record login (start) and
logout (stop) events per host. The information is sent to a RADIUS server. Note that packet/byte count
is not supported.

To enable RADIUS accounting, enter the accounting command.

device(config-vlan-10-webauth)# accounting

Automatic authentication

304

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

Advertising
Popular Brands
Popular manuals