Table of Contents
Advertisement
Security Configuration Command Set
Configuring Port Web Authentication (PWA)
14.3.6 Configuring Port Web Authentication (PWA)
About PWA
PWA provides a way of authenticating users before allowing general access to the network. A PWA
user's access to the network is restricted until after the user successfully logs in via a web browser
using the Enterasys Networks' Matrix Series web-based security interface. The Matrix Series
device will validate all login credential from the user with a RADIUS server before allowing
network access.
PWA is an alternative to 802.1X and MAC authentication. It allows only the essential protocols and
services required by the authentication process between the end-station and the network. All other
traffic is discarded. When a user is in the unauthenticated state, any user traffic requesting network
resources will not be allowed.
To log on using PWA, the user makes a request via a web browser for the PWA web page or is
automatically redirected to this login page after requesting a URL in a browser.
Depending upon the authenticated state of the user, a login page or a logout page will display. When
a user submits username and password, the switch then authenticates the user via a preconfigured
RADIUS server. If the login is successful, then the user will be granted full network access
according to the user's policy configuration on the switch.
PWA Configuration Considerations
In order to optimize PWA authentication on the Matrix Series device, the device must be configured
to satisfy the minimum requirements of an authenticating client needing to send an HTTP request
with its web browser. Typically, the client will need DNS and ARP resolution before it can generate
the HTTP request needed to do a PWA login. Also, DHCP may be needed in many environments.
These services are not provided by PWA and must be provided by the network. To accomplish this,
the device must be configured to allow access to the needed services.
The first step is to make sure that the multiple authentication port mode settings are set to "auth-opt"
on all ports that are configured to run PWA.
Example
This example shows how to set the multiple authentication port mode to "auth-opt" for all Fast
Ethernet ports in the chassis or standalone device:
Matrix(rw)->set multiauth port mode auth-opt fe.*.*
For details on using the set multiauth port command, refer to
Section
14.3.10.6.
Matrix NSA Series Configuration Guide
14-51
Advertisement
Chapters
Table of Contents
