Web Authentication Task List; Configuration Prerequisites - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
and anti-virus software server to the users. The users can use these resources to upgrade their client
software or other programs.
Web authentication supports Auth-Fail VLAN on an interface that performs MAC-based access
control. If a user on the interface fails authentication, the access devices creates a MAC VLAN entry
based on the MAC address of the user and adds the user to the Auth-Fail VLAN. Then, the user can
access the portal-free IP resources in the Auth-Fail VLAN. All HTTP requests to non-portal-free IP
resources will be redirected to the authentication page. If the user passes authentication, the access
device adds the user to the authorized VLAN (if any) or return the user to the initial VLAN of the
interface. If the user fails the authentication, the access device keeps the user in the Auth-Fail VLAN.
The initial VLAN and the Auth-Fail VLAN of a user might be on different subnets. A user can access
the resources in the authorized VLAN only when the IP address of the client is on the same subnet
as the authorized VLAN. Therefore, a user might need to update the IP address of the client after the
user is assigned to the authorized VLAN.
Authorization ACL
Web authentication uses ACLs authorized by the AAA server or the access device to control user
access to network resources and limit user access rights. When a user passes authentication, the
AAA server and the access device assigns an authorization ACL to the access interface of the user.
The access device filters traffic from the user on the access interface according to the authorized
ACL.
You must configure the authorized ACLs on the access device if you specify authorization ACLs on
the authentication server.
To change the access control criteria for the user, you can specify a different authorization ACL on
the authentication server or change rules in the authorized ACL on the access device.
Web authentication task list
Tasks at a glance
(Required.) Configuring the Web authentication server
(Required.) Enabling Web authentication
(Optional.)
Specifying a Web authentication domain
(Optional.) Setting the redirection wait time
(Optional.) Configuring a Web authentication-free subnet
(Optional.) Setting the maximum number of Web authentication users
(Optional.)
Configuring online Web authentication user detection
(Optional.)
Configuring an Auth-Fail VLAN
(Optional.)
Configuring Web authentication to support Web proxy
Configuration prerequisites
The device supports two methods for Web authentication, which are local authentication and
RADIUS authentication.
To use the local authentication method, configure usernames and passwords on the access device.
User authentication is performed on the access device directly.
When using the RADIUS authentication method, the device acts as a RADIUS client and cooperates
with the RADIUS server to perform authentication for users. Before you configure Web
authentication by using the RADIUS server, make sure the following requirements are met:
502
Advertisement
Table of Contents
Troubleshooting
