Web Authentication Support For Authorization Acls; Web Authentication Task List - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
To deploy Web authentication on a trunk or hybrid port, make sure the port PVID, the authorization
VLAN ID, and the user VLAN ID are the same.
Auth-Fail VLAN
An Auth-Fail VLAN is a VLAN assigned to users who fail authentication. The Auth-Fail VLAN
provides network resources such as the patch server, virus definitions server, client software server,
and anti-virus software server to the users. The users can use these resources to upgrade their client
software or other programs.
Web authentication supports Auth-Fail VLAN on an interface that performs MAC-based access
control. If a user on the interface fails authentication, the access devices creates a MAC VLAN entry
based on the MAC address of the user and adds the user to the Auth-Fail VLAN. Then, the user can
access the portal-free IP resources in the Auth-Fail VLAN. All HTTP requests to non-portal-free IP
resources will be redirected to the authentication page. If the user passes authentication, the access
device adds the user to the authorized VLAN (if any) or return the user to the initial VLAN of the
interface. If the user fails the authentication, the access device keeps the user in the Auth-Fail VLAN.
The initial VLAN and the Auth-Fail VLAN of a user might be on different subnets. A user can access
the resources in the Auth-Fail VLAN only when the IP address of the client is on the same subnet as
the Auth-Fail VLAN. Therefore, a user might need to update the IP address of the client after the user
is assigned to the Auth-Fail VLAN.
Web authentication support for authorization ACLs
Authorization ACL
Web authentication uses ACLs authorized by the AAA server or the access device to control user
access to network resources and limit user access rights. When a user passes authentication, the
AAA server and the access device assigns an authorization ACL to the access interface of the user.
The access device filters traffic from the user on the access interface according to the authorization
ACL.
You must configure the authorization ACLs on the access device if you specify authorization ACLs
on the authentication server.
To change the access control criteria for the user, you can specify a different authorization ACL on
the authentication server or change rules in the authorization ACL on the access device.
Web authentication task list
Tasks at a glance
(Required.)
(Required.)
(Optional.)
Specifying a Web authentication domain
(Optional.)
Setting the redirection wait time
(Optional.)
Configuring a Web authentication-free subnet
(Optional.)
Setting the maximum number of Web authentication users
(Optional.)
Configuring online Web authentication user detection
(Optional.)
Configuring an Auth-Fail VLAN
(Optional.)
Configuring Web authentication to support Web proxy
Configuring the Web authentication server
Enabling Web authentication
594
Advertisement
Table of Contents
Troubleshooting
