<Configuration example>
Overview: Enable WEB authentication for Port 1 to 2. Only allow users
registered to local user database to communicate with VLAN1.
Isolate the unregistered terminal to VLAN 100.
1. Move to the interface configuration mode for Port 1, 2.
2. Change PVID for Port 1, 2 to 100.
3. Register the following account to local user database to assign it
to VLAN 1.
User name: user1
Password: user1-password (encrypted)
Authentication method: WEB authentication only.
4. Specify Port 1, 2 as target ports for WEB authentication.
5. Specify virtual IP address to 1.1.1.1.
6. Enable WEB authentication.
M24eGi> enable
M24eGi# configure
M24eGi(config)# interface GigabitEthernet0/1-2
M24eGi(config-if)# pvid 100
M24eGi(config-if)# exit
M24eGi(config)# aaa authentication auth-user user1 password user1-password
encrypt vlan 1 auth-type web
・・・3
M24eGi(config)# web-authentication port 1-2
M24eGi(config)# web-authentication virtual-ip 1.1.1.1
M24eGi(config)# web-authentication
M24eGi(config)# end
M24eGi#
Fig. 4-14-2 Configuration example of WEB authentication (local database
authentication)
363
・・・1
・・・2
・・・4
・・・5
・・・6