beautypg.com

Web authentication configuration tasks – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 294

background image

Web authentication configuration tasks

Follow the steps given below to configure Web Authentication on a device.

1. Set up any global configuration required for the FastIron switch, RADIUS server, Web server and

other servers.

On a Layer 2 FastIron switch, make sure the FastIron switch has an IP address.

device#configure terminal

device(config)#ip address 10.1.1.10/24

On a Layer 3 FastIron switch, assign an IP address to a virtual interface (VE) for each
VLAN on which Web Authentication will be enabled.

device#configure terminal

device(config)#vlan 10

device(config-vlan-10)#router-interface ve1

device(config-vlan-10)#untagged e 1/1/1 to 1/1/10

device(config-vlan-10)#interface ve1

device(config-vif-1)#ip address 10.1.2.1/24

2. By default, Web Authentication will use a RADIUS server to authenticate host usernames and

passwords, unless it is configured to use a local user database. If Web Authentication will use a
RADIUS server, you must configure the RADIUS server and other servers. For example, if your
RADIUS server has an IP address of 10.168.1.253, then use the CLI to configure the following
global CLI commands on the FastIron switch.

device(config)#radius-server host 10.1.1.8

device(config)#radius-server key $GSig@U\

NOTE
Remember the RADIUS key you entered. You will need this key when you configure your RADIUS
server.

3. Web authentication can be configured to use secure (HTTPS) or non-secure (HTTP) login and

logout pages. By default, HTTPS is used.

To enable the non-secure Web server on the FastIron switch, enter the following command.

device(config# vlan 10

device(config-vlan-10# webauth

device(config-vlan-10-webauth# no secure-login

To enable the secure Web server on the FastIron switch, enter the following command.

device(config# vlan 10

device(config-vlan-10# webauth

device(config-vlan-10-webauth)# secure-login

4. If the secure Web server is used, in order to access a secure Web page, the Web server needs to

provide a key. This key is exchanged using a certificate. A certificate is a digital document that is
issued by a trusted source that can validate the authenticity of the certificate and the Web server
that is presenting it. Therefore the switch must have a certificate for web authentication to work.
There are two choices for providing the switch with a certificate:

Upload one using the following global CLI command.

device(config)# ip ssl private-key-file tftp ip-addr key-filename

Generate one using the following global CLI command.

device(config)#crypto-ssl certificate generate default_cert

Web authentication configuration tasks

294

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: