beautypg.com

Changing the login mode (https or http), Specifying trusted ports, Authenticated. (refer to – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 305

background image

Syntax: [no] accounting

Enter the no accounting command to disable RADIUS accounting for Web Authentication.

Changing the login mode (HTTPS or HTTP)

Web Authentication can be configured to use secure (HTTPS) or non-secure (HTTP) login and logout
pages. By default, HTTPS is used.

Web authentication pages

on page 310 shows an example Login

page.

To change the login mode to non-secure (HTTP), enter the no secure-login command.

device(config-vlan-10-webauth)# no secure-login

To revert to secure mode, enter the secure-login command.

device#secure-login

Syntax: [no] secure-login

Specifying trusted ports

You can configure certain ports of a Web Authentication VLAN as trusted ports. All hosts connected to
the trusted ports need not authenticate and are automatically allowed access to the network.

To create a list of trusted ports, enter commands such as the following.

device(config-vlan-10-webauth)# trust-port ethernet 3

device(config-vlan-10-webauth)# trust port ethernet 6 to 10

The above commands configure ports 3 and 6 - 10 as trusted ports.

Syntax: trust-port ethernet port [ to port ]

Specifying hosts that are permanently authenticated

Certain hosts, such as DHCP server, gateway, printers, may need to be permanently authenticated.
Typically, these hosts are managed by the network administrator and are considered to be authorized
hosts. Also, some of these hosts (such as printers) may not have a Web browser and will not be able to
perform the Web Authentication.

To permanently authenticate these types of hosts, enter a command such as the following at the
"webauth" configuration level.

device(config-vlan-10-webauth)# add mac 0000.00eb.2d14 duration 0

device(config-vlan-10-webauth)# add mac 0000.000e.de3b duration 0

Syntax: [no] add mac [ mac-address duration seconds | ethernet port duration seconds ]

Syntax: [no] add mac mac-address

seconds specifies how long the MAC address remains authenticated. Enter 0 - 128000 seconds. The
default is the current value of reauth-time . A value of "0" means that Web Authentication for the MAC
address will not expire.

Instead of just entering a duration for how long the MAC address remains authenticated, you can
specify the MAC address to be added by the specified port that is a member of the VLAN. To do this,
enter values for the ethernetportdurationseconds option. Enter the port number and the number of
seconds the MAC address remains authenticated.

Changing the login mode (HTTPS or HTTP)

FastIron Ethernet Switch Security Configuration Guide

305

53-1003088-03

See also other documents in the category Brocade Computer Accessories: