Web authorization proxy – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.15

Web Authorization Proxy

Without this feature, AlliedWare Plus Web-authentication intercepts a supplicant’s initial
TCP port 80 connection to a web page and sends it to the Web-authentication Login page.
However, if the supplicant is configured to use a web proxy, then it will usually be using
TCP port 8080 (or another user configured port number). In this case Web-authentication
cannot intercept the connection.

To overcome this limitation, use the command

auth-web-server intercept-port

.

When a supplicant is configured to use WPAD (Web Proxy Auto-Discovery) the
supplicant’s web browser will use TCP port 80 as usual, and so it can be intercepted by
Web-authentication as normal, and the Web-authentication Login page is sent. However,
after authentication, it does not know where to get the WPAD file (usually named
proxy.pac) that tells it what its web proxy is and so cannot access external web pages.

You can use the

auth-web-server dhcp-wpad-option

command to tell the supplicant

where to find the proxy.pac file. This proxy.pac file contains the URL and/or IP address of
the web proxy server that it should use.

For more information and examples, see the “Web Auth Proxy” section in the

Alliedware

Plus Technical Tips and Tricks.