Configuring https access for web authentication, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual
Page 558: Configuring https access for web, Authentication
1-3
To do…
Use the command…
Remarks
interface interface-type
interface-number
users
web-authentication
max-connection number
and 512 users by default on a
device
z
Before enabling global Web authentication, you should first set the IP address of a Web
authentication server.
z
Web authentication cannot be enabled when one of the following features is enabled, and vice
versa: 802.1x, MAC authentication, port security, port aggregation and IRF.
z
You can make Web authentication settings on individual ports before Web authentication is
enabled globally, but they will not take effect. The Web authentication settings on ports take effect
immediately once you enable Web authentication globally.
z
A Web authentication client and the switch with Web authentication enabled must be able to
communicate at the network layer so that the Web authentication page can be displayed on the
Web authentication client.
z
Web authentication is mutually exclusive with functions that depend on ACLs such as IP filtering,
ARP intrusion detection, QoS, and port binding.
z
After a user gets online in shared access method, if you configure an authentication-free user
whose IP address and MAC address are the same as those of the online user, the online user will
be forced to get offline.
Configuring HTTPS Access for Web Authentication
HTTP and HTTPS can be used for interaction between an authentication client and an access device:
z
If HTTP is used, there are potential security problems because HTTP packets are transferred in
plain text;
z
If HTTPS is used, data security is ensured because HTTPS packets are transferred in ciphertext
based on SSL.
After you configure HTTPS access for Web authentication on the switch, the switch will allow clients to
use HTTPS to open the authentication pages for secure transmission of authentication information.
Configuration Prerequisites
To configure the access protocol as HTTPS, be sure to configure the PKI domain and SSL server policy,
and request a certificate for the PKI domain at first. For information about SSL and PKI configuration,
refer to PKI Operation and SSL Operation in this manual.
Configuration Procedure
Follow these steps to specify the access protocol for Web authentication: