Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
81828384858687888990
4. Ping the switch console interface to ensure that the switch can communicate with the RADIUS
server you have configured to support web-based authentication on the switch.
5. Configure the switch with the correct IP address and encryption key to access the RADIUS
server.
6. (Optional) To use SSL encryption for web-based authentication login, configure and enable
SSL on the switch.
7. Enable web-based authentication on the switch ports you want to use.
8. Configure the optional settings that you want to use for web-based authentication; for example:
To avoid address conflicts in a secure network, configure the base IP address and mask
to be used by the switch for temporary DHCP addresses. You can also set the lease length
for these temporary IP addresses.
To use SSL encryption for web-based authentication login, configure the SSL option.
o redirect authorized clients to a specified URL, configure the Redirect URL option.
9. Configure how web-based authenticator ports transmit traffic before they successfully
authenticate a client and enter the authenticated state:
You can block incoming and outgoing traffic on a port before authentication occurs.
You can block only incoming traffic on a port before authentication occurs. Outgoing
traffic with unknown destination addresses is flooded on unauthenticated ports configured
for web-based authentication. For example, Wake-on-LAN traffic is transmitted on a
web-based Authenticated egress port that has not yet transitioned to the authenticated
state;
10. Test both authorized and unauthorized access to your system to ensure that web authentication
works properly on the ports you have configured for port-access using web authentication.
NOTE: Client web browsers can not use a proxy server to access the network.
Configuration commands for web-based authentication
Controlled directions
Syntax
aaa port-access port-list
controlled-directions <both | in>
After you enable web-based-based authentication on specified ports, you can use
the aaa port-access controlled-directions command to configure how
a port transmits traffic before it successfully authenticates a client and enters the
authenticated state.
both
(default): Incoming and outgoing traffic is blocked on a port configured for
web-based authentication before authentication occurs.
in
Incoming traffic is blocked on a port configured for web-based authentication
before authentication occurs. Outgoing traffic with unknown destination
addresses is flooded on unauthenticated ports configured for web-based
authentication.
84 Web-based and MAC authentication