Access Security Guide K/KA/KB.15.15
Specifying the re-authentication period
Syntax
aaa port-access web-based <port-list>
[reauth-period]<0-9999999>]
Specifies the time period, in seconds, the switch enforces on a client to
re-authenticate. When set to 0, reauthentication is disabled. (Default: 300 seconds)
Specifying a forced reauthentication
Syntax
aaa port-access web-based <port-list> [reauthenticate]
Forces a re-authentication of all attached clients on the port.
Specifying the URL
Syntax
aaa port-access web-based <port-list> [redirect-url<url>]
[no]aaa port-access web-based <port-list> [redirect-url]
Specifies the URL that a user is redirected to after a successful login. Any valid,
fully-formed URL can be used, for example, http://welcome-server/welcome.htm
or http://192.22.17.5. HP recommends that you provide a redirect URL when
using web authentication.
NOTE: The redirect-url command accepts only the first 103 characters of
the allowed 127 characters.
Use the [no] form of the command to remove a specified redirect URL.
(Default: There is no default URL. Browser behavior for authenticated clients can
not be acceptable.)
Specifying the timeout
Syntax
aaa port-access web-based[e]<port-list> [server-timeout
<1-300>]
Specifies the period, in seconds, the switch waits for a server response to an
authentication request. Depending on the current max-requests value, the switch
sends a new attempt or ends the authentication session. (Default: 30 seconds)
Configuring the RADIUS server to support MAC authentification
On the RADIUS server, configure the client device authentication in the same way that you would
any other client, except:
• Configure the client device’s (hexadecimal) MAC address as both username and password.
Be careful to configure the switch to use the same format that the RADIUS server uses.
Otherwise, the server will deny access. The switch provides four format options:
◦ aabbccddeeff (the default format)
◦ aabbcc-ddeeff
◦ aa-bb-cc-dd-ee-ff
◦ aa:bb:cc:dd:ee:ff
88 Web-based and MAC authentication