Manualshelf

Access Security Guide K/KA/KB.15.15

ManualsBrandsHP ManualsNetwork HardwareHP 5406R-8XGT/8SFP+ (No PSU) v2 zl2 Switch
919293949596979899100
Implementing customized web-based authentication pages
To implement enhanced web-based authentication pages, you need to:
Configure and start a web server on your local network.
Customize the HTML template files and make them accessible to the web server.
Configure the switch to display the customized files by using the aaa port-access
web-based ewa-server command to specify the server's IP address or host name and the
path to the customized HTML files on the server.
Customizing HTML templates
Follow these guidelines when you are customizing an HTML template:
Do not change the name of any of the HTML files (index.html, accept.html, and so on).
Some template pages use Embedded Switch Includes (ESIs) or Active Server Pages. These
should not be modified when customizing HTML files. ESIs behave as follows:
1. A client's web browser sends a request for an HTML file. The switch passes the request
to a configured web server.
2. The web server responds by sending a customized HTML page to the switch. Each ESI
call in the HTML page is replaced with the value (in plain text) retrieved by the call.
3. The switch sends the final version of the HTML page to the client's web browser.
Store all customized login web pages (including any graphics) that you create for client login
on each web server at the path you will configure with the aaa port-access web-based
ewa-server command.
See “Customizable HTML templates” (page 110) for details on page templates available.
Viewing
Viewing the status and settings of ports enabled for web-based authentication
Viewing status of ports enabled for web-based authentication
Syntax:
show port-access web-based [ port-list ]
Displays the status of all ports or specified ports that are enabled for web-based
authentication. The information displayed for each port includes:
Number of authorized and unauthorized clients.
VLAN ID number of the untagged VLAN used. If the switch supports MAC
(untagged) VLANs, MACbased is displayed to show that multiple untagged
VLANs are configured for authentication sessions.
If tagged VLANs (statically configured or RADIUS-assigned) are used (Yes or
No.)
If client-specific per-port CoS (Class of Service) values are configured (Yes or
No) or the numerical value of the CoS (802.1p priority) applied to all inbound
traffic. For client-specific per-port CoS values, enter the show port-access
web-based clients detailed command.
If per-port rate-limiting for inbound traffic is applied (Yes or No) or the
percentage value of the port's available bandwidth applied as a rate-limit
value.
If RADIUS-assigned ACLs are applied.
Viewing 91