Configuration Guide User guide
1888 FastIron Configuration Guide
53-1002494-02
Web authentication configuration considerations
If the authentication is unsuccessful, the appropriate page is displayed on the host browser. The
host is asked to try again or call for assistance, depending on what message is configured on the
Web page. If the host MAC address is authenticated by the trusted source, a Web page is displayed
with a hyperlink to the URL the host originally entered. If the user clicks on the link, a new window is
opened and the the user is directed to the requested URL.
While a MAC address is in the authenticated state, the host can forward data through the FastIron
switch. The MAC address remains authenticated until one of the following events occurs:
• The host MAC address is removed from a list of MAC addresses that are automatically
authenticated. (Refer to “Specifying hosts that are permanently authenticated” on page 1902).
• The re-authentication timer expires and the host is required to re-authenticate (Refer to
“Configuring the re-authentication period” on page 1903).
• The host has remained inactive for a period of time and the inactive period timer has expired.
(Refer to “Forcing re-authentication after an inactive period” on page 1906.)
• All the ports on the VLAN on which Web Authentication has been configured are in a down
state. All MAC addresses that are currently authenticated are de-authenticated (Refer to
“Forcing re-authentication when ports are down” on page 1905.)
• The authenticated client is cleared from the Web Authentication table. (Refer to “Clearing
authenticated hosts from the web authentication table” on page 1903).
The FastIron switch can be configured to automatically authenticate a host MAC address. The host
will not be required to login or re-authenticate (depending on the re-authentication period) once the
MAC address passes authentication.
A host that is logged in and authenticated remains logged in indefinitely, unless a re-authentication
period is configured. When the re-authentication period ends, the host is logged out. A host can log
out at any time by pressing the Logout button in the Web Authentication Success page.
NOTE
The host can log out as long as the Logout window (Success page) is visible. If the window is
accidentally closed, the host cannot log out unless the re-authentication period ends or the host is
manually cleared from the Web Authentication table.
Web authentication configuration considerations
Web Authentication is modeled after other RADIUS-based authentication methods currently
available on Brocade edge switches. However, Web Authentication requires a Layer 3 protocol
(TCP/IP) between the host and the authenticator. Therefore, to implement Web Authentication, you
must consider the following configuration and topology configuration requirements:
• Web authentication works only when both the HTTP and HTTPS servers are enabled on the
device.
• Web Authentication works only on the default HTTP or HTTPS port.
• The host must have an IP address prior to Web Authentication. This IP address can be
configured statically on the host; however, DHCP addressing is also supported.
• If you are using DHCP addressing, a DHCP server must be in the same broadcast domain as
the host. This DHCP server does not have to be physically connected to the switch. Also, DHCP
assist from a router may be used.