Configuration Guide User guide
FastIron Configuration Guide 1889
53-1002494-02
Web authentication configuration considerations
• Web Authentication, 802.1X port security, and multi-device port authentication are not
supported concurrently on the same port.
• Web Authentication is not supported on an MCT VLAN.
The following applies to Web Authentication in the Layer 2 switch image:
• If the management VLAN and Web Authentication VLAN are in different IP networks, make sure
there is at least one routing element in the network topology that can route between these IP
networks.
The following are required for Web Authentication in the base Layer 3 and full Layer 3 images:
• Each Web Authentication VLAN must have a virtual interface (VE).
• The VE must have at least one assigned IPv4 address.
Web Authentication is enabled on a VLAN. That VLAN becomes a Web Authentication VLAN that
does the following:
• Forwards traffic from authenticated hosts, just like a regular VLAN.
• Blocks traffic from unauthenticated hosts except from ARP, DHCP, DNS, HTTP, and HTTPs that
are required to perform Web Authentication.
Figure 200 shows the basic components of a network topology where Web Authentication is used.
You will need:
• A Brocade FastIron switch running a software release that supports Web Authentication
• DHCP server, if dynamic IP addressing is to be used
• Computer/host with a web browser
Your configuration may also require a RADIUS server with some Trusted Source such as LDAP or
Active Directory.
NOTE
The Web server, RADIUS server, and DHCP server can all be the same server.
FIGURE 200 Basic topology for web authentication
Computer/Client
10.1.1.101/24
IP-FES
10.1.1.101/24
DHCP Server
10.1.1.12/24
Web Server
10.1.1.9/24
RADIUS Server
10.1.1.8
Trusted Source
(LDAP/Active Directory)