Configuration Guide User guide
1890 FastIron Configuration Guide
53-1002494-02
Web authentication configuration tasks
Web authentication configuration tasks
Follow the steps given below to configure Web Authentication on a device.
1. Set up any global configuration required for the FastIron switch, RADIUS server, Web server
and other servers.
• On a Layer 2 FastIron switch, make sure the FastIron switch has an IP address.
Brocade# configure terminal
Brocade(config)#ip address 10.1.1.10/24
• On a Layer 3 FastIron switch, assign an IP address to a virtual interface (VE) for each VLAN
on which Web Authentication will be enabled.
Brocade#configure terminal
Brocade(config)#vlan 10
Brocade(config-vlan-10)#router-interface ve1
Brocade(config-vlan-10)#untagged e 1/1/1 to 1/1/10
Brocade(config-vlan-10)#interface ve1
Brocade(config-vif-1)#ip address 1.1.2.1/24
2. By default, Web Authentication will use a RADIUS server to authenticate host usernames and
passwords, unless it is configured to use a local user database. If Web Authentication will use
a RADIUS server, you must configure the RADIUS server and other servers. For example, if your
RADIUS server has an IP address of 192.168.1.253, then use the CLI to configure the following
global CLI commands on the FastIron switch.
Brocade(config)# radius-server host 10.1.1.8
Brocade(config)# radius-server key $GSig@U\
NOTE
Remember the RADIUS key you entered. You will need this key when you configure your RADIUS
server.
3. Web authentication can be configured to use secure (HTTPS) or non-secure (HTTP) login and
logout pages. By default, HTTPS is used.
To enable the non-secure Web server on the FastIron switch, enter the following command.
Brocade(config)# web-management HTTP
Brocade(config)#vlan 10
Brocade(config-vlan-10)webauth
Brocade(config-vlan-10-webauth)#no secure-login
To enable the secure Web server on the FastIron switch, enter the following command.
Brocade(config)# web-management HTTPS
Brocade(config)#vlan 10
Brocade(config-vlan-10)webauth
Brocade(config-vlan-10-webauth)#secure-login
4. If the secure Web server is used, in order to access a secure Web page, the Web server needs
to provide a key. This key is exchanged using a certificate. A certificate is a digital document
that is issued by a trusted source that can validate the authenticity of the certificate and the
Web server that is presenting it. Therefore the switch must have a certificate for web
authentication to work. There are two choices for providing the switch with a certificate:
• Upload one using the following global CLI command.