Command Line Interface
4-130
4
Command Usage
When using a bit mask to filter displayed MAC addresses, a 1 means "care"
and a 0 means "don't care". For example, a MAC of 00-00-01-02-03-04 and
mask FF-FF-FF-00-00-00 would result in all MACs in the range
00-00-01-00-00-00 to 00-00-01-FF-FF-FF to be displayed. All other MACs
would be filtered out.
Example
Web Authentication
Web authentication allows stations to authenticate and access the network in
situations where 802.1X or Network Access authentication are infeasible or
impractical. The web authentication feature allows unauthenticated hosts to request
and receive a DHCP assigned IP address and perform DNS queries. All other traffic,
except for http protocol traffic, is blocked. The switch intercepts http protocol traffic
and redirects it to a switch-generated webpage that facilitates username and
password authentication via RADIUS. Once authentication is successful, the web
browser is forwarded on to the originally requested web page. Successful
authentication is valid for all hosts connected to the port.
Notes: 1.
MAC authentication, web authentication, 802.1X, and port security cannot be
configured together on the same port. Only one security mechanism can be
applied.
2. RADIUS authentication must be activated and configured properly for the
web authentication feature to work properly. (See “Configuring Local/Remote
Logon Authentication” on page 3-53)
3. Web authentication cannot be configured on trunk ports.
Console#show network-access mac-address-table
---- ----------------- --------------- --------- -------------------------
Port MAC-Address RADIUS-Server Attribute Time
---- ----------------- --------------- --------- -------------------------
1/1 00-00-01-02-03-04 172.155.120.17 Static 00d06h32m50s
1/1 00-00-01-02-03-05 172.155.120.17 Dynamic 00d06h33m20s
1/1 00-00-01-02-03-06 172.155.120.17 Static 00d06h35m10s
1/3 00-00-01-02-03-07 172.155.120.17 Dynamic 00d06h34m20s
Console#
Table 4-37 Web Authentication
Command Function Mode Page
web-auth
login-attempts
Defines the limit for failed web authentication login
attempts
GC 4-131
web-auth
login-fail-page-url
Defines the external URL to which a host is directed after
a failed web authentication attempt
GC 4-131
web-auth
login-page-url
Defines the external URL to which a host is directed to
complete web authentication
GC 4-132
web-auth
login-success-page-url
Defines the external URL to which a host is directed after
a successful web authentication
GC 4-132