Support User Manuals

Dell FCX624-I Laptop User Manual

Open as PDF

of 1494

1310 PowerConnect B-Series FCX Configuration Guide

53-1002266-01

Configuration tasks

37

• On a Layer 3 PowerConnect switch, assign an IP address to a virtual interface (VE) for

each VLAN on which Web Authentication will be enabled.

PowerConnect#configure terminal

PowerConnect(config)#vlan 10

PowerConnect(config-vlan-10)#router-interface ve1

PowerConnect(config-vlan-10)#untagged e 1/1/1 to 1/1/10

PowerConnect(config-vlan-10)#interface ve1

PowerConnect(config-vif-1)#ip address 1.1.2.1/24

2. By default, Web Authentication will use a RADIUS server to authenticate host usernames and

passwords, unless it is configured to use a local user database. If Web Authentication will use

a RADIUS server, you must configure the RADIUS server and other servers. For example, if your

RADIUS server has an IP address of 192.168.1.253, then use the CLI to configure the following

global CLI commands on the PowerConnect switch.

PowerConnect(config)# radius-server host 10.1.1.8

PowerConnect(config)# radius-server key $GSig@U\

NOTE

Remember the RADIUS key you entered. You will need this key when you configure your RADIUS

server.

3. Web authentication can be configured to use secure (HTTPS) or non-secure (HTTP) login and

logout pages. By default, HTTPS is used.

To enable the non-secure Web server on the PowerConnect switch, enter the following

command.

PowerConnect(config)# web-management HTTP

PowerConnect(config)#vlan 10

PowerConnect(config-vlan-10)webauth

PowerConnect(config-vlan-10-webauth)#no secure-login

To enable the secure Web server on the PowerConnect switch, enter the following command.

PowerConnect(config)# web-management HTTPS

PowerConnect(config)#vlan 10

PowerConnect(config-vlan-10)webauth

PowerConnect(config-vlan-10-webauth)#secure-login

4. If the secure Web server is used, in order to access a secure Web page, the Web server needs

to provide a key. This key is exchanged using a certificate. A certificate is a digital document

that is issued by a trusted source that can validate the authenticity of the certificate and the

Web server that is presenting it. Therefore the switch must have a certificate for web

authentication to work. There are two choices for providing the switch with a certificate:

• Upload one using the following global CLI command.

PowerConnect(config)# ip ssl private-key-file tftp <ip-addr> <key-filename>

• Generate one using the following global CLI command.

PowerConnect(config)#crypto-ssl certificate generate default_cert

5. Create a Web Authentication VLAN and enable Web Authentication on that VLAN.

PowerConnect(config)#vlan 10

PowerConnect(config-vlan-10)#webauth

PowerConnect(config-vlan-10-webauth)#enable

previous next