Filter
Top Products
PowerConnect B-Series FCX Configuration Guide 1325
53-1002266-01
Configuring web authentication options
37
PowerConnect(config-vlan-10-webauth)#port-down-auth-mac-cleanup
Syntax: [no] port-down-auth-mac-cleanup
While this command is enabled, the device checks the link state of all ports that are members of
the Web Authentication VLAN. If the state of all the ports is down, then the device forces all
authenticated hosts to re-authenticate. However, hosts that were authenticated using the add mac
command will remain authenticated; they are not affected by the port-down-auth-mac-cleanup
command.
Forcing re-authentication after an inactive period
You can force Web Authenticated hosts to be re-authenticated if they have been inactive for a
period of time. The inactive duration is calculated by adding the mac-age-time that has been
configured for the device and the configured authenticated-mac-age-time. (The mac-age-time
command defines how long a port address remains active in the address table.) If the
authenticated host is inactive for the sum of these two values, the host is forced to be
re-authenticated.
To force authenticated hosts to re-authenticate after a period of inactivity, enter commands such as
the following.
PowerConnect(config)#mac-age-time 600
PowerConnect(config)#vlan 23
PowerConnect(config-vlan-23)webauth
PowerConnect(config-vlan-23-webauth)#reauth-time 303
PowerConnect(config-vlan-23-webauth)#authenticated-mac-age-time 300
Syntax: [no] authenticated-mac-age-time <seconds>
You can enter a value from 0 to the value entered for reauth-time. The default is 3600.
Refer to “Changing the MAC age time and disabling MAC address learning” on page 307 for details
on the mac-age-time command. The default mac-age-time is 300 seconds and can be configured
to be between 60 and 600 on the PowerConnect switch. If it is configured to be 0, then the MAC
address does not age out due to inactivity.
Defining the web authorization redirect address
When a user enters a valid URL address (one that exists), the user is redirected to a Web
Authentication address and the Welcome page for Web Authentication is displayed. By default, this
Web Authentication address is the IP address of the PowerConnect switch. You can change this
address so that the address matches the name on the security certificates.
To change the address on a Layer 2 switch, enter a command such as the following at the global
configuration level.
PowerConnect(config)#webauth-redirect-address my.domain.net
To change the address on a Layer 3 switch, enter a command such as the following at the Web
Authentication VLAN level.
PowerConnect(config-vlan-10-webauth)#webauth-redirect-address my.domain.net
Entering "my.domain.net" redirects the browser to https://my.domain.net/ when the user enters a
valid URL on the Web browser.
Syntax: [no] webauth-redirect-address <string>