Enterasys Networks N Standalone (NSA) Series Switch User Manual


  Open as PDF
of 1372
 
Security Configuration Command Set
Configuring Port Web Authentication (PWA)
14-52 Matrix NSA Series Configuration Guide
Setting the port mode in this fashion will allow traffic to flow through the port without
authentication according to its configuration. By default, this would allow all traffic to be
forwarded. Conversely, you could configure the ports to drop all traffic, but this is not the most
effective solution. Better yet would be to configure the port to provide only the minimal services
and nothing more. The most powerful tool for accomplishing this goal is policy configuration.
Policies provide the flexibility needed to tailor these services to the configuration and security needs
of your environment.
Examples
This example shows how to configure a policy profile that will discard all traffic by default:
This example shows how to configure policy profile rule 1 that will enable the selective services
required for PWA. This rule will:
forward ARP requests,
allow access to a server (at IP 1.2.3.4) that acts as both a DNS and DHCP server, and
be assigned as the default policy profile for all Fast Ethernet ports.
Also, the PWA client must be configured (statically, or through DHCP) to have routes to both the
resolved URL (a local route, or an actual gateway) and the PWA IP address. DHCP may be
configured to explicitly return a static route for the client, or to inform the client that all routes are
local (meaning the client is its own default gateway).
For more information on configuring policy profiles, refer to Chapter 8.
For more information on configuring DHCP, refer to Section 12.2.9.
Purpose
To review, enable, disable, and configure Port Web Authentication (PWA).
Matrix(rw)->set policy profile 1 name “Unauthenticated User” pvid 0 pvid-status
enable
Matrix(rw)->set policy rule 1 ether 0x806 forward
Matrix(rw)->set policy rule 1 ipdest 1.2.3.4 forward
Matrix(rw)->set policy rule 1 udpdest 67 forward
Matrix(rw)->set policy rule 1 updsource 68 forward
Matrix(rw)->set policy port fe.*.* 1
 previous next