[x]

Web authentication configuration examples > Example: Configuring Web authentication by using the local authentication method

 

 Next

Example: Configuring Web authentication by using the local authentication method

Network configuration

As shown in Figure 89, the host is directly connected to the device through HundredGigE 1/0/1.

Configure Web authentication on HundredGigE 1/0/1, and use local authentication and authorization for the users.

Configure the device to push customized Web authentication pages to users and use HTTP to transfer the authentication data.

Figure 89: Network diagram

Procedure

  1. Customize the authentication pages, compress them to a file, and upload the file to the root directory of the storage medium of the device. In this example, the file is abc.zip. (Details not shown.)

  2. Assign IP addresses to the host and the device as shown in Figure 89, and make sure the host and the device can reach each other.

  3. Configure a local user:

    # Create a local network access user named localuser.

    <Device>system-view
[Device] local-user localuser class network

    # Set the password to localpass in plaintext form for user localuser.

    [Device-luser-network-localuser] password simple localpass

    # Authorize the user to use LAN access services.

    [Device-luser-network-localuser] service-type lan-access
[Device-luser-network-localuser] quit

  4. Configure an ISP domain:

    # Create an ISP domain named local.

    [Device] domain local

    # Configure the ISP domain to perform local authentication, authorization, and accounting for LAN access users.

    [Device-isp-local] authentication lan-access local
[Device-isp-local] authorization lan-access local
[Device-isp-local] accounting lan-access local
[Device-isp-local] quit

  5. Configure a local portal Web service:

    # Create an HTTP-based local portal Web service and enter its view.

    [Device] portal local-web-server http

    # Specify file abc.zip as the default authentication page file for the local portal Web service. (This file must exist in the root directory of the device.)

    [Device-portal-local-websvr-http] default-logon-page abc.zip

    # Specify the HTTP listening port number as 80 for the portal Web service.

    [Device–portal-local-websvr-http] tcp-port 80
[Device-portal-local-websvr-http] quit

  6. Configure Web authentication:

    # Create a Web authentication server named user.

    [Device] web-auth server user

    # Configure the redirection URL for the Web authentication server as http://20.20.0.1/portal/.

    [Device-web-auth-server-user] url http://20.20.0.1/portal/

    # Specify 20.20.0.1 as the IP address and 80 as the port number for the Web authentication server.

    [Device-web-auth-server-user] ip 20.20.0.1 port 80
[Device-web-auth-server-user] quit

    # Specify ISP domain local as the Web authentication domain.

    [Device] interface hundredgige 1/0/1
[Device-HundredGigE1/0/1] web-auth domain local

    # Enable Web authentication by using Web authentication server user.

    [Device-HundredGigE1/0/1] web-auth enable apply server user
[Device-HundredGigE1/0/1] quit

Verifying the configuration

# Display online Web authentication user information after user localuser passes Web authentication.

<Device> display web-auth user
  Total online web-auth users: 1

User Name: localuser
  MAC address: acf1-df6c-f9ad
  Access interface: HundredGigE1/0/1
  Initial VLAN: 1
  Authorization VLAN: N/A
  Authorization ACL ID: N/A
  Authorization user profile: N/A

prev

 

up

 next

Web authentication configuration examples 

home

 Example: Configuring Web authentication by using the RADIUS authentication method

© Copyright 2017 Hewlett Packard Enterprise Development LP