Overview

  1. If you have not already done so, configure a local username and password pair on the switch.

  2. Identify or create a redirect URL for use by authenticated clients. Hewlett Packard Enterprise recommends that you provide a redirect URL when using web-based authentication. If a redirect URL is not specified, web browser behavior following authentication cannot be acceptable.

  3. If you plan to use multiple VLANs with web-based authentication, ensure that these VLANs are configured on the switch and that the appropriate port assignments have been made. Confirm that the VLAN used by authorized clients can access the redirect URL.

  4. Ping the switch console interface to ensure that the switch can communicate with the RADIUS server you have configured to support web-based authentication on the switch.

  5. Configure the switch with the correct IP address and encryption key for RADIUS server access

  6. (Optional) To use SSL encryption for web-based authentication login, configure and enable SSL on the switch.

  7. Enable web-based authentication on the switch ports you want to use.

  8. Configure the optional settings that you want to use for web-based authentication; for example:
    • To avoid address conflicts in a secure network, configure the base IP address and mask to be used by the switch for temporary DHCP addresses. You can also set the lease length for these temporary IP addresses.

    • To use SSL encryption for web-based authentication login, configure the SSL option.

    • To redirect authorized clients to a specified URL, configure the Redirect URL option.

  9. Configure how web-based authenticator ports transmit traffic before they successfully authenticate a client and enter the authenticated state:
    • You can block incoming and outgoing traffic on a port before authentication occurs.

    • You can block only incoming traffic on a port before authentication occurs. Outgoing traffic with unknown destination addresses is flooded on unauthenticated ports configured for web-based authentication. For example, Wake-on-LAN traffic is transmitted on a web-based Authenticated egress port that has not yet transitioned to the authenticated state.

  10. To ensure that web-based authentication works properly on the ports you have configured for port-access using web-based authentication, test both authorized and unauthorized access to your system.

NOTE:

Client web browsers cannot use a proxy server to access the network.