Syntax
display web-authentication configuration
View
Any view
Parameters
None
Description
Use the display web-authentication
configuration command to display all Web authentication configurations,
including global configurations and configurations on individual ports.
Examples
# Display Web authentication configuration
information.
<Sysname> display
web-authentication configuration
Status: enabled
Web Server: IP=30.1.1.2
Port=80
Idle-cut time: 900 sec
Free IP:
1) IP=10.1.1.0
Net Mask=255.255.255.0
Free User:
1) IP=192.168.0.108
MAC=000d-88f6-44c1
Interface Configuration:
Interface_number
method max-connection
GigabitEthernet1/0/1
shared 128
GigabitEthernet1/0/14
shared 128
Table 1-1
Description on the fields of display web-authentication
configuration
|
Field
|
Description
|
|
Status
|
Global
status of Web authentication
|
|
Web Server
|
IP address
and port number of the Web authentication server
|
|
Idle-cut
time
|
idle user
checking interval
|
|
Free IP
|
Free IP
address range information
|
|
Free User
|
Authentication-free
user information
|
|
Interface Configuration
|
Configuration information about
Web-authentication-enabled ports
|
|
Interface_number
|
Index of a Web-authentication-enabled
port
|
|
method
|
User access method on the port, Shared or
Designated.
|
|
max-connection
|
Maximum number of online users allowed on
the port
|
Syntax
display web-authentication connection { all | interface interface-type interface-number
| user-name user-name }
View
Any view
Parameters
all:
Displays information about all online Web-authentication users.
interface-type interface-number: Type and number of an interface.
user-name:
Name of a user, a string of 1 to 184 characters.
Description
Use the display web-authentication
connection command to display information about specified or all online
Web-authentication users.
Examples
# Display information about all online
Web-authentication users.
<Sysname> display
web-authentication connection all
Username: 1
MAC: 000d-88f6-44c1 Interface: GigabitEthernet1/0/1
VLAN: 2 Method: Shared
State: ONLINE Online-Time(s):
8
Total 1 connection(s) matched
Table 1-2 Description on the fields of display
web-authentication connection
|
Field
|
Description
|
|
Username
|
Name of an online Web-authentication user
|
|
MAC
|
MAC address of the user
|
|
Interface
|
Access port of the user
|
|
VLAN
|
VLAN the user belongs to
|
|
Method
|
Access method of the user, Shared or
Designated.
|
|
State
|
User status
|
|
Online-Time(s)
|
Online time of the user
|
Syntax
web-authentication cut connection { all | mac mac-address | user-name user-name
| interface interface-type interface-number }
View
System view
Parameters
all: Specifies
all online users.
mac mac-address:
Specifies an user by the user’s MAC address.
user-name user-name:
Specifies a user by the user’s name, which is a string of 1 to 184
characters.
interface-type interface-number: Specifies all users on a port.
Description
Use the web-authentication cut
connection command to forcibly log out the specified or all users.
Examples
# Forcibly log out all online users on GigabitEthernet
1/0/2.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] web-authentication cut
connection interface GigabitEthernet1/0/2
Syntax
web-authentication enable
undo web-authentication enable
View
System view
Parameters
None
Description
Use the web-authentication enable
command to enable Web authentication globally.
Use the undo web-authentication enable
command to disable Web authentication globally.
Web authentication
cannot be enabled when one of the following features is enabled, and vice
versa: 802.1x, MAC authentication, port security, port aggregation and IRF.
Examples
# Enable Web authentication globally.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] web-authentication
web-server ip 192.168.0.56 port 80
[Sysname] web-authentication enable
Syntax
web-authentication free-ip ip-address { mask-length | mask }
undo web-authentication free-ip { ip-address { mask-length | mask } | all
}
View
System view
Parameters
ip-address:
IP address.
mask-length:
Mask length, ranging from 1 to 32.
mask: Mask
address.
Description
Use the web-authentication free-ip
command to set a free IP address range, which can be accessed by users before
they pass Web authentication.
Use the undo web-authentication
free-ip command to remove the setting or all such settings.
By default, no free IP address range is
set.
l
The to-be-set free IP address range cannot
include the Web authentication server’s IP address.
l
At most four free IP address range can be set.
Examples
# Set IP address range 10.1.1.0/24 as a
free address range.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] web-authentication free-ip
10.1.1.0 24
Syntax
web-authentication free-user ip ip-address mac mac-address
undo web-authentication free-user { ip ip-address mac mac-address | all
}
View
System view
Parameters
ip-address: IP address of a user.
mac-address: MAC address of the user, in the format of H-H-H (for example,
000d-88f6-44c1).
all: Deletes all authentication-free user settings.
Description
Use the web-authentication free-user
command to set an authentication-free user, so that a user whose source IP and
MAC addresses are both identical with those of the authentication-free user can
access the network without the necessary to pass the Web authentication.
Use the undo web-authentication
free-user command to remove the setting or all such settings.
By default, no authentication-free user is
set.
l
You can set up to eight authentication-free
users.
l
After a user gets online in shared access
method, if you configure an authentication-free user whose IP address and MAC
address are the same as those of the online user, the online user will be
forced to get offline.
Examples
# Set the user with IP address
192.168.0.108 and MAC address 0010-0020-0030 as an authentication-free user.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] web-authentication
free-user ip 192.168.0.108 mac 0010-0020-0030
Syntax
web-authentication max-connection number
undo web-authentication max-connection
View
Port view
Parameters
number: Maximum number of online Web-authentication users on the port, in
the range of 1 to 128.
Description
Use the web-authentication
max-connection command to limit the number of online Web authentication
users on the current port. When this threshold is reached, no more users can
pass the Web authentication on the port.
This configuration can only be performed on
ports in shared access method.
By default, a port allows up to 128 online
Web-authentication users.
Examples
# Configure GigabitEthernet 1/0/1 to allow
at most 100 online Web-authentication users.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1]
web-authentication select method shared
[Sysname-GigabitEthernet1/0/1]
web-authentication max-connection 100
Syntax
web-authentication select method { shared | designated }
undo web-authentication select
View
Port view
Parameters
shared: Sets
the Web authentication access method on the port to shared.
designated:
Sets the Web authentication access method on the port to designated.
Description
Use the web-authentication select
command to enable Web authentication on the current port and set the Web
authentication access method on the port.
Use the undo web-authentication select
command to disable Web authentication on the port.
There are two Web authentication access
methods:
l
shared: In this mode, the port allows multiple
Web authentication users to be online at the same time.
l
designated: In this mode, the port allows only
one Web authentication user to be online at a time.
This configuration takes effect only when
Web authentication is enabled globally. If Web authentication is not enabled
globally, this configuration will only be saved.
You are not allowed
to enable Web authentication on a port if:
l
The port is an access port, or,
l
The port belongs to an aggregation group.
Examples
# Enable Web authentication on GigabitEthernet
1/0/1 and set the Web authentication access method to shared.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitEthernet1/0/1]
web-authentication select method shared
Syntax
web-authentication timer idle-cut timer
undo web-authentication timer idle-cut
View
System view
Parameters
timer: Interval
for checking whether an online user is idle. It ranges from 10 to 86400
seconds. Value 0 means the idle user checking function is disabled.
Description
Use the web-authentication timer
idle-cut command to set the idle user checking interval for Web
authentication.
Use the undo web-authentication
timer idle-cut command to restore the default.
By default, the idle user checking interval
is 900 seconds for Web authentication.
The idle user
checking interval is the interval at which the system checks whether a user is
idle. When a user is found idle, if the corresponding MAC address entry has not
been aged out, the system keeps the user online; otherwise, the system logs off
the user. You are recommended to set the interval to a value that is greater
than half of the MAC address entry aging time but less than the MAC address
entry aging time.
Examples
# Set the idle user checking interval to
500 seconds for Web authentication.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] web-authentication timer
idle-cut 500
Syntax
web-authentication web-server ip ip-address [ port port-number ]
undo web-authentication web-server
View
System view
Parameters
ip-address:
IP address of the Web authentication server. It must be a valid unicast
address.
port-number:
Port number of the Web authentication server. It ranges from 1 to 50000, with
80 as the default.
Description
Use the web-authentication web-server ip
command to set the IP address and port number of the Web authentication server,
which will be used for Web authentication of users.
Use the undo web-authentication
web-server command to restore the default.
By default, no Web authentication server IP
address is set and the port number is 80.
Before enabling Web
authentication globally, you should first set the IP address of the Web
authentication server.
Examples
# Set the IP address and port number of the
Web authentication server to 192.168.0.56 and 80.
<Sysname> system-view
System View: return to User View with
Ctrl+Z.
[Sysname] web-authentication
web-server ip 192.168.0.56 port 80
