- Table of Contents
-
- H3C S3100-52P Command Manual-Release 1602(V1.01)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Command
- 06-Voice VLAN Command
- 07-GVRP Command
- 08-Port Basic Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-Port Security-Port Binding Command
- 12-DLDP Command
- 13-MAC Address Table Management Command
- 14-MSTP Command
- 15-Static Route Command
- 16-Multicast Command
- 17-802.1x and System Guard Command
- 18-AAA Command
- 19-Web Authentication Command
- 20-MAC Address Authentication Command
- 21-ARP Command
- 22-DHCP Command
- 23-ACL Command
- 24-QoS-QoS Profile Command
- 25-Mirroring Command
- 26-Stack-Cluster Command
- 27-SNMP-RMON Command
- 28-NTP Command
- 29-SSH Command
- 30-File System Management Command
- 31-FTP-SFTP-TFTP Command
- 32-Information Center Command
- 33-System Maintenance and Debugging Command
- 34-VLAN-VPN Command
- 35-HWPing Command
- 36-IPv6 Management Command
- 37-DNS Command
- 38-Smart Link-Monitor Link Command
- 39-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
19-Web Authentication Command | 47.73 KB |
Table of Contents
Chapter 1 Web Authentication Configuration Commands. 1-1
1.1 Web Authentication Configuration Commands. 1-1
1.1.1 display web-authentication configuration. 1-1
1.1.2 display web-authentication connection. 1-2
1.1.3 web-authentication cut connection. 1-3
1.1.4 web-authentication enable. 1-4
1.1.5 web-authentication free-ip. 1-4
1.1.6 web-authentication free-user 1-5
1.1.7 web-authentication max-connection. 1-6
1.1.8 web-authentication select method. 1-7
1.1.9 web-authentication timer idle-cut 1-8
1.1.10 web-authentication web-server 1-9
Chapter 1 Web Authentication Configuration Commands
1.1 Web Authentication Configuration Commands
1.1.1 display web-authentication configuration
Syntax
display web-authentication configuration
View
Any view
Parameters
None
Description
Use the display web-authentication configuration command to display all Web authentication configurations, including global configurations and configurations on individual ports.
Examples
# Display Web authentication configuration information.
<Sysname> display web-authentication configuration
Status: enabled
Web Server: IP=30.1.1.2 Port=80
Idle-cut time: 900 sec
Free IP:
1) IP=10.1.1.0 Net Mask=255.255.255.0
Free User:
1) IP=192.168.0.108 MAC=000d-88f6-44c1
Interface Configuration:
Interface_number method max-connection
Ethernet1/0/1 shared 128
Ethernet1/0/14 shared 128
Table 1-1 Description on the fields of display web-authentication configuration
Field | Description |
Status | Global status of Web authentication |
Web Server | IP address and port number of the Web authentication server |
Idle-cut time | idle user checking interval |
Free IP | Free IP address range information |
Free User | Authentication-free user information |
Interface Configuration | Configuration information about Web-authentication-enabled ports |
Interface_number | Index of a Web-authentication-enabled port |
method | User access method on the port, Shared or Designated. |
max-connection | Maximum number of online users allowed on the port |
1.1.2 display web-authentication connection
Syntax
display web-authentication connection { all | interface interface-type interface-number | user-name user-name }
View
Any view
Parameters
all: Displays information about all online Web-authentication users.
interface-type interface-number: Type and number of an interface.
user-name: Name of a user, a string of 1 to 184 characters.
Description
Use the display web-authentication connection command to display information about specified or all online Web-authentication users.
Examples
# Display information about all online Web-authentication users.
<Sysname> display web-authentication connection all
Username: 1
MAC: 000d-88f6-44c1 Interface: Ethernet1/0/1
VLAN: 2 Method: Shared
State: ONLINE Online-Time(s): 8
Total 1 connection(s) matched
Table 1-2 Description on the fields of display web-authentication connection
Field | Description |
Username | Name of an online Web-authentication user |
MAC | MAC address of the user |
Interface | Access port of the user |
VLAN | VLAN the user belongs to |
Method | Access method of the user, Shared or Designated. |
State | User status |
Online-Time(s) | Online time of the user |
1.1.3 web-authentication cut connection
Syntax
web-authentication cut connection { all | mac mac-address | user-name user-name | interface interface-type interface-number }
View
System view
Parameters
all: Specifies all online users.
mac mac-address: Specifies an user by the user’s MAC address.
user-name user-name: Specifies a user by the user’s name, which is a string of 1 to 184 characters.
interface-type interface-number: Specifies all users on a port.
Description
Use the web-authentication cut connection command to forcibly log out the specified or all users.
Examples
# Forcibly log out all online users on Ethernet 1/0/2.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] web-authentication cut connection interface Ethernet1/0/2
1.1.4 web-authentication enable
Syntax
web-authentication enable
undo web-authentication enable
View
System view
Parameters
None
Description
Use the web-authentication enable command to enable Web authentication globally.
Use the undo web-authentication enable command to disable Web authentication globally.
& Note:
Web authentication cannot be enabled when one of the following features is enabled, and vice versa: 802.1x, MAC authentication, port security and port aggregation.
Examples
# Enable Web authentication globally.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] web-authentication web-server ip 192.168.0.56 port 80
[Sysname] web-authentication enable
1.1.5 web-authentication free-ip
Syntax
web-authentication free-ip ip-address { mask-length | mask }
undo web-authentication free-ip { ip-address { mask-length | mask } | all }
View
System view
Parameters
ip-address: IP address.
mask-length: Mask length, ranging from 1 to 32.
mask: Mask address.
Description
Use the web-authentication free-ip command to set a free IP address range, which can be accessed by users before they pass Web authentication.
Use the undo web-authentication free-ip command to remove the setting or all such settings.
By default, no free IP address range is set.
& Note:
l The to-be-set free IP address range cannot include the Web authentication server’s IP address.
l At most four free IP address range can be set.
Examples
# Set IP address range 10.1.1.0/24 as a free address range.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] web-authentication free-ip 10.1.1.0 24
1.1.6 web-authentication free-user
Syntax
web-authentication free-user ip ip-address mac mac-address
undo web-authentication free-user { ip ip-address mac mac-address | all }
View
System view
Parameters
ip-address: IP address of a user.
mac-address: MAC address of the user, in the format of H-H-H (for example, 000d-88f6-44c1).
all: Deletes all authentication-free user settings.
Description
Use the web-authentication free-user command to set an authentication-free user, so that a user whose source IP and MAC addresses are both identical with those of the authentication-free user can access the network without the necessary to pass the Web authentication.
Use the undo web-authentication free-user command to remove the setting or all such settings.
By default, no authentication-free user is set.
& Note:
l You can set up to eight authentication-free users.
l After a user gets online in shared access method, if you configure an authentication-free user whose IP address and MAC address are the same as those of the online user, the online user will be forced to get offline.
Examples
# Set the user with IP address 192.168.0.108 and MAC address 0010-0020-0030 as an authentication-free user.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] web-authentication free-user ip 192.168.0.108 mac 0010-0020-0030
1.1.7 web-authentication max-connection
Syntax
web-authentication max-connection number
undo web-authentication max-connection
View
Port view
Parameters
number: Maximum number of online Web-authentication users on the port, in the range of 1 to 128.
Description
Use the web-authentication max-connection command to limit the number of online Web authentication users on the current port. When this threshold is reached, no more users can pass the Web authentication on the port.
This configuration can only be performed on ports in shared access method.
By default, a port allows up to 128 online Web-authentication users.
Examples
# Configure Ethernet 1/0/1 to allow at most 100 online Web-authentication users.
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] web-authentication select method shared
[Sysname-Ethernet1/0/1] web-authentication max-connection 100
1.1.8 web-authentication select method
Syntax
web-authentication select method { shared | designated }
undo web-authentication select
View
Port view
Parameters
shared: Sets the Web authentication access method on the port to shared.
designated: Sets the Web authentication access method on the port to designated.
Description
Use the web-authentication select command to enable Web authentication on the current port and set the Web authentication access method on the port.
Use the undo web-authentication select command to disable Web authentication on the port.
There are two Web authentication access methods:
l shared: In this mode, the port allows multiple Web authentication users to be online at the same time.
l designated: In this mode, the port allows only one Web authentication user to be online at a time.
This configuration takes effect only when Web authentication is enabled globally. If Web authentication is not enabled globally, this configuration will only be saved.
& Note:
You are not allowed to enable Web authentication on a port if:
l The port is an access port, or,
l The port belongs to an aggregation group.
Examples
# Enable Web authentication on Ethernet 1/0/1 and set the Web authentication access method to shared.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] web-authentication select method shared
1.1.9 web-authentication timer idle-cut
Syntax
web-authentication timer idle-cut timer
undo web-authentication timer idle-cut
View
System view
Parameters
timer: Interval for checking whether an online user is idle. It ranges from 10 to 86400 seconds. Value 0 means the idle user checking function is disabled.
Description
Use the web-authentication timer idle-cut command to set the idle user checking interval for Web authentication.
Use the undo web-authentication timer idle-cut command to restore the default.
By default, the idle user checking interval is 900 seconds for Web authentication.
& Note:
The idle user checking interval is the interval at which the system checks whether a user is idle. When a user is found idle, if the corresponding MAC address entry has not been aged out, the system keeps the user online; otherwise, the system logs off the user. You are recommended to set the interval to a value that is greater than half of the MAC address entry aging time but less than the MAC address entry aging time.
Examples
# Set the idle user checking interval to 500 seconds for Web authentication.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] web-authentication timer idle-cut 500
1.1.10 web-authentication web-server
Syntax
web-authentication web-server ip ip-address [ port port-number ]
undo web-authentication web-server
View
System view
Parameters
ip-address: IP address of the Web authentication server. It must be a valid unicast address.
port-number: Port number of the Web authentication server. It ranges from 1 to 50000, with 80 as the default.
Description
Use the web-authentication web-server ip command to set the IP address and port number of the Web authentication server, which will be used for Web authentication of users.
Use the undo web-authentication web-server command to restore the default.
By default, no Web authentication server IP address is set and the port number is 80.
& Note:
Before enabling Web authentication globally, you should first set the IP address of the Web authentication server.
Examples
# Set the IP address and port number of the Web authentication server to 192.168.0.56 and 80.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] web-authentication web-server ip 192.168.0.56 port 80