Name: Enterasys Matrix DFE-Gold Series
Brand: Enterasys
Rating: 4 (1 reviews)

To Next Page

To Previous Page

clear dot1x auth-config Configuring Port Web Authentication (PWA)

Enterasys Matrix DFE-Gold Series Configuration Guide 25-11

Configuring Port Web Authentication (PWA)

About PWA

PWAprovidesawayofauthenticatingusersbeforeallowinggeneralaccesstothenetwork.A

PWAuser’saccesstothenetworkisrestricteduntilaftertheusersuccessfullylogsinviaaweb

browserusingtheEnterasysMatrixSeriesweb‐basedsecuri tyinterface.TheEnterasysMatrix

Seriesdevicewillvalidateall

logincredentialfromtheuserwithaRADIUSserverbeforeallowing

networkaccess.

PWAisanalternativeto802.1XandMACauthentication.Itallowsonlytheessentialprotocols

andservicesrequiredbytheauthenticationprocessbetweentheend‐stationandthenetwork.All

othertrafficisdiscarded.Whenauseris

intheunauthenticatedstate,anyusertrafficrequesting

networkresourceswillnotbeallowed.

Tologonusing PWA,theusermakesarequestviaawebbrowserforthe PWAwebpageoris

automaticallyredirectedtothisloginpageafterrequestingaURLinabrowser.

Dependingupon

theauthenticatedstateoftheuser,aloginpageoralogoutpagewilldisplay.

Whenausersubmitsusernameandpassword,theswitchthenauthenticatestheuserviaa

preconfiguredRADIUSserver.Iftheloginissuccessful,thentheuserwillbegrantedfullnetwork

accessaccordingtotheuser’s

policyconfigurationontheswitch.

PWA Configuration Considerations

InordertooptimizePWAauthenticationontheEnterasysMatrixSeriesdevice,thedevicemustbe

configuredtosatisfytheminimumrequirementsofanauthenticatingclientneedingtosendan

HTTPrequestwithitswebbrowser.Typically,theclientwillneedDNS andARPresolutionbefore

itcangeneratetheHTTP

requestneededtodoaPWAlogin.Also,DHCPmaybeneededinmany

environments.TheseservicesarenotprovidedbyPWAandmustbeprovidedbythenetwork.To

accomplishthis,thedevicemustbeconfiguredtoallowaccesstotheneededservices.

Thefirststepistomakesure

thatthemultipleauthenticationportmodesettingsaresetto“auth‐

opt”onallportsthatareconfiguredtorun PWA.

Examples

Thisexampleshowshowtosetthemultipleauthenticationportmodeto“auth‐opt”forallFast

Ethernetportsinthechassisorstandalonedevice:

Matrix(rw)->set multiauth port mode auth-opt fe.*.*

Fordetailsonusingthesetmultiauthportcommand,referto“setmultiauthport”onpage 27‐6.

Settingtheportmodeinthisfashionwillallowtraffictoflowthroughtheportwithout

authenticationaccordingtoitsconfiguration.Bydefault,thiswouldallowalltraffictobe

forwarded.Conversely,you

couldconfiguretheportstodropalltraffic,butthisisnotthemost

effectivesolution.Betteryetwouldbetoconfiguretheporttoprovideonlytheminimalservices

andnothingmore.Themostpowerfultoolforaccomplishingthisgoalispolicyconfiguration.

Policiesprovidetheflexibilityneededtotailor

theseservicestotheconfigurationandsecurity

needsofyourenvironment.

Thisexampleshowshowtoconfigureapolicyprofilethatwilldiscardalltrafficbydefault:

Matrix(rw)->set policy profile 1 name “Unauthenticated User” pvid 0 pvid-status

enable

Thisexampleshowshowtoconfigurepolicyprofilerule1thatwillenabletheselectiveservices

requiredforPWA.Thisrulewill:

•forwardARPrequests,

Brand	Enterasys
Model	Matrix DFE-Gold Series
Category	Switch
Language	English

Enterasys Matrix DFE-Gold Series User Manual

Table of Contents

Questions and Answers:

Enterasys Matrix DFE-Gold Series Specifications

Related product manuals