Configuration Guide WEB Authentication Configuration
The maximum number of connections before user authentication is limited to prevent TCP attacks.
By default, the maximum number of connections for each IP address is 255 globally. (The number
of connections available for each IP address may decrease as the total number of connections
increases.) One user PC may initiate multiple HTTP connections through a browser or other
software (such as software for chatting, downloading, and videos), or even Trojan virus. In this case,
the browser may fail to set up a connection; therefore, authentication cannot be completed because
other software occupies the connection resource. To address this issue, the maximum number of
connections for each IP address must be set to a large value if possible. If users with web
authentication enable too much software that features automatic connection, the software must be
disabled before users access the Internet.
When a user PC needs to perform web authentication, the user PC must initiate an HTTP
connection, which requires the user PC to obtain an IP address resolved by the DNS server and an
ARP reply packet sent by the gateway. In this case, the access device allows the user PC to send
an ARP request packet to the gateway before authentication. This situation may create chance for
ARP spoofing. If a user sends ARP packets to the gateway by forging the IP addresses of other
users on the same VLAN, the gateway will learn incorrect ARP entries, affecting other users on the
same VLAN.
The DM function must be enabled. For configuration details, see the DM-SCG.
Configuration Steps
39) Configure the second-generation Portal server.
Ruijie# config
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# portal-server eportalv2 ip 192.168.3.1 url
http://www.web_auth.com/webportal/index.jsp
40) Configure Ruijie second-generation web authentication function.
Ruijie# config
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# web-auth portal eportalv2
41) Configure AAA.
Ruijie# config
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)# aaa new-model
Ruijie(config)# radius-server host 172.20.1.20 key aaatest
Ruijie(config)# aaa authentication web-auth default group radius
Ruijie(config)# aaa accounting network default start-stop group radius
42) Enable web authentication on ports.
Ruijie(config)# interface range fa0/2-3
Ruijie(config-if-range)# web-auth port-control
To Next Page
Loading...
