Comware

 View Only
last person joined: yesterday 

Back to discussions
Expand all | Collapse all

5140 EI switch How to configure web authentication

This thread has been viewed 8 times

  • 1.  5140 EI switch How to configure web authentication

    Posted Jan 24, 2024 10:42 AM

    Hi,


    We are planning to replace the edgeswitch with this one, but I am not sure how to web authentication set it up.
    The switch before replacement is configured to obtain an IP address (192.168.1.0/24) from the DHCP server before web authentication and use the distributed IP address even after passing web authentication.
    I tried to set up the same settings for this switch, but it did not work.


    client --- 5140switch --- CoreSW --- RADIUS server 192.168.20.1
                                                  |
                                                    ------- DHCP server 192.168.30.1、192.168.30.2
                                                  |
                                                   ------- server 192.168.1.0/24


    When I connect a client to GE1/0/2 of this switch, I can confirm that the IP address is distributed from the DHCP server, but I cannot access the web authentication screen (http://10.0.0.1/portal/).
    All routing on the 5140 switch is directed to the CoreSW gateway address (192.168.1.254), and the default gateway distributed by DHCP is the same IP address (192.168.1.254).
    Since this is a private NW that is only used by this switch There is no routing for the network address (10.0.0.0/24) of the WEB authentication URL in the routing table of CoreSW.

    When I set the default gateway for the client to the VLAN2 address (192.168.1.251) of the switch, I was able to access the web authentication screen.
    I had thought that the 5140 switch would route communications directed to the web authentication address on its own, but this does not seem to be the case.
    I don't want to change the DHCP server or CoreSW routing settings, so is there any way to configure the client to access the web authentication screen without changing the default gateway of the client?


    Test Configuration

    vlan 2

    ip route-static 0.0.0.0 0.0.0.0 192.168.1.254

    interface Vlan-interface 2
    ip address 192.168.1.251 255.255.255.0

    interface loopBack 0
    description web-auth_address
    ip address 10.0.0.1 24

    radius scheme radius
    primary authentication 192.168.20.1
    key authentication simple password
    user-name-format without-domain

    domain auth
    authentication default radius-scheme radius
    authorization default radius-scheme radius

    portal local-web-server http
    default-logon-page weblogin.zip

    web-auth server webauth
    url http://10.0.0.1/portal/
    ip 10.0.0.1 port 80

    interface GigabitEthernet 1/0/1
    description to_CoreSW
    port access vlan 2

    interface GigabitEthernet 1/0/2
    description to_client
    port access vlan 2
    web-auth domain auth
    web-auth enable apply server webauth

     


    Thanks,

    take