Forgot password?
 Register now

Welcome to use this form to feedback your problems with Ruijie Community

The category of your feedback

Your Feedback

Your Email address (optional):

How to configure web authentication on the Ruijie switch? Reply

GTAC-Sophia

Level 6

Ruijie Staff

How to configure web authentication on the Ruijie switch?
545 0 2024-8-29 16:41:55
Original
Networking requirements

1. Customers can use common browser software for access authentication, and there is no need to install other client authentication software.
2. When an unauthenticated user accesses the Internet, the device forces the user to log in to a specific site, where the user can access the services for free.
3. When the user needs to use other information inthe Internet, they must be authenticated in the Web authentication server, only after the authentication can use Internet resources.
4. Charge authenticated users.
5. Users do not need authentication to accessrelated servers
6. You can set authentication-free users (srcMac),users can use Internet resources without authentication restrictions.
7. You can set authentication-free users (srcIP, including the management IP address of the next connected switch), and you canuse Internet resources without authentication restrictions on users.
8. Configure seamless online for authentication users
9.Prevent arp spoofing
Network topology



3.Configuration key steps
Core switch configuration
1. Configure the aaa function
2. Configure the web redirection page and web authentication redirection server (eportal server).
3. Set authentication exemption user (srcIP) -----> Note: The connected NMS switch needs to be managed  and set as an authentication exemption user.
4. Set Authentication Exemption User (srcMAC) (optional)
5. Support detection based on user traffic (optional, selected according to customerdemand)
Key points of connecting to the switch
Downlink switches configuration:
1. Anti-attack Settings
  1) Prevent arpspoofing
  2), anti-DHCPspoofing
2. Prevent loop Settings
Eportal server configuration key steps
Add device
4.Configuration steps:
Core switch configuration:
1. Configurethe aaa function

Ruijie#configure

Ruijie(config)#aaa new-model

Ruijie(config)#radius-server host 17.17.1.5 keyruijie

ruijie (config)#aaa authentication web-authruijie-1 group radius ------> Create an authentication list with the nameruijie-1

ruijie (config)#aaa accounting network ruijie-2start-stop group radius ------> Create the accounting list. The name of thelist is ruijie-2



2. Configuring the web redirection page and web authentication redirection server (eportal server)

Ruijie(config)#web-auth template eportalv2

Ruijie(config.tmplt.eportal v2)#ip 17.17.1.6

Ruijie(config.tmplt.eportal v2)#exit

Ruijie(config)#web-auth portal key ruijie------> Configure the key for the authentication device to communicate with the authentication server

Ruijie(config)#web-auth template eportalv2

Ruijie (config. TMPLT. Eportalv2) # urlhttp://17.17.1.6/eportal/index.jsp

ruijie (config.tmplt.eportalv2)#authenticationruijie-1 ------> request authentication list

ruijie (config.tmplt.eportalv2)#accounting ruijie-2------> request the billing list

Ruijie(config.tmplt.eportalv2)#exit

Ruijie(config)# interface GigabitEthernet 1/1

Ruijie(config-if)# web-auth enable eportalv2------> Enable web authentication on the interface

Ruijie(config-if)# exit



3. Indicates the arp option of the permit gateway

Ruijie(config)#http redirect direct-site 18.1.1.1arp ------> Set the gateway IP address to an authentication-exempt network resource range and enable the arp option to ensure that the PC can complete DNS and ARP requests before authentication.

Ruijie(config)#http redirect direct-site 19.1.1.1arp ------> If multiple network segments exist on the switch, you need toenable the gateways of all network segments to ensure that the PC can complete ARP requests and perform DNS communication.



4. Setup unauthentication Users (srcIP)
Ruijie(config)#web-auth direct-host 20.1.1.2 arp-----> Note: The downstream NMS switch needs to be managed, set as anauthentication-free user, and needs to carry the arp option.

5. Configuring Authentication-Exempt Users (srcMAC) (Optional)

mac access-list extended mianrenzhen

permit host 5124.3526.0023 any etype-any ----->ACL-based authentication exemption permit mechanism, such as MAC addresses ofthe two public PCS in the service hall security global access-group mianrenzhen



6. Support detection based on user traffic (optional, selected according to customer requirements)
offline-detect interval 6 threshold 0 ----->This function can be used to detect whether a user is online. The check criteria are as follows: Based on the traffic, if the user traffic is 0 within six minutes (480 minutes by default) (Check the bidirectional traffic on the authentication port), the user is considered offline.

2.Downlink switch configuration:
1) Prevent ARP spoofing
The IP Source Guard+ ARP-check scheme is used together with DHCP snooping to prevent user-initiated arp spoofing
2) Prevent DHCP Server fraud
Using DHCP Snooping to prevent a private DHCP server, users can obtain abnormal addresses.
3) Prevent loops
3.Verification
View authentication information about the switch


View details about an authentication user

RG-S5300-48GT4XS-E

Campus Switch
There are no replies.
Related Posts
Product Model

Share this topic to

Cancel

This site contains user submitted content, comments and opinions and is for informational purposes only. Ruijie may provide or recommend responses as a possible solution based on the information provided; every potential issue may involve several factors not detailed in the conversations captured in an electronic forum and Ruijie can therefore provide no guarantee as to the efficacy of any proposed solutions on the community forums. Ruijie disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Ruijie Community Terms of Use.

More ways to get help: Visit Support Videos, call us via Service Hotline, Facebook or Live Chat.

©2000-2023 Ruijie Networks Co,Ltd