Enterasys Networks 1H582-xx User Manual
Security Configuration Command Set
Configuring Port Web Authentication (PWA)
14-63
14.3.5 Configuring Port Web Authentication (PWA)
About PWA
PWA provides a way of authenticating a user on a switch port before allowing the user general
access to the network. PWA locks down a port a user is attached to until after the user successfully
logs in via a web browser and Secure Harbour
access to the network. PWA locks down a port a user is attached to until after the user successfully
logs in via a web browser and Secure Harbour
TM
— Enterasys Networks’ web-based security
interface — to access the Matrix E1 device. The device will pass all login information from the end
station to a RADIUS server for authentication before turning the port on.
station to a RADIUS server for authentication before turning the port on.
PWA is an alternative to 802.1X and MAC authentication. It allows only the essential protocols and
services required by the authentication process on the segment between the end-station and the
switch port. All other traffic is discarded. When a user is in the unauthenticated state, any traffic
generated by the end-station will not go beyond the switch port to which the user is connected.
services required by the authentication process on the segment between the end-station and the
switch port. All other traffic is discarded. When a user is in the unauthenticated state, any traffic
generated by the end-station will not go beyond the switch port to which the user is connected.
To log on using PWA, the user makes a request via a web browser for the Secure Harbour web page.
Depending upon the authenticated state of the port, a login page or a logout page will display. When
a user submits a login page with a configured username and password, the switch then authenticates
the user via a preconfigured RADIUS server. If the login is successful, then the port that the
end-station is connected to will be turned on and full network access will be granted according to
the user’s port configuration on the switch.
Depending upon the authenticated state of the port, a login page or a logout page will display. When
a user submits a login page with a configured username and password, the switch then authenticates
the user via a preconfigured RADIUS server. If the login is successful, then the port that the
end-station is connected to will be turned on and full network access will be granted according to
the user’s port configuration on the switch.
Purpose
To review, enable, disable, and configure Port Web Authentication (PWA).
Commands
The commands needed to review and configure PWA are listed below and described in the
associated section as shown:
associated section as shown:
•
•
set pwa (
)
•
set pwa hostname (
•
set pwa displaylogo (
•
set pwa refreshtime (
)
NOTE: Port Web Authentication cannot be enabled if either MAC authentication or
EAPOL (802.1X) is enabled. For information on disabling 802.1X, refer to
EAPOL (802.1X) is enabled. For information on disabling 802.1X, refer to
. For information on disabling MAC authentication, refer to