8.1 Overview
Web authentication uses generic Web browsers, such as Microsoft Edge (hereafter simply referred to as Web browsers), to authenticate users through user ID and password-based authentication. The Switch grants successfully authenticated terminals access to the post-authentication network on the basis of their MAC addresses.
Web authentication allows users to perform authentication using only their Web browser, without the need to install any special software on the terminal.
- <Structure of this section>
(1) Authentication mode
The Switch supports the following authentication modes:
-
Fixed VLAN mode
In this mode, successfully authenticated terminals have their MAC addresses entered in the MAC address table and are permitted access to the VLAN. To allow terminals to log in to an authentication network, you can use the URL redirection function offered in the Switch or specify the Web authentication IP address.
-
Dynamic VLAN mode
Successfully authenticated terminals have their MAC addresses entered in a MAC address table and registered in a MAC VLAN. Terminals are given access to different VLANs before and after authentication. To allow terminals to log in to an authentication network, you can use the URL redirection function offered in the Switch or specify the Web authentication IP address.
In dynamic VLAN mode, VLAN to which the unauthenticated terminal belongs is called the unauthenticated VLAN. The post-authentication VLAN is called the post-authentication VLAN.
(2) Authentication method
The Switch can select either of the following methods for local authentication or RADIUS authentication in either the fixed VLAN mode or dynamic VLAN mode.
-
Local authentication
This is a method for registering user information in the authentication DB (called the built-in Web authentication DB) built into the Switch, and verifying that the information matches the information entered from PC before authenticating. This method is suited to small-scale networks that lack a RADIUS server.
-
RADIUS authentication
Authentication is performed by using a RADIUS server deployed on the network. This method is suited to larger networks.
(3) Authentication network
In the Switch, Web authentication controls authentication on the IPv4 network. For this reason, terminals seeking authentication must attach to a VLAN interface that has an IPv4 address. Note that you can use an IPv4 or IPv6 address to specify a RADIUS server.