8.3.2 Logging In to an Authentication Network
There are two ways for pre-authentication terminals to log in to the authentication network: using URL redirection function or using a Web authentication-only IP. Both methods require you to configure a Web authentication IP address.
The Web authentication IP address is an IPv4 address that terminals use to access the Switch during the Web authentication process. Because the address is not tied to a particular interface on the switch, it allows terminals on different IP subnets to use the same IP address to log in and out of the authentication network. Because packets directed to the Web authentication IP address are never forwarded outside the Switch, you can use the same address at any number of switches in the network. Therefore, the process for logging in and out of the authentication network is identical at every terminal.
- Notes
-
-
Before terminals can use the Web authentication IP address, you must configure the authentication arp-relay configuration command. In an environment where this command is not configured, specify the IP address of the Switch interface when configuring the default gateway for the terminal.
-
- <Structure of this section>
(1) URL redirection feature
You can configure the switch to forcibly display a login page in response to outgoing HTTP and HTTPS requests received from an unauthenticated terminal.
You can use an FQDN (fully qualified domain name) as the destination URL by specifying the name in the web-authentication ip address configuration command.
|
|
![[Figure Data]](./GRAPHICS/ZU208021.GIF)
- Notes
-
This function is not available in many Web browsers when a proxy server is set in the terminal's Web browser and https is used for accessing URL.
(2) Logging in using a Web authentication-only IP address
Users can log in and log out by using the Web authentication IP address configured on the Switch.
|
|
![[Figure Data]](./GRAPHICS/ZU208022.GIF)
- Notes
-
If a proxy server is set for the terminal's Web browser, make sure that Web authentication-only IP address is set so that the proxy server is not applied.