Configuration Guide Vol. 2

8.8 Notes on Using Web authentication

<Structure of this section>

(1) Coexistence with other functions

For details about coexistence with other functions, see 5.2 Compatibility between Layer 2 authentication and other functions.

(2) Devices connected between the Switch and terminals subject to authentication

Do not connect a proxy server, router, or similar piece of equipment to the Switch.

If the terminal undergoing authentication is behind a device (such as a proxy server or router) that substitutes its own MAC address in outgoing packets, the Switch will identify the MAC address of the device as belonging to the terminal. This results in an inability to control authentication at the level of individual terminals.

Exercise caution when connecting a hub without inter-port isolation functionality or a wireless LAN downstream from the Switch. PCs attached to that hub or wireless LAN will be able to communicate with each other regardless of their authentication status.

Figure 8-18: Connections between the Switch and terminals

[Figure Data]

(3) Operation when VLAN function is restarted

When you use the restart vlan operation command to restart the VLAN function, the switch does not clear the authentication status of Web-authenticated users. Instead, users are re-registered in the same order in which they performed authentication. Note that affected users will be unable to access the network until the registration process is complete, which can take some time depending on the number of users.

(4) When Web authenticator restarts

If you restart the Web authentication daemon, the switch cancels the authentication status of all authenticated users. In this case, users need to perform re-authentication manually after the daemon restarts.

(5) About IP address lease time setting of DHCP servers

When using a DHCP server to distribute pre-authentication IP addresses to terminals seeking authentication, specify as short a lease time as possible for IP addresses assigned by the DHCP server.

The smallest lease time the internal DHCP server of the Switch allows is 10 seconds. However, specifying such a small value in an environment with a large number of users can place a heavy load on the switch. Consider this factor when setting the lease time.

[Product name label]

All Rights Reserved, Copyright(C), 2021, 2023, ALAXALA Networks, Corp.