5.1.1 Layer 2 authentication type
The Switch supports the following functionality for authentication at the Layer 2 level:
-
IEEE802.1X
Provides user authentication conforming to the IEEE 802.1X standard. IEEE 802.1X authenticates terminals based on the successful exchange of EAPOL packets.
-
Web Authentication
Web authentication is a function that uses generic Web browsers to authenticate users. Authenticates users on terminals that can run an ordinary Web browser.
-
MAC-based Authentication
Authenticates devices such as printers that are not capable of providing user-initiated logons.
Several authentication modes are used in Layer 2 authentication. The table below provides an overview of Layer 2 authentication functionality by authentication mode.
Although some types of authentication functionality will work with other networking functionality, other types will not. For details about the feature combinations, see 5.2 Compatibility between Layer 2 authentication and other functionality.
Layer 2 Authentication |
Authentication modes |
Overview |
---|---|---|
IEEE802.1X |
Fixed VLAN mode |
After successful authorization, you can communicate within VLAN. Fixed VLAN mode has the following three authentication submodes, which have different authentication operations:
|
Dynamic VLAN mode |
After successful authentication, a terminal is permitted access to the VLAN assigned to its MAC address. In dynamic VLAN mode, there are two authentication submodes: single mode and terminal authentication mode. |
|
Web Authentication |
Fixed VLAN mode |
A terminal is permitted access to the VLAN after successful user authentication. |
Dynamic VLAN mode |
After successful user authentication, the terminal is permitted access to the VLAN associated with its MAC address. Authorization is enabled on the physical port where the MAC VLAN is configured. |
|
MAC-based Authentication |
Fixed VLAN mode |
A terminal is permitted access to the VLAN after successful user authentication. |
Dynamic VLAN mode |
After successful authentication, a terminal is permitted access to the VLAN assigned to its MAC address. |
The Switch can perform multi-step authentication that combines multiple authentication functions and performs two-step authentication. In multi-step authentication, the first level of authentication is called terminal authentication and the second level of authentication is called user authentication. In multi-step authentication, operation that allows authentication in two stages, terminal authentication and user authentication is called multi-step authentication, and operation that allows authentication only in a single authentication function is called single authentication.
The following table describes the combinations of authentication functions that can be used for terminal authentication and user authentication in multi-step authentication. When combining authentication functions, set the authentication mode to either fixed VLAN mode or dynamic VLAN mode.
Combination pattern |
Terminal authentication |
User authentication |
---|---|---|
Combining MAC and IEEE802.1X Authentication |
MAC-based Authentication |
IEEE802.1X certification* |
Combining MAC and Web Authentication |
MAC-based Authentication |
Web Authentication |
Combining IEEE802.1X and Web Authentication |
IEEE802.1X certification* |
Web Authentication |
- #
-
Set the terminal authentication mode in the authentication submode, and set auto for the terminal detection operation.