8.2.3 Configuration using IP addressing
A terminal attempting Web authentication can obtain an IP address in the three ways given below. Because Web authentication operates on the IPv4 network, the descriptions here relate to IPv4 addresses.
-
IP address distribution using the Switch's internal DHCP server
-
IP address distribution using an external DHCP server
-
Manual distribution of IP addresses
In fixed VLAN mode, there is no need for the terminal to change IP address after authentication. On the other hand, in dynamic VLAN, IP subnet changes as VLAN of the terminal is changed before and after authentication. Therefore, IP address must be changed.
The following is a sample configuration for each IP addressing scheme in dynamic VLAN.
- <Structure of this section>
(1) When IP addressing is distributed using the built-in DHCP server function of the Switch
The figure below shows an example configuration in which the DHCP server built into the Switch assigns IP addresses.
The DHCP server functionality distributes the IP address associated with the pre-authentication VLAN to terminals seeking authentication. A terminal user can then use a Web browser to perform authentication.
Terminals that complete the authentication process gain membership to the post-authentication VLAN. After the lease for the IP address expires, the DHCP server distributes to the terminal an IP address associated with the post-authentication VLAN, which enables access from the terminal.
|
- Notes
-
-
The DHCP server must be configured to distribute IP addresses associated with the pre-authentication and post-authentication VLANs.
-
The DHCP server must be configured to distribute its default gateway address to attached terminals.
-
(2) When using external DHCP servers
The figure below shows an example of a configuration in which an external DHCP server distributes the IP addresses the terminal uses during and after authentication.
The external DHCP server distributes an IP address associated with the pre-authentication VLAN to a terminal seeking authentication. A user of the terminal can then perform authentication using a Web browser.
Terminals that complete the authentication process gain membership to the post-authentication VLAN. After the lease for the IP address expires, the DHCP server distributes the terminal an IP address associated with the post-authentication VLAN.
|
- Notes
-
-
The DHCP server must be configured to distribute its default gateway address to attached terminals.
-
(3) To manually set IP adress of the terminal
The figure below shows an example configuration in which you change the IP address of authenticated terminals manually.
In this configuration, you give an authenticated terminal access to the post-authentication VLAN by manually assigning the terminal an IP address in the subnet for the post-authentication VLAN.
|
- Notes
-
-
If you assign the wrong IP address to an authenticated terminal, the terminal will be unable to access the network even if authentication was successful.
-