8.1 Overview
In Web authentication, user authentication is based on a user ID and password that a user supplies through an ordinary Web browser such as Internet Explorer (abbreviated hereafter to Web browser). The Switch grants successfully authenticated terminals access to the post-authentication network on the basis of their MAC addresses.
Web authentication allows users to perform authentication using only their Web browser, without the need to install any special software on the terminal.
- <Structure of this section>
(1) Authentication mode
The Switch supports the following authentication modes:
-
Fixed VLAN mode
In this mode, successfully authenticated terminals have their MAC addresses entered in the MAC address table and are permitted access to the VLAN. To allow terminals to log in to an authentication network, you can use the URL redirection function offered in the Switch or specify the Web authentication IP address.
-
Dynamic VLAN mode
Successfully authenticated terminals have their MAC addresses entered in a MAC address table and registered in a MAC VLAN. Terminals are given access to different VLANs before and after authentication. To allow terminals to log in to an authentication network, you can use the URL redirection function offered in the Switch or specify the Web authentication IP address.
-
Legacy mode
Successfully authenticated terminals have their MAC addresses registered in a MAC VLAN. Terminals are given access to different VLANs before and after authentication. Unlike dynamic VLAN, terminals log in to the Switch with IP of their pre-authentication VLAN interfaces.
In the descriptions of dynamic VLAN mode and legacy mode, VLAN to which the unauthenticated terminal belongs is called the pre-authentication VLAN. The post-authentication VLAN is called the post-authentication VLAN.
(2) Authentication method
Users of the Switch can choose to perform local authentication or RADIUS authentication. Fixed VLAN mode, dynamic VLAN mode, and legacy mode each support both variations.
-
Local authentication
This is a method for registering user information in the authentication DB (called the built-in Web authentication DB) built into the Switch, and verifying that the information matches the information entered from PC before authenticating. This method is suited to small-scale networks that lack a RADIUS server.
-
RADIUS authentication
Authentication is performed by using a RADIUS server deployed on the network. This method is suited to larger networks.
(3) Authentication network
In the Switch, Web authentication controls authentication on the IPv4 network. For this reason, terminals seeking authentication must attach to a VLAN interface that has an IPv4 address. Note that you can use an IPv4 or IPv6 address to specify a RADIUS server.