8.2.1 Fixed VLAN
Prior to authentication, a terminal does not appear in the MAC address table and is unable to access the VLAN associated with the interface to which it is attached. If authentication succeeds, the switch adds the terminal's MAC address to the MAC address table, thus permitting access to the VLAN.
In the Switch, you can configure authentication at the following ports:
-
Access port
-
Trunk port
Tagged and untagged frames that enter a trunk port are handled as follows:
-
Tagged frames are forwarded to the VLAN indicated by the VLAN tag after successful authentication
-
Untagged frames are forwarded to the native VLAN after successful authentication
|
|
![[Figure Data]](./GRAPHICS/ZU208053.GIF)
- <Structure of this section>
(1) Local authentication method
The figure below describes local authentication using an internal Web authentication DB.
|
|
![[Figure Data]](./GRAPHICS/ZU208051.GIF)
-
A user of a PC connected via a hub opens a Web browser and accesses the Switch.
-
The Switch compares the user ID and password entered by the user against the user information in the internal Web authentication DB.
-
If authentication succeeds, a page appears on the PC indicating that authentication was successful.
-
The authenticated PC is able to access servers in the VLAN associated with the port.
(2) RADIUS authentication-method
The figure below describes RADIUS authentication using a RADIUS server.
|
|
![[Figure Data]](./GRAPHICS/ZU208052.GIF)
-
A user of a PC connected via a hub opens a Web browser and accesses the Switch.
-
Authentication takes place by comparing the user ID and password entered by the user against the user information registered on the RADIUS server.
-
If authentication succeeds, a page appears on the PC indicating that authentication was successful.
-
The authenticated PC is able to access servers in the VLAN associated with the port.