Configuration Guide Vol. 2

8.2.4 Configuration using IP addressing

A terminal attempting Web authentication can obtain an IP address in the three ways given below. Because Web authentication operates on the IPv4 network, the descriptions here relate to IPv4 addresses.

In fixed VLAN mode, there is no need for the terminal to change IP address after authentication. In dynamic VLAN mode and legacy mode, however, the terminal will belong to a different IP subnet after its membership changes to the post-authentication VLAN. This requires that the terminal gain a new IP address.

The following describes the system configuration for each method of assigning IP addresses in dynamic VLAN mode and legacy mode.

<Structure of this section>

(1) When IP addressing is distributed using the built-in DHCP server function of the Switch

The figure below shows an example configuration in which the DHCP server built into the Switch assigns IP addresses.

The DHCP server functionality distributes the IP address associated with the pre-authentication VLAN to terminals seeking authentication. A terminal user can then use a Web browser to perform authentication.

Terminals that complete the authentication process gain membership to the post-authentication VLAN. After the lease for the IP address expires, the DHCP server distributes to the terminal an IP address associated with the post-authentication VLAN, which enables access from the terminal.

Figure 8-8 Web Authentication System Configuration Diagram (Using Internal DHCP Servers)

[Figure Data]
Notes

  • The DHCP server must be configured to distribute IP addresses associated with the pre-authentication and post-authentication VLANs.

  • The DHCP server must be configured to distribute its default gateway address to attached terminals.

(2) When using external DHCP servers

The figure below shows an example of a configuration in which an external DHCP server distributes the IP addresses the terminal uses during and after authentication.

The external DHCP server distributes an IP address associated with the pre-authentication VLAN to a terminal seeking authentication. A user of the terminal can then perform authentication using a Web browser.

Terminals that complete the authentication process gain membership to the post-authentication VLAN. After the lease for the IP address expires, the DHCP server distributes the terminal an IP address associated with the post-authentication VLAN.

Figure 8-9 Web Authentication System Configuration Diagram (External DHCP Servers)

[Figure Data]
Notes

  • The DHCP server must be configured to distribute its default gateway address to attached terminals.

(3) To manually set IP adress of the terminal

The figure below shows an example configuration in which you change the IP address of authenticated terminals manually.

In this configuration, you give an authenticated terminal access to the post-authentication VLAN by manually assigning the terminal an IP address in the subnet for the post-authentication VLAN.

Figure 8-10 Web Authentication System Configuration Diagram (Manual IP Addressing)

[Figure Data]
Notes

  • If you assign the wrong IP address to an authenticated terminal, the terminal will be unable to access the network even if authentication was successful.

[Product name label]

All Rights Reserved, Copyright(C), 2017, 2023, ALAXALA Networks, Corp.