8.2.4 Configuration using IP addressing
A terminal attempting Web authentication can obtain an IP address in the three ways given below. Because Web authentication operates on the IPv4 network, the descriptions here relate to IPv4 addresses.
-
IP address distribution using the Switch's internal DHCP server
-
IP address distribution using an external DHCP server
-
Manual distribution of IP addresses
In fixed VLAN mode, there is no need for the terminal to change IP address after authentication. In dynamic VLAN mode and legacy mode, however, the terminal will belong to a different IP subnet after its membership changes to the post-authentication VLAN. This requires that the terminal gain a new IP address.
The following describes the system configuration for each method of assigning IP addresses in dynamic VLAN mode and legacy mode.
- <Structure of this section>
(1) When IP addressing is distributed using the built-in DHCP server function of the Switch
The figure below shows an example configuration in which the DHCP server built into the Switch assigns IP addresses.
The DHCP server functionality distributes the IP address associated with the pre-authentication VLAN to terminals seeking authentication. A terminal user can then use a Web browser to perform authentication.
Terminals that complete the authentication process gain membership to the post-authentication VLAN. After the lease for the IP address expires, the DHCP server distributes to the terminal an IP address associated with the post-authentication VLAN, which enables access from the terminal.
|
- Notes
-
-
The DHCP server must be configured to distribute IP addresses associated with the pre-authentication and post-authentication VLANs.
-
The DHCP server must be configured to distribute its default gateway address to attached terminals.
-
(2) When using external DHCP servers
The figure below shows an example of a configuration in which an external DHCP server distributes the IP addresses the terminal uses during and after authentication.
The external DHCP server distributes an IP address associated with the pre-authentication VLAN to a terminal seeking authentication. A user of the terminal can then perform authentication using a Web browser.
Terminals that complete the authentication process gain membership to the post-authentication VLAN. After the lease for the IP address expires, the DHCP server distributes the terminal an IP address associated with the post-authentication VLAN.
|
- Notes
-
-
The DHCP server must be configured to distribute its default gateway address to attached terminals.
-
(3) To manually set IP adress of the terminal
The figure below shows an example configuration in which you change the IP address of authenticated terminals manually.
In this configuration, you give an authenticated terminal access to the post-authentication VLAN by manually assigning the terminal an IP address in the subnet for the post-authentication VLAN.
|
- Notes
-
-
If you assign the wrong IP address to an authenticated terminal, the terminal will be unable to access the network even if authentication was successful.
-