Configuration Guide Vol. 2

8.3.2 Logging In to an Authentication Network

Terminals seeking to join an authentication network in fixed VLAN mode or dynamic VLAN mode can log in via URL redirection or by specifying a Web authentication IP address. Both methods require you to configure a Web authentication IP address.

The Web authentication IP address is an IPv4 address that terminals use to access the Switch during the Web authentication process. Because the address is not tied to a particular interface on the switch, it allows terminals on different IP subnets to use the same IP address to log in and out of the authentication network. Because packets directed to the Web authentication IP address are never forwarded outside the Switch, you can use the same address at any number of switches in the network. Therefore, the process for logging in and out of the authentication network is identical at every terminal.

Notes

  • Before terminals can use the Web authentication IP address, you must configure the authentication arp-relay configuration command. In an environment where this command is not configured, specify the IP address of the Switch interface when configuring the default gateway for the terminal.

<Structure of this section>

(1) URL redirection feature

You can configure the switch to forcibly display a login page in response to outgoing HTTP and HTTPS requests received from an unauthenticated terminal.

You can use an FQDN (fully qualified domain name) as the destination URL by specifying the name in the web-authentication ip address configuration command.

Figure 8-11: URL redirection feature

[Figure Data]
Notes

  • If the Web browser on the terminal is configured to use a proxy server, make sure that access to the Web authentication IP address bypasses the proxy server when you use the URL redirection in the following situations:

    The web-authentication redirect-mode configuration command is set with the https parameter

    A user of an unauthenticated terminal accesses an external Web server using HTTPS

  • When a user of an unauthenticated terminal uses the HTTPS protocol to access a URL and is redirected, if the domain name of the URL does not match the domain name of the certificate registered on the switch, a warning message about the mismatched certificate appears in the Web browser. If the user chooses to continue, a login page for Web authentication appears in the Web browser, and the user can continue the login process.

(2) Logging in using a Web authentication-only IP address

Users can log in and log out by using the Web authentication IP address configured on the Switch.

Figure 8-12: Logging in operation a Web authentication-only IP address

[Figure Data]

[Product name label]

All Rights Reserved, Copyright(C), 2017, 2023, ALAXALA Networks, Corp.