8.4 Authentication procedure

(1) Web authentication log-in window

Please enter your user ID and password. The login page appears in your device's Web browser.

When URL redirection function is used in fixed VLAN mode or dynamic VLAN mode, URL redirection function displays Web authenticationlog-in window of the Switch when accessing any Web servers through the Switch through Web browsers of the terminal.

When URL redirection function is not used, specify the login URL shown below in Web browser of the terminal to access the login screen of Web authentication. In fixed VLAN mode and dynamic VLAN mode, specify Web authentication-only IP in Web server part of the login URL.

[Login URL in Fixed VLAN Mode or Dynamic VLAN Mode]

• When using HTTP: http://Web authentication-only IP addressing /login.html

• When using HTTPS: https://Web authentication-only IP addressing /login.html

URL Redirection feature is not available in Legacy mode. Access the login page for Web authentication by specifying the login URL shown below in Web browser of the terminal. In legacy mode, specify IP of the pre-authentication VLAN in Web server-part of the log-in URL.

[Log-in URL in legacy mode]

• When using HTTP: http:// Pre-authentication VLAN interface IP addressing /login.html

• When using HTTPS: https:// Pre-authentication VLAN interface IP addressing /login.html

Figure 8-16: Login screen (browser display example)

(2) To authenticate the user ID, passwords entered in the login page

In local authentication mode, the switch compares the entered user ID and password against user information stored in the internal Web authentication DB. In RADIUS authentication mode, the switch validates the entered credentials by checking with the RADIUS server.

(3) Displays the result of successful authentication.

If the user ID and password that the user entered match user information in the internal Web authentication DB or on the RADIUS server, the user is presented with a login success page and is able to access the network.

If you used the web-authentication jump-url configuration command to direct users to a specific URL after authentication, the user's Web browser automatically accesses the specified URL after the login success page appears.

Figure 8-17: Login success screen (browser display example)

(4) Screen display when authentication fails

If authentication fails, an authentication error page appears in the Web browser.

"8.6 Authentication Error Messages" shows the reason for the error displayed on the authentication error screen.

Figure 8-18: Login failure screen (browser display example)

(5) Show Logout from Web authentication

Access the authenticated terminal by specifying the logout URL in Web browser. The logout window is displayed. If you press [Logout] in the logout window, Web Authentication cancels the authentication of the terminal. Upon doing so, the user is presented with a logout success page.

For logout URL in fixed VLAN mode or dynamic VLAN mode, specify Web authentication-only IP in Web server part of URL.

[Fixed VLAN mode or dynamic VLAN mode logout URL]

• When using HTTP: http://Web authentication-only IP addressing /logout.html

• When using HTTPS: https://Web authentication-only IP addressing /logout.html

You can also log out from the login screen. Press the [Logout] button on the login page.

[Login URL in Fixed VLAN Mode or Dynamic VLAN Mode]

• When using HTTP: http://Web authentication-only IP addressing /login.html

• When using HTTPS: https://Web authentication-only IP addressing /login.html

In legacy mode, specify IP of the post-authentication VLAN in Web server-part of the logout URL.

[Legacy mode logout URL]

• When using HTTP: http:// Interface IP addressing /login.html of post-authentication VLAN

• When using HTTPS: https:// Interface IP addressing /login.html of post-authentication VLAN

Figure 8-19: Logout screen (browser display example)

Figure 8-20: Logout completion screen (browser display example)