Network Login
Summit 300-48 Switch Software User Guide 101
with connections to DNS, WINS servers, and network routers. For wired network login, VLAN temp is a
temporary VLAN created to provide connections to unauthenticated network login clients.
For wireless network login, VLAN wlan-mgmt is the wireless management VLAN. It is also the VLAN
used by unauthenticated network login clients. In this security model, unauthenticated clients do not
connect to the corporate subnet and are not able to send or receive data. They must be authenticated in
order to gain access to the network.
NOTE
A wireless interface can be in web-based netlogin mode or 802.1x netlogin mode, but not both, at one
time. A wired port can support both web-based and 802.1x simultaneously.
ISP Mode: Wired network login clients connected to ports 1:10 - 1:14 with VLAN corp are logged into
the network in ISP mode. This is controlled by the VLAN in which they reside in unauthenticated mode
and the RADIUS server Vendor Specific Attributes (VSA)
Extreme-Netlogin-Vlan. Since the VLAN,
corp, is the same, there will be no port movement. If the appropriate VSA is missing from RADIUS
server, login is assumed to be in ISP Mode.
Wireless clients connected to ports 1:15-1:20, interfaces 1 and 2, are logged into the network in ISP mode
using web-based network login. This is controlled by the VLAN in which they reside in
unauthenticated mode and the RADIUS server Vendor Specific Attributes (VSA)
Extreme-Netlogin-Vlan. Since the VLAN, wlan-mgmt, is the same, there will be no port movement.
Campus Mode: Wired clients connected to ports 1:2 - 1:5, VLAN temp, are logged into the network in
Campus mode, because the port moves to the VLAN corp following authentication.
Wireless clients connected to ports 1:6 - 1:9, interfaces 1 and 2, are logged into the network in campus
mode using web-based network login. This is because the clients are placed in the VLAN corp following
authentication.
ISP and Campus modes are not tied to ports, but rather to a user profile. In other words, if the VSA
Extreme:Extreme-Netlogin-Vlan represents a VLAN different from the one in which user currently
resides, then for wired network login, VLAN movement occurs after login and after logout. For wireless
network login, the clients are placed in the specified VLAN. The ports should already be added as
tagged ports in the VLAN.
The example that follows uses these assumptions:
• Wired campus users are connected to ports 1:2-1:5.
• Wired ISP users are connected to ports 1:10-1:14.
• Wireless campus users using web-based network login are connected to ports 1:6-1:9, interfaces 1 or
2.
• Wireless ISP users using web-based network login are connected to ports 1:15-1:20, interfaces 1 or 2.
NOTE
In the following configuration, any lines marked (Default) represent default settings and do not need to
be explicitly configured.
create vlan "temp"
create vlan "corp"
To Next Page
Loading...
