Web and MAC Authentication
Overview
■ On a port configured for Web or MAC Authentication, the switch
operates as a port-access authenticator using a RADIUS server and
the CHAP protocol. Inbound traffic is processed by the switch alone,
until authentication occurs. Some traffic from the switch is available
to an unauthorized client (for example, broadcast or unknown desti-
nation packets) before authentication occurs.
■ Proxy servers may not be used by browsers accessing the switch
through ports using Web Authentication.
■ You can optionally configure the switch to temporarily assign “autho-
rized” and “unauthorized” VLAN memberships on a per-port basis to
provide different services and access to authenticated and unauthen-
ticated clients.
■ Web pages for username and password entry and the display of
authorization status are provided when using Web Authentication.
■ You can use the RADIUS server to temporarily assign a port to a static
VLAN to support an authenticated client. When a RADIUS server
authenticates a client, the switch-port membership during the client’s
connection is determined according to the following hierarchy:
1. A RADIUS-assigned VLAN
2. An authorized VLAN specified in the Web- or MAC-Auth configuration
for the subject port.
3. A static, port-based, untagged VLAN to which the port is configured.
A RADIUS-assigned VLAN has priority over switch-port membership
in any VLAN.
■ You can allow wireless clients to move between switch ports under
Web/MAC Authentication control. Clients may move from one Web
authorized port to another or from one MAC authorized port to
another. This capability allows wireless clients to move from one
access point to another without having to reauthenticate.
■ Unlike 802.1X operation, clients do not need supplicant software for
Web or MAC Authentication; only a web browser (for Web Authenti-
cation) or a MAC address (for MAC Authentication).
■ You can use “Show” commands to display session status and port-
access configuration settings.
4-4
To Next Page
Loading...
Need help?
General
