To use web-based authentication:
-
Set up the Windows IP configuration for DHCP.
-
Plug into the port that has web-based network login enabled.
-
Log in to Windows.
-
Release any old IP settings and renew the DHCP lease.
This is done differently depending on the version of Windows
the user is running:
Windows 9x—Use the winipcfg tool. Choose the Ethernet
adapter that is connected to the port on which network login is enabled. Use the buttons
to release the IP configuration and renew the DHCP lease.
Windows 7 or Windows 8—Use the ipconfig command line
utility. Use the command ipconfig/release to release the IP configuration and
ipconfig/renew to get the temporary IP address from the switch. If you have more than
one Ethernet adapter, specify the adapter by using a number for the adapter following
the
ipconfig command. You can find the
adapter number using the command
ipconfig/all.
Note
The idea of explicit release/renew is required to bring the
network login client machine in the same subnet as the connected VLAN. When using
web-based authentication, this requirement is mandatory after every logout and
before login again as the port moves back and forth between the temporary and
permanent VLANs.
At this point, the client will have its temporary IP address. In this example,
the client should have obtained an IP address in the range
198.162.32.20–198.162.32.80.
-
Bring up the browser and enter any URL as
http://www.123.net or http://1.2.3.4 or switch IP address
as http://<IP address>/login (where IP address could be
either temporary or Permanent VLAN Interface for Campus mode).
URL redirection redirects any URL and IP address to the network
login page. This is significant where security matters most, as no knowledge of VLAN
interfaces is required to be provided to network login users, because they can login
using a URL or IP address.
Note
URL redirection requires that the switch be configured with a DNS
client.
A page opens with a link
for Network Login.
-
Click the Network Login link.
A dialog box opens requesting a user name and password.
-
Enter the user name and password configured on the RADIUS
server. After the user has successfully logged in, the user will be redirected to the URL
configured on the RADIUS server. During the user login process, the following takes
place:
-
Authentication is done through the RADIUS server.
-
After successful authentication, the connection information configured on the
RADIUS server is returned to the switch:
- The permanent VLAN
- The URL to be redirected to (optional)
- The URL description (optional)
-
The port is moved to the permanent VLAN.
-
You can verify this using the show
vlan command. For more information on the show vlan command, see Displaying VLAN Information.
After a successful login has been achieved, there are several ways that
a port can return to a non-authenticated, non-forwarding state:
-
The user successfully logs out using the logout web browser
window.
-
The link from the user to the switch‘s port is lost.
-
There is no activity on the port for 20 minutes.
-
An administrator changes the port state.
Note
Because network login is sensitive to state changes during the
authentication process, we recommend that you do not log out until the login process is
complete. The login process is complete when you receive a permanent address.
