Web-Based Authentication User Login

To use web-based authentication:
  1. Set up the Windows IP configuration for DHCP.
  2. Plug into the port that has web-based network login enabled.
  3. Log in to Windows.
  4. Release any old IP settings and renew the DHCP lease.
    This is done differently depending on the version of Windows the user is running:
    • Windows 9x—Use the winipcfg tool. Choose the Ethernet adapter that is connected to the port on which network login is enabled. Use the buttons to release the IP configuration and renew the DHCP lease.
    • Windows 7 or Windows 8—Use the ipconfig command line utility. Use the command ipconfig/release to release the IP configuration and ipconfig/renew to get the temporary IP address from the switch. If you have more than one Ethernet adapter, specify the adapter by using a number for the adapter following the ipconfig command. You can find the adapter number using the command ipconfig/all. At this point, the client will have its temporary IP address. In this example, the client should have obtained an IP address in the range 198.162.32.20–198.162.32.80.
    Note

    Note

    The idea of explicit release/renew is required to bring the network login client machine in the same subnet as the connected VLAN (Virtual LAN). When using web-based authentication, this requirement is mandatory after every logout and before login again as the port moves back and forth between the temporary and permanent VLANs.
  5. Bring up the browser and enter any URL as http://www.123.net or http://1.2.3.4 or switch IP address as http://<IP address>/login (where IP address could be either temporary or Permanent VLAN Interface for Campus mode).
    URL redirection redirects any URL and IP address to the network login page. This is significant where security matters most, as no knowledge of VLAN interfaces is required to be provided to network login users, because they can login using a URL or IP address.
    Note

    Note

    URL redirection requires that the switch be configured with a DNS client.
    A page opens with a link for Network Login.
  6. Click the Network Login link.
    A dialog box opens requesting a user name and password.
  7. Enter the user name and password configured on the RADIUS (Remote Authentication Dial In User Service) server. After the user has successfully logged in, the user will be redirected to the URL configured on the RADIUS server. During the user login process, the following takes place:
    1. Authentication is done through the RADIUS server.
    2. After successful authentication, the connection information configured on the RADIUS server is returned to the switch:
      • The permanent VLAN
      • The URL to be redirected to (optional)
      • The URL description (optional)
    3. The port is moved to the permanent VLAN.
    4. You can verify this using the show vlan command. For more information on the show vlan command, see Displaying VLAN Information.

After a successful login has been achieved, there are several ways that a port can return to a non-authenticated, non-forwarding state:

  • The user successfully logs out using the logout web browser window.
  • The link from the user to the switch‘s port is lost.
  • There is no activity on the port for 20 minutes.
  • An administrator changes the port state.
Note

Note

Because network login is sensitive to state changes during the authentication process, we recommend that you do not log out until the login process is complete. The login process is complete when you receive a permanent address.