Web-Based Authentication User Login
To use web-based authentication:
-
Set up the Windows IP configuration for DHCP.
-
Plug into the port that has web-based network login enabled.
-
Log in to Windows.
-
Release any old IP settings and renew the DHCP
lease.
This is done differently depending on the version
of Windows the user is running:
- Windows 9x—Use the winipcfg tool. Choose the
Ethernet adapter that is connected to the port on which network login is enabled. Use
the buttons to release the IP configuration and renew the DHCP lease.
- Windows 7 or Windows 8—Use the
ipconfig command line utility. Use the command ipconfig/release to release the IP
configuration and ipconfig/renew to get the temporary IP address from the switch. If
you have more than one Ethernet adapter, specify the adapter by using a number for the
adapter following the ipconfig command.
You can find the adapter number using the command ipconfig/all. At this point, the client will
have its temporary IP address. In this example, the client should have obtained an IP
address in the range 198.162.32.20–198.162.32.80.
Note
The idea of explicit release/renew is
required to bring the network login client machine in the same subnet as the connected
VLAN (Virtual LAN).
When using web-based authentication, this requirement is mandatory after every logout
and before login again as the port moves back and forth between the temporary and
permanent VLANs.
-
Bring up the browser and enter any URL as
http://www.123.net or http://1.2.3.4 or switch IP address
as http://<IP address>/login (where IP address could be
either temporary or Permanent VLAN Interface for Campus mode).
URL redirection redirects any URL and IP address to the network login page. This is
significant where security matters most, as no knowledge of VLAN interfaces is required to
be provided to network login users, because they can login using a URL or IP address.
Note
URL redirection requires that the switch be configured
with a DNS client.
A page opens with a link for Network Login.
-
Click the Network Login link.
A dialog box opens requesting a user
name and password.
-
Enter the user name and password configured on the
RADIUS (Remote Authentication Dial In User Service) server. After the user has successfully logged in,
the user will be redirected to the URL configured on the RADIUS server. During the user
login process, the following takes place:
-
Authentication is done through the RADIUS
server.
-
After successful authentication, the connection
information configured on the RADIUS server is returned to the switch:
- The permanent VLAN
- The URL to be redirected to (optional)
- The URL description (optional)
-
The port is moved to the permanent VLAN.
-
You can verify this using the show vlan command. For more information on
the show vlan command, see Displaying VLAN Information.
After a successful login has been achieved, there are several ways that
a port can return to a non-authenticated, non-forwarding state:
- The user successfully logs out using the logout web browser
window.
- The link from the user to the switch‘s port is lost.
- There is no activity on the port for 20 minutes.
- An administrator changes the port state.
Note
Because network login is sensitive to state changes
during the authentication process, we recommend that you do not log out until the login
process is complete. The login process is complete when you receive a permanent
address.