Configuring web-authentication, Choosing the web-authentication server address – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

42.6

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

5.

If the supplicant has been successfully authenticated, the authenticating switch will
give the supplicant workstation access to the network.

Configuring Web-Authentication

Web-authentication can be configured on a switch in the following steps:

1.

Configure a RADIUS server.

2.

Instruct Web-authentication to use the configured RADIUS server.

3.

Define the IP address through which the Web-authentication service will be accessed.

4.

Configure ports for Web-authentication.

Choosing the Web-authentication server address

When you come to configure Web-authentication, you need to answer some questions:

Questions

What IP address should I specify as the Web-authentication server address? Is it okay to
use just any IP address that is configured on one of the switch’s VLANs, or is the choice
more constrained than that?

Answer

You must use the IP address that is configured on the VLAN that the supplicant’s packets
will arrive on.

The logic that the switch uses in deciding which VLAN to associate non-authenticated
supplicants’ packets with is:

■

If guest VLAN has been configured on the port where the packet arrives, then
associate the packet with the guest VLAN.

■

Otherwise associate the packet with the port’s native VLAN.

awplus(config)#

radius-server host <server-ip-address> key
<shared-secret>

awplus(config)#

aaa authentication auth-web default group
radius

awplus(config)#

auth-web-server ipaddress <ip-address>

awplus#

interface port1.0.1-1.0.6

awplus(config)#

auth-web enable

Authenticator

Network

Supplicant

Traffic from supplicant is

now allowed into the

network