Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.7

If you configure the supplicant-connected ports with guest VLAN, then use the IP address
on the guest VLAN as the IP address of the Web-authentication server. Otherwise use the
IP address on the supplicant-connected ports’ native VLAN.

The diagram below illustrates how to decide which IP address to use as the Web-auth-
server address:

Configuration Example 1: Using a guest VLAN

VLAN database
VLAN 20 name guest
VLAN 10 name edge
VLAN 30 name core

radius-server host 192.168.30.129 key verysecret
aaa authentication auth-Web default group RADIUS
auth-Web-server ipaddress 192.168.20.1

int vlan10
ip address 192.168.10.1/24
int vlan20
ip address 192.168.20.1/24
int vlan30
ip address 192.168.30.1/24

int port1.0.1-1.0.3
switchport access vlan 10
auth-Web enable
auth guest-vlan 20

int port1.0.4-1.0.6
switchport access vlan 30

Set the web-auth-server address

to be the IP address on the
authenticating ports’ native

VLAN

Which IP address to use as

web-auth-server address?

Has guest VLAN

been configured on the

authenticating ports?

NO

YES

Set the web-auth-server

address to be the IP address on

the guest VLAN