Dhcp server for web-authentication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 1106

Authentication Introduction and Configuration
Software Reference for x310 Series Switches
42.10
AlliedWare Plus
TM
Operating System - Version 5.4.4C
C613-50046-01 REV A
If the user enters incorrect usernames/passwords several times, the authentication fails.
The number of times a user can try to login is configurable but it is set to 3 by default.
Support for Protocols Underlying Web-
Authentication
Web-authentication does not use a dedicated protocol like 802.1X, with a standards-
defined set of messages for authentication conversation. Instead, the switch overlays the
Web-authentication process on top of the web browser communication process. The
browser communication process was not designed for authentication and is itself reliant
on IP addressing, ARP, and DNS.
The authentication needs to occur in a seamless manner for all users, irrespective of their
IP and DNS setting, and before they have full access to the network.
To make this possible, the switch needs to provide facilities that enable the user’s PC to
access the authentication web page.
Following features of Web-authentication work together to achieve this.
■
DHCP server for Web-authentication
■
Interception of clients’ ARPs
■
Proxy DNS response
DHCP server for Web-authentication
To initiate a web browsing session, the supplicant needs an IP address. If the supplicant
has been configured to obtain its IP address by DHCP, then the authenticating switch
needs to ensure that the supplicant will be served an IP address.
The simplest way to achieve this, is to have the Web-authentication process itself act as a
DHCP server. This avoids forwarding the supplicant’s DHCP request to any other DHCP
server. Therefore, there is a DHCP server built in to Web-authentication.
This DHCP server is dedicated to serving IP addresses to be used by Web-authentication
clients.