Dhcp server for web-authentication – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

42.10

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

If the user enters incorrect usernames/passwords several times, the authentication fails.
The number of times a user can try to login is configurable but it is set to 3 by default.

Support for Protocols Underlying Web-
Authentication

Web-authentication does not use a dedicated protocol like 802.1X, with a standards-
defined set of messages for authentication conversation. Instead, the switch overlays the
Web-authentication process on top of the web browser communication process. The
browser communication process was not designed for authentication and is itself reliant
on IP addressing, ARP, and DNS.

The authentication needs to occur in a seamless manner for all users, irrespective of their
IP and DNS setting, and before they have full access to the network.

To make this possible, the switch needs to provide facilities that enable the user’s PC to
access the authentication web page.

Following features of Web-authentication work together to achieve this.

■

DHCP server for Web-authentication

■

Interception of clients’ ARPs

■

Proxy DNS response

DHCP server for Web-authentication

To initiate a web browsing session, the supplicant needs an IP address. If the supplicant
has been configured to obtain its IP address by DHCP, then the authenticating switch
needs to ensure that the supplicant will be served an IP address.

The simplest way to achieve this, is to have the Web-authentication process itself act as a
DHCP server. This avoids forwarding the supplicant’s DHCP request to any other DHCP
server. Therefore, there is a DHCP server built in to Web-authentication.

This DHCP server is dedicated to serving IP addresses to be used by Web-authentication
clients.