beautypg.com

Proxy dns response – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1109

background image

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.13

3.

Promiscuous – will respond to any ARP request. Will provide its own MAC address in
the ARP reply, irrespective of what IP address was being requested. When this mode is
configured, the Web-authentication server can interoperate with any static IP
configuration on a supplicant.

See the

auth-web-server mode command on page 43.47

for command information

about setting the Web-authentication mode.

Proxy DNS response

Typically, an HTTP session from a web browser is preceded by a DNS request for the IP
address of the web site the user wishes to browse to. If the DNS request receives no reply,
the web browser will never progress on to connecting an HTTP session.

The Web-authentication server needs a mechanism to reply to DNS requests, so that the
Web-authentication session can begin.

The three modes listed also control the operation of the proxy DNS replies.

1.

Intercept – responds to DNS requests whose source IP address is within the same
subnet as the IP address on the switch. The IP address provided as the resolution of
the DNS lookup is the switch’s own IP address, so that the subsequent HTTP traffic will
be directed to the switch.

2.

None – the default. Does not respond to DNS requests.

3.

Promiscuous – responds to DNS requests from any source IP address. The IP address
provided as the resolution of the DNS lookup is the switch’s own IP address, so that
the subsequent HTTP traffic will be directed to the switch.

ARP request. Who has 23.67.0.1?

Supplicant configured with

IP address 23.67.2.9 and

Gateway IP 23.67.0.1

Authenticator with MAC

address 0000.a349.1c71

ARP reply. 23.67.0.1 is at 0000.a349.1c71

10.17.56.2

In promiscuous mode, the switch will send its own MAC address in response to an ARP request

for ANY address, no matter whether the requested address bears any relation to the switch’s own

IP address on the interface where the ARP is received.

Authenticator

Network

Supplicant

A web browser must request a DNS Server for the IP address corresponding to a URL. But the

switch will not forward the request if the supplicant is not yet authenticated

DNS Server

129.93.23.213

IP = 23.67.7.9

DNS = 129.93.23.213

DNS request. What is

IP for

www.mysite.com?

See also other documents in the category Allied Telesis Computer hardware: