beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1123

background image

Authentication Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

42.27

Table 42-1: Treatment of packets from unauthenticated supplicants

Switch port
configuration

No Guest VLAN configured

No Guest VLAN
configured, auth-fail
VLAN configured

Guest VLAN configured

Web-
authentication
configured

Packets from unauthenticated
supplicants are associated with
the Native VLAN of the port.
Packets from unauthenticated
supplicants are processed
according these rules:

Packets destined to the
WebAuth server IP address/
TCP port are forwarded to
the server (which may well
be the switch itself ).

DHCP packets are sent to
the CPU, to be processed by
a local DHCP server, or
relayed to another DHCP
server, depending on the
configuration of the switch.

DNS packets are forwarded
to the CPU, and then sent on
to a DNS server, if the switch
is configured with a DNS
server address.

ARP packets are forwarded
to the CPU, and an ARP
entry for the supplicant is
learned.

If web-auth forwarding is
enabled for particular types
of packets, then those
packets will be forwarded
within the Native VLAN

All other packets are
dropped.

Packets from
unauthenticated
supplicants are
associated with the
Native VLAN of the
port. If newly
connected supplicants
attempt 802.1X port
authentication or Web-
authentication and fail,
then they are moved to
the auth-fail VLAN.

Packets from unauthenticated
supplicants are associated with
the Guest VLAN of the port.
Packets from unauthenticated
supplicants are processed
according to these rules:

Packets destined to the
WebAuth server IP address/
TCP port are forwarded to
the server (which may well
be the switch itself ).

DHCP packets are sent to the
CPU, to be processed by a
local DHCP server, or relayed
to another DHCP server,
depending on the
configuration of the switch.

DNS packets are forwarded
to the CPU, and then sent on
to a DNS server, if the switch
is configured with a DNS
server address.

ARP packets are forwarded
to the CPU, and an ARP entry
for the supplicant is learned.

Drop all other packets
destined to the IP address of
the Guest VLAN.

Layer 2 forward packets
destined to other addresses
within the Guest VLAN.

All other packets are
dropped.

No Web-
authentication
configured

All non-eap packets from
unauthenticated supplicants
are dropped.

All non-eap packets
from unauthenticated
supplicants are
dropped.

Packets from unauthenticated
supplicants are associated with
the Guest VLAN of the port. The
packets are processed according
to these rules:

Drop packets destined to the
IP address of the Guest
VLAN.

Layer 2 forward packets
destined to other addresses
within the Guest VLAN.

Drop all other packets.

See also other documents in the category Allied Telesis Computer hardware: