Web and MAC Authentication

How Web and MAC Authentication Operate

Web-based Authentication

When a client connects to a Web-Auth enabled port, communication is redirected to the switch. A temporary IP address is assigned by the switch and a login screen is presented for the client to enter their username and password.

The default User Login screen is shown in Figure 3-1.

Figure 3-1. Example of Default User Login Screen

When a client connects to the switch, it sends a DHCP request to receive an IP address to connect to the network. To avoid address conflicts in a secure network, you can specify a temporary IP address pool to be used by DHCP by configuring the dhcp-addrand dhcp-leaseoptions when you enable web authentication with the aaa port-accessweb-basedcommand.

The Secure Socket Layer (SSLv3/TLSv1) feature provides remote web access to the network via authenticated transactions and encrypted paths between the switch and management station clients capable of SSL/TLS. If you have enabled SSL on the switch, you can specify the ssl-loginoption when you configure web authentication so that clients who log in to specified ports are redirected to a secure login page (https://...) to enter their credentials.

The switch passes the supplied username and password to the RADIUS server for authentication and displays the following progress message:

Figure 3-2. Progress Message During Authentication

3-7