Web Authentication; Conditions And Limitations - D-Link DES-3528 User Manual

xStack DES-3528 Series Layer 2 Stackable Fast Ethernet Managed Switch User Manual

Web Authentication

Web-based Access Control is another port based
access control method implemented similarily to
the 802.1x port based access control method
previously stated. This function will allow user
authentication through a RADIUS server or
through the local authentication set on the Switch
when a user is trying to access the network via the
switch, if the port connected to the user is enabled
for this feature.
The user attempting to gain web access will be
prompted for a username and password before
being allowed to accept HTTP packets from the
Switch. When a client attempts to access a
website, that port is placed in the authentication
VLAN set by the user. All clients in this
authentication VLAN will be queried for
authentication by the local method or through a
RADIUS server. Once accepted, the user will be
placed in a target VLAN on the Switch where it
will have rights and privileges to openly access
the Internet. If denied access, no packets will pass
through to the user and thus, that user will be
returned to the authentication VLAN from where
it came and the authentication procedure will
have to be reattempted by the user.
Once a client has been authenticated on a
particular port, that port will be placed in the pre-
configured VLAN and any other clients on that
port will be automatically authenticated to access
the specified Redirection Path URL, as well as the
authenticated client.
To the right there is an example of the basic six
step process all parties of the authentication go
through for a successful Web-based Access
Control process.

Conditions and Limitations

1. The subnet of the authentication VLAN's IP interface must be the same as that of the client. If not configured
properly, the authentication will be permanently denied by the authenticator.
2. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or
a DHCP relay function so that client may obtain an IP address.
3. The authentication VLAN of this function must be configured to access a DNS server to improve CPU
performance, and allow the processing of DNS, UDP and HTTP packets.
4. Certain functions exist on the Switch that will filter HTTP packets, such as the Access Profile function. The
user needs to be very careful when setting filter functions for the target VLAN, so that these HTTP packets are
not denied by the Switch.
5. The Redirection Path must be set before the Web-based Access Control can be enabled. If not, the user will
be prompted with an error message and the Web-based Access Control will not be enabled.
164