How Web And Mac Authentication Operate; Web-Based Authentication - HP 3500yl Series Access Security Manual

Web and MAC Authentication

How Web and MAC Authentication Operate

How Web and MAC Authentication
Operate
Before gaining access to the network, a client first presents authentication
credentials to the switch. The switch then verifies the credentials with a
RADIUS authentication server. Successfully authenticated clients receive
access to the network, as defined by the System Administrator. Clients who
fail to authenticate successfully receive no network access or limited network
access as defined by the System Administrator.

Web-based Authentication

When a client connects to a Web-Auth enabled port, communication is redi-
rected to the switch. A temporary IP address is assigned by the switch and a
login screen is presented for the client to enter their username and password.
The default User Login screen is shown in Figure 4-1.
Figure 4-1. Example of Default User Login Screen
When a client connects to the switch, it sends a DHCP request to receive an
IP address to connect to the network. To avoid address conflicts in a secure
network, you can specify a temporary IP address pool to be used by DHCP by
configuring the dhcp-addr and dhcp-lease options when you enable web
authentication with the aaa port-access web-based command.
The Secure Socket Layer (SSLv3/TLSv1) feature provides remote web access
to the network via authenticated transactions and encrypted paths between
the switch and management station clients capable of SSL/TLS. If you have
4-5