Web-Based Authentication User Login Using Campus Mode - Extreme Networks ExtremeWare 7.2e Installation And User Manual

Note that the 192.168 IP address range can be used on all switches because the user is on the VLAN
only long enough to log in to the network. After the login is complete, the user is switched to a
permanent VLAN with a real IP address delivered from a real DHCP server.
The following example demonstrates the second network login configuration step for a Summit 48si
edge switch, in which the guest VLAN is created:
create vlan guest
configure guest ipa 45.100.1.101/16
configure guest tag 100
configure guest add port 49-50 tagged
enable bootprelay
configure bootprelay add 45.100.2.101
These commands create the special VLAN called "guest" on the real area of the network. Special
configuration is needed on the RADIUS server to place users on to the appropriate VLAN when they
log in as guests. By using network login in this way, the user goes from unauthenticated to a guest
authentication with limited access to resources.
Note that the 45.100.x.x VLAN does not need to be able to route. Extra authentication can be enabled on
the Certificate Authority server to more firmly verify the identity of users. The 45.100.x.x VLAN will
have the Certificate Authority located on it as well as an HTTP/FTP server to allow the user to
download the needed files.
Once the user has installed the certificate from the Certificate Authority and downloaded the 802.1x
client, the user can reconnect to the network using 802.1x without the need to authenticate via a web
browser. The authentication is handled using PEAP and certificates. The user will be placed in the
VLAN that is appropriate for that user's group.

Web-Based Authentication User Login Using Campus Mode

When web-based authentication is used in Campus mode, the user will follow these steps:
1 Set up the Windows IP configuration for DHCP.
2 Plug into the port that has network login enabled.
3 Log in to Windows.
4 Release any old IP settings and renew the DHCP lease.
This is done differently depending on the version of Windows the user is running:
— Windows 9x—use the
on which network login is enabled. Use the buttons to release the IP configuration and renew the
DHCP lease.
— Windows NT/2000—use the
ipconfig/release
address from the switch. If you have more than one Ethernet adapter, specify the adapter by
using a number for the adapter following the ipconfig command. You can find the adapter
number using the command
At this point, the client will have its temporary IP address. In this example, the client should have
obtained the an IP address in the range 198.162.32.20 - 198.162.32.80.
ExtremeWare 7.2e Installation and User Guide
tool. Choose the Ethernet adapter that is connected to the port
winipcfg
command line utility. Use the command
ipconfig
to release the IP configuration and
.
ipconfig/all
to get the temporary IP
ipconfig/renew
Network Login
157