Extreme Networks ExtremeWare 7.2e Installation And User Manual page 158

Security
NOTE
The idea of explicit release/renew is required to bring the network login client machine in the same
subnet as the connected VLAN. In Campus Mode using web-based authentication, this requirement is
mandatory after every logout and before login again as the port moves back and forth between the
temporary and permanent VLANs. On other hand in ISP Mode, release/renew of IP address is not
required, as the network login client machine stays in the same subnet as the network login VLAN. In
ISP mode, when the network login client connects for the first time, it has to make sure that the
machine IP address is in the same subnet as the VLAN to which it is connected.
5 Bring up the browser and enter any URL as
address as http://<IP address>/login (where IP address could be either temporary or Permanent
VLAN Interface for Campus Mode). URL redirection redirects any URL and IP address to the
network login page This is significant where security matters most, as no knowledge of VLAN
interfaces is required to be provided to network login users, as they can login using a URL or IP
address.
A page opens with a link for Network Login.
6 Click the Network Login link.
A dialog box opens requesting a username and password.
7 Enter the username and password configured on the RADIUS server.
After the user has successfully logged in, the user will be redirected to the URL configured on the
RADIUS server.
During the user login process, the following takes place:
• Authentication is done through the RADIUS server.
• After successful authentication, the connection information configured on the RADIUS server is
returned to the switch:
— the permanent VLAN
— the URL to be redirected to (optional)
— the URL description (optional)
• The port is moved to the permanent VLAN.
You can verify this using the
command, see "Displaying VLAN Settings" on page 98.
After a successful login has been achieved, there are several ways that a port can return to a
non-authenticated, non-forwarding state:
• The user successfully logs out using the logout web browser window.
• The link from the user to the switch's port is lost.
• There is no activity on the port for 20 minutes.
• An administrator changes the port state.
NOTE
Because network login is sensitive to state changes during the authentication process, Extreme
Networks recommends that you do not log out until the login process is complete. The login process is
complete when you receive a permanent address.
158
http://www.123.net
command. For more information on the
show vlan
or or switch IP
http://1.2.3.4
show vlan
ExtremeWare 7.2e Installation and User Guide