Customized Login Web Pages
Enhanced web authentication allows you to customize the web pages used by
clients to connect to the network. A customized login screen is presented to
a client to enter their credentials.
By creating customized login web pages, you can improve the "look and feel"
of the web authentication process to correspond more closely with your
network and business needs. The default web page that is currently used and
stored on the switch is shown in Figure 3-1.
Customized login web pages provide greater flexibility to:
■
Identify the network that a client is trying to log into.
■
Provide contact information if a client has difficulty connecting to the
network.
You store customized login web pages on up to three web servers in your
network. Using multiple servers provides redundancy in case access to the
primary server fails.
To present customized web pages to clients who request network access,
configure the IP address or host name of each web server when you enable
web authentication. To prepare customized login pages, follow the procedure
described in "Using Customized Login Web Pages for Enhanced Web
Authentication" on page 3-17.
MAC-based Authentication
When a client connects to a MAC-Auth enabled port traffic is blocked. The
switch immediately submits the client's MAC address (in the format specified
by the addr-format) as its certification credentials to the RADIUS server for
authentication.
If the client is authenticated and the maximum number of MAC addresses
allowed on the port (addr-limit) has not been reached, the port is assigned to
a static, untagged VLAN for network access.
The assigned VLAN is determined, in order of priority, as follows:
1. If there is a RADIUS-assigned VLAN, then, for the duration of the client
session, the port belongs to this VLAN and temporarily drops all other
VLAN memberships.
Web and MAC Authentication
How Web and MAC Authentication Operate
3-9