Authentication domain: triple
Authentication method: CHAP
Initial VLAN: 14
Authorization untagged VLAN: 14
Authorization tagged VLAN list: N/A
Authorization ACL ID: N/A
Authorization user profile: N/A
Authorization URL: N/A
Termination action: N/A
Session timeout period: N/A
Online from: 2015/01/04 18:13:01
Online duration: 0h 0m 14s
Total 1 connection(s) matched.
Triple authentication supporting authorization VLAN and
authentication failure VLAN configuration example
Network requirement
As shown in
Configure triple authentication on the device's Layer 2 interface connected to the terminals. A
terminal passing one of the three authentication methods, 802.1X authentication, Web
authentication, and MAC authentication, can access the IP network.
•
The Web authentication terminal uses DHCP to get an IP address in 192.168.1.0/24 before
authentication and in 3.3.3.0/24 after passing authentication. If the terminal fails authentication,
it requests IP addresses in 2.2.2.0/24 through DHCP.
You can use the access device or an attached device as the DHCP server. In this example, the
access device (the device) provides the DHCP service.
•
The 802.1X terminal uses DHCP to get an IP address in 192.168.1.0/24 before authentication
and in 3.3.3.0/24 after passing authentication. If the terminal fails authentication, it requests IP
addresses in 2.2.2.0/24 through DHCP.
•
After passing authentication, the printer obtains IP address 3.3.3.111/24 that is bound with its
MAC address through DHCP.
•
Use the remote RADIUS server to perform authentication, authorization, and accounting.
Configure the device to remove the ISP domain names from usernames sent to the RADIUS
server.
•
Configure the local Web authentication server on the device to use listening IP address 4.4.4.4.
Configure the device to send a default authentication page to the Web user and forward
authentication data by using HTTP.
•
Configure VLAN 3 as the authorization VLAN. Users passing authentication are added to this
VLAN.
•
Configure VLAN 2 as the authentication failure VLAN. Users failing authentication are added to
this VLAN.
Figure
158, the terminals are connected to the device to access the IP network.
519