Web-Based Access Control - D-Link DXS-3400 SERIES Web Ui Reference Manual
Lite layer 3 stackable 10gbe managed switch
Hide thumbs
Also See for DXS-3400 SERIES:
- Hardware installation manual (61 pages) ,
- How to set up (2 pages) ,
- Quick start manual (3 pages)
Table of Contents
Advertisement
DXS-3400 Series Lite Layer 3 Stackable 10GbE Managed Switch Web UI Reference Guide
Web-based Access Control
Web-based Access Control (WAC) is a feature designed to authenticate a user when the user is trying to access the
Internet via the Switch. The authentication process uses the HTTP or HTTPS protocol. The Switch enters the
authenticating stage when users attempt to browse Web pages (e.g., http://www.dlink.com) through a Web browser.
When the Switch detects HTTP or HTTPS packets and this port is unauthenticated, the Switch will launch the
authentication window prompting users to enter a user name and password. Users are not able to access the Internet
until the authentication process is passed.
The Switch can be the authentication server itself and do the authentication based on a local database, or be a
RADIUS client and perform the authentication process via the RADIUS protocol with a remote RADIUS server. The
client user initiates the authentication process of WAC by attempting to gain Web access.
D-Link's implementation of WAC uses a virtual IP that is exclusively used by the WAC function and is not known by
any other modules of the Switch. In fact, to avoid affecting a Switch's other features, WAC will only use a virtual IP
address to communicate with hosts. Thus, all authentication requests must be sent to a virtual IP address but not to
the IP address of the Switch's physical interface.
Virtual IP works like this, when a host PC communicates with the WAC Switch through a virtual IP, the virtual IP is
transformed into the physical IPIF (IP interface) address of the Switch to make the communication possible. The host
PC and other servers' IP configurations do not depend on the virtual IP of WAC. The virtual IP does not respond to
any ICMP packets or ARP requests, which means it is not allowed to configure a virtual IP on the same subnet as the
Switch's IPIF (IP interface) or the same subnet as the host PCs' subnet.
As all packets to a virtual IP from authenticated and authenticating hosts will be trapped to the Switch's CPU, if the
virtual IP is the same as other servers or PCs, the hosts on the WAC-enabled ports cannot communicate with the
server or PC which really own the IP address. If the hosts need to access the server or PC, the virtual IP cannot be
the same as the one of the server or PC. If a host PC uses a proxy to access the Web, to make the authentication
work properly the user of the PC should add the virtual IP to the exception of the proxy configuration. For users to be
able to access the WAC pages through the Switch's system IP, a virtual IP address must be specified. When a virtual
IP is not specified, the authenticating Web request will be redirected to the Switch's system IP.
The following diagram illustrates the basic six steps all parties go through in a successful Web Authentication process:
344
- Quick Links:
- 802.1Q Vlan
Hide quick links:
Advertisement
Table of Contents
