17
Network Login
This chapter describes the following topics:
Network Login Overview on page 345
●
Configuring Network Login on page 349
●
Authenticating Users on page 351
●
802.1x Authentication on page 359
●
Web-Based Authentication on page 363
●
MAC-Based Authentication on page 368
●
Additional Network Login Configuration Details on page 371
●
Network Login Overview
Network login controls the admission of user packets into a network by allowing MAC addresses from
users that are properly authenticated. Network login is controlled on a per port basis. When network
login is enabled on a port, that port does not forward any packets until authentication takes place.
Network login is capable of three types of authentication: web-based, MAC-based, and 802.1x. In
addition, network login has two different modes of operation: Campus mode and ISP mode. The
authentication types and modes of operation can be used in any combination.
When web-based network login is enabled on a switch port, that port is placed into a non-forwarding
state until authentication takes place. To authenticate, a user must open a web browser and provide the
appropriate credentials. These credentials are either approved, in which case the port is placed in
forwarding mode, or not approved, in which case the port remains blocked. You can initiate user logout
by submitting a logout request or closing the logout window.
The following capabilities are included with network login:
Web-based login using HTTP available on each port
●
Web-based login using HTTPS—if you install the SSH software module that includes SSL—available
●
on each port
Multiple supplicants for web-based, MAC-based, and 802.1x authentication on each port
●
The remainder of this section describes the following topics:
Web-Based, MAC-Based, and 802.1x Authentication on page 346
●
Multiple Supplicant Support on page 347
●
Campus and ISP Modes on page 348
●
Network Login and Hitless Failover—Modular Switches Only on page 348
●
ExtremeWare XOS 11.3 Concepts Guide
345