Extreme 3804 User Guide
62
Summit24e3 Switch Installation and User Guide
Managing the Switch
Using Network Login
Network login is a feature designed to control the admission of user packets into a network by giving
addresses only to users that have been properly authenticated. Network login is controlled by an
administrator on a per port, per VLAN basis and uses an integration of DHCP, user authentication over
the web interface, and, sometimes, a RADIUS server to provide a user database or specific configuration
details.
addresses only to users that have been properly authenticated. Network login is controlled by an
administrator on a per port, per VLAN basis and uses an integration of DHCP, user authentication over
the web interface, and, sometimes, a RADIUS server to provide a user database or specific configuration
details.
When network login is enabled on a port in a VLAN, that port will not forward any packets until
authentication takes place.
authentication takes place.
NOTE
Windows authentication is not supported via network login.
Network login has two modes of operation:
•
Campus mode
Campus mode is used when a port in a VLAN will move to another VLAN when authentication has
been completed successfully. This mode is for the roaming user who will not always be using the
same port for authentication.
been completed successfully. This mode is for the roaming user who will not always be using the
same port for authentication.
•
ISP mode
ISP mode is used when the port and VLAN used will remain constant. All network settings are
configured for that VLAN.
configured for that VLAN.
These two network login modes have the following functional similarities:
•
Until authentication takes place, ports on the VLAN are kept in a non-forwarding state.
•
each mode requires the user to open a web browser with the IP address of the switch. This is the
only address that the client can reach in a non-authenticated state.
only address that the client can reach in a non-authenticated state.
•
The web server on the switch provides user authentication.
•
After authentication takes place, ports are moved into a forwarding state and moved to the VLAN
configuration on the RADIUS server.
configuration on the RADIUS server.
Using Network Login in Campus Mode
Campus mode requires:
show tacacs
Displays the current TACACS+
configuration and statistics.
configuration and statistics.
show tacacs-accounting
Displays the current TACACS+ accounting
client configuration and statistics.
client configuration and statistics.
unconfig tacacs {server [primary | secondary]}
Unconfigures the TACACS+ client
configuration.
configuration.
unconfig tacacs-accounting {server [primary |
secondary]}
secondary]}
Unconfigures the TACACS+ accounting
client configuration.
client configuration.
Table 16: TACACS+ Commands (continued)
Command
Description