Netgear XCM8810 - 8800 SERIES 10-SLOT CHASSIS SWITCH ユーザーズマニュアル
432
|
Chapter 16. Network Login
NETGEAR 8800 User Manual
Displaying the Port Restart Configuration
To display the network login settings on the port, including the configuration for port restart,
use the following command:
use the following command:
show netlogin
port <port_list>
Output from this command includes the enable/disable state for network login port restart.
Authentication Failure and Services Unavailable Handling
The NETGEAR 8800 provides the following features for handling network login
authentication failures, and for handling instances of services unavailable:
authentication failures, and for handling instances of services unavailable:
You can use these features to set and control the response to network login authentication
failure and instances of services unavailable.
failure and instances of services unavailable.
Configuring Authentication Failure VLAN
When a network login client fails authentication, it is moved to authentication failure VLAN
and given restricted access. To configure the authentication failure VLAN, use the following
commands:
and given restricted access. To configure the authentication failure VLAN, use the following
commands:
configure netlogin authentication failure vlan
unconfigure netlogin authentication failure vlan
enable netlogin authentication failure vlan ports
disable netlogin authentication failure vlan ports
Use the command
netlogin authentication failure vlan
to configure authentication failure
VLAN on network-login-enabled ports. When a supplicant fails authentication, it is moved to
the authentication failure VLAN and is given limited access until it passes the authentication.
the authentication failure VLAN and is given limited access until it passes the authentication.
Through either a RADIUS or local server, the other database is used to authenticate the client
depending on the authentication database order for that particular network login method (
depending on the authentication database order for that particular network login method (
mac
,
web
or
dot1x
). If the final result is authentication failure and if the authentication failure VLAN
is configured and enabled on that port, then the client is moved there.
For example, if the network login MAC authentication database order is l
ocal, radius
and
the authentication of a MAC client fails through local database, then the RADIUS server is
used to authenticate. If the RADIUS server also fails authentication, the client is moved to the
authentication failure VLAN. This applies for all authentication database orders
(
used to authenticate. If the RADIUS server also fails authentication, the client is moved to the
authentication failure VLAN. This applies for all authentication database orders
(
radius,local
;
local,radius
;
radius
;
local
).
In the above example if authentication through local fails but passes through the RADIUS
server, the client is moved to appropriate destination VLAN. If the local server authentication
fails and the RADIUS server is not available, the client is not moved to authentication failure
VLAN.
server, the client is moved to appropriate destination VLAN. If the local server authentication
fails and the RADIUS server is not available, the client is not moved to authentication failure
VLAN.