Netgear XCM8806 - 8800 SERIES 6-SLOT CHASSIS SWITCH ユーザーズマニュアル
428
|
Chapter 16. Network Login
NETGEAR 8800 User Manual
Note:
If network login is enabled together with STP, the 'a' and 'u' flags are
controlled by network login only when the STP port state is
‘Forwarding.’
‘Forwarding.’
Network Login MAC-Based VLAN Example
The following example configures the network login MAC-based VLAN feature:
create vlan users12
create vlan nlvlan
configure netlogin vlan nlvlan
enable netlogin mac
enable netlogin ports 1:1-1:10 mac
configure netlogin ports 1:1-1:10 mode mac-based-vlans
configure netlogin add mac-list default MySecretPassword
Expanding upon the previous example, you can also utilize the local database for
authentication rather than the RADIUS server:
authentication rather than the RADIUS server:
create netlogin local-user 000000000012 vlan-vsa untagged default
create netlogin local-user 000000000010 vlan-vsa untagged users12
For more information about local database authentication, see
Configuring Dynamic VLANs for Network Login
During an authentication request, network login receives a destination VLAN (if configured on
the RADIUS server) to put the authenticated user in. The VLAN must exist on the switch for
network login to authenticate the client on that VLAN.
the RADIUS server) to put the authenticated user in. The VLAN must exist on the switch for
network login to authenticate the client on that VLAN.
You can configure the switch to dynamically create a VLAN after receiving an authentication
response from a RADIUS server. A dynamically created VLAN is only a Layer 2 bridging
mechanism; this VLAN does not work with routing protocols to forward traffic. If configured for
dynamic VLAN creation, the switch automatically creates a supplicant VLAN that contains
both the supplicant’s physical port and one or more uplink ports. After the switch
unauthenticates all of the supplicants from the dynamically created VLAN, the switch deletes
that VLAN.
response from a RADIUS server. A dynamically created VLAN is only a Layer 2 bridging
mechanism; this VLAN does not work with routing protocols to forward traffic. If configured for
dynamic VLAN creation, the switch automatically creates a supplicant VLAN that contains
both the supplicant’s physical port and one or more uplink ports. After the switch
unauthenticates all of the supplicants from the dynamically created VLAN, the switch deletes
that VLAN.
Note:
Dynamically created VLANs do not support the session refresh
feature of web-based network login because dynamically created
VLANs do not have an IP address.
VLANs do not have an IP address.