4-62
Web and MAC Authentication
Configuring MAC Authentication on the Switch
Diagram of the Registration Process
Figure 4-38. Example of Registration Process Using Redirection
Client
Switch
RADIUS
Web Server
Packet is sent
RADIUS request is made
Client fails authentication
Client is put
in unauth
MAC-auth
redirect
state.
Client sends DHCP request
Switch sends its IP address
ARP/DNS requests handled
Client requests Web page
Switch takes request and
redirects to web server.
HTTP request for initial registration page includes
client MAC, client port, switch IP or MAC
Initial registration page returned. Switch enables NAT
so all subsequent requests go directly to web server
Initial registration page
Switch filters all traffic; only
forwards HTTP traffic destined
to configured web server.
RADIUS is updated with client’s
username, password, profile
HTTP request/response
HTTP request/response
Client in redirect state until time exceeds
configured timeout or switch receives an
SNMP deauthentication request from the
Web server
1
4
5
2
3
6
7
Summary of Contents for E3800 Series
Page 2: ......
Page 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Page 30: ...xxviii ...
Page 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Page 186: ...4 72 Web and MAC Authentication Client Status ...
Page 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Page 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Page 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Page 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Page 730: ...20 Index ...
Page 731: ......