4-61
Web and MAC Authentication
Configuring MAC Authentication on the Switch
C a u t i o n
Rogue clients can attempt to access any web pages on the web/registration
server via interface ports configured for MAC authentication.
The following steps are involved in HTTP registration.
1.
When the redirect feature is enabled, a client that fails MAC authentica-
tion is moved into the unauthorized MAC authentication redirection
state.
2.
A client in the redirect state (having failed MAC authentication) with a
web browser open sends a DHCP request. The switch responds with a
DHCP lease for an address in the switch’s configurable DHCP address
range. Additionally, the switch’s IP address becomes the client’s default
gateway. All ARP/DNS requests are handled by the switch and all requests
are directed to the switch. The switch replies to these requests with its
own address.
3.
The client requests a web page. The switch takes this request and
responds to the client browser with an HTTP redirect to the configured
URL. The client MAC address and interface port are appended as HTTP
parameters.
4.
Before returning the initial registration page to the client, the switch
enables NAT so that all subsequent requests will go to the web server
directly. The initial HTML page is returned to the switch and then proxied
to the client.
5.
After the registration process completes, the registration server updates
the RADIUS server with the client’s username, password, and profile.
6.
The client remains in the redirect state until the client’s time exceeds the
configured timeout or the switch receives an SNMP deauthentication
request from the registration server.
7.
The registration server sends an SNMP request to the switch with the
MAC identification and interface port to reauthenticate or deauthenti-
cate the client.
8.
The switch moves the client out of the special Web/MAC auth redirect
state and the client becomes unknown to the switch again. This sets the
stage for a new MAC authentication cycle.
Содержание E3800 Series
Страница 1: ...HP Switch Software E3800 switches Software version KA 15 03 September 2011 Access Security Guide ...
Страница 2: ......
Страница 3: ...HP Networking E3800 Switches Access Security Guide September 2011 KA 15 03 ...
Страница 30: ...xxviii ...
Страница 86: ...2 36 Configuring Username and Password Security Password Recovery ...
Страница 186: ...4 72 Web and MAC Authentication Client Status ...
Страница 290: ...6 74 RADIUS Authentication Authorization and Accounting Dynamic Removal of Authentication Limits ...
Страница 364: ...8 32 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 510: ...10 130 IPv4 Access Control Lists ACLs General ACL Operating Notes ...
Страница 548: ...11 38 Configuring Advanced Threat Protection Using the Instrumentation Monitor ...
Страница 572: ...12 24 Traffic Security Filters and Monitors Configuring Traffic Security Filters ...
Страница 659: ...14 11 Configuring and Monitoring Port Security Port Security Figure 14 5 Examples of Show Mac Address Outputs ...
Страница 730: ...20 Index ...
Страница 731: ......