Owner's Manual
Chapter 16. Network Login | 389
16
16. Network Login
This chapter includes the following sections:
• Overview on page 389
• Configuring Network Login on page 394
• Authenticating Users on page 397
• Local Database Authentication on page 397
• 802.1x Authentication on page 402
• Web-Based Authentication on page 412
• MAC-Based Authentication on page 421
• Additional Network Login Configuration Details on page 425
Overview
Network login controls the admission of user packets into a network by allowing MAC addresses
from users that are properly authenticated. Network login is controlled on a per port basis. When
network login is enabled on a port, that port does not forward any packets until authentication
takes place.
Network login is capable of three types of authentication: web-based, MAC-based, and 802.1x.
In addition, network login has two different modes of operation: Campus mode and ISP mode.
The authentication types and modes of operation can be used in any combination.
When web-based network login is enabled on a switch port, that port is placed into a
non-forwarding state until authentication takes place. To authenticate, a user must open a web
browser and provide the appropriate credentials. These credentials are either approved, in which
case the port is placed in forwarding mode, or not approved, in which case the port remains
blocked. You can initiate user logout by submitting a logout request or closing the logout window.
The following capabilities are included with network login:
• Web-based login using HTTP available on each port
• Web-based login using HTTPS—if you install the SSH software module that includes
SSL—available on each port
• Multiple supplicants for web-based, MAC-based, and 802.1x authentication on each port