Manualshelf

User Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 24-Port 10G SFP+ + 4-Port 100G QSFP28 Managed Switch
919293949596979899100
98
Users Manual of XGS-6350-24X4C
The roles that the network devices take during the Web authentication are shown in Figure 6-2:
Client: It is ausercomputer that accesses network through the switch. The user computer need be
configured the network browser, the function of DHCP client and the function to originate DNS query.
DHCP server: It is to distribute the IP address for users.
AAA server: It is to save user right information and to charge users for their network access.
Switch: It is a switch having Web authentication. It is to control the access right of users and works as
an agent between users and AAA server.
Figure 6-2Web authentication network
2. Authentication flow
According to different configuration strategies, the Web authentication flow of the switch may relate to
protocols such as DHCP and DNS. Its typical flow is shown in Figure 3-2. The Web authentication flow
generally contains the following steps:
(1) The DHCP server sends a DHCP confirmation request to a user through the switch after the user
originates the process of DHCP address distribution. The switch then identifies and records the user.
(2) The user accesses any Website through the browser (Write down the domain name, not the IP address,
in the host part of the url column in the browser), which activates the DNS request of the user computer.
(3) The DNS server returns the user a request response. The switch captures the request response
message and changes the resolved address to the address of the built-in portal server in the switch.
(4) The DHCP confirmation process continues after the browser captures DNS resolution. The switch
returns the corresponding authentication page according to different authentication methods after the
switch receives the request.
(5) The user submits the authentication request; the switch authenticates the user through the AAA server
after the switch receives information submitted by the user; if the authentication succeeds, the AAA
server will be notified to start charging; the switch gives the user the network access right and returns
the user a page that the authentication is successful; meanwhile, the switch also returns a keep alive
page, which periodically sends the user online notification to the switch.
(6) The user sends the logout request to the switch through the browser. The switch then notifies the AAA
server to stop charging, and withdraws the network access right from the user.
(7) In the period between successful user authentication and logout, the switch periodically detects the user
COL-
ACT-
STA-
1 2 34 5 6 7 8 9101112
HS1 HS2 OK 1 OK2 PS
CONSO LE
switch
AAA server
(RADIUS)
client
client DHCP server