Dell FCX624-S Laptop User Manual


  Open as PDF
of 1494
 
1308 PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Configuration considerations
37
While a MAC address is in the authenticated state, the host can forward data through the
PowerConnect switch. The MAC address remains authenticated until one of the following events
occurs:
The host MAC address is removed from a list of MAC addresses that are automatically
authenticated. (Refer to “Specifying hosts that are permanently authenticated” on page 1321).
The re-authentication timer expires and the host is required to re-authenticate (Refer to
“Configuring the re-authentication period” on page 1322).
The host has remained inactive for a period of time and the inactive period timer has expired.
(Refer to “Forcing re-authentication after an inactive period” on page 1325.)
All the ports on the VLAN on which Web Authentication has been configured are in a down
state. All MAC addresses that are currently authenticated are de-authenticated (Refer to
“Forcing re-authentication when ports are down” on page 1324.)
The authenticated client is cleared from the Web Authentication table. (Refer to “Clearing
authenticated hosts from the web authentication table” on page 1323).
The PowerConnect switch can be configured to automatically authenticate a host MAC address.
The host will not be required to login or re-authenticate (depending on the re-authentication period)
once the MAC address passes authentication.
A host that is logged in and authenticated remains logged in indefinitely, unless a re-authentication
period is configured. When the re-authentication period ends, the host is logged out. A host can log
out at any time by pressing the Logout button in the Web Authentication Success page.
NOTE
The host can log out as long as the Logout window (Success page) is visible. If the window is
accidentally closed, the host cannot log out unless the re-authentication period ends or the host is
manually cleared from the Web Authentication table.
Configuration considerations
Web Authentication is modeled after other RADIUS-based authentication methods currently
available on Dell edge switches. However, Web Authentication requires a Layer 3 protocol (TCP/IP)
between the host and the authenticator. Therefore, to implement Web Authentication, you must
consider the following configuration and topology configuration requirements:
Web Authentication works only on the default HTTP or HTTPS port.
The host must have an IP address prior to Web Authentication. This IP address can be
configured statically on the host; however, DHCP addressing is also supported.
If you are using DHCP addressing, a DHCP server must be in the same broadcast domain as
the host. This DHCP server does not have to be physically connected to the switch. Also, DHCP
assist from a router may be used.
Web Authentication, 802.1X port security, and multi-device port authentication are not
supported concurrently on the same port.
The following applies to Web Authentication in the Layer 2 switch image:
If the management VLAN and Web Authentication VLAN are in different IP networks, make sure
there is at least one routing element in the network topology that can route between these IP
networks.
The following are required for Web Authentication in the base Layer 3 and full Layer 3 images: