Figure 4-38. Example of Registration Process Using Redirection
Client Switch
RADIUS
Web Server
Packet is sent
RADIUS request is made
Client fails authentication
Client is put
in unauth
MAC-auth
redirect
state.
Client sends DHCP request
Switch sends its IP address
ARP/DNS requests handled
Client requests Web page
Switch takes request and
redirects to web server.
HTTP request for initial registration page includes
client MAC, client port, switch IP or MAC
Initial registration page returned. Switch enables NAT
so all subsequent requests go directly to web server
Initial registration page
Switch filters all traffic; only
forwards HTTP traffic destined
to configured web server.
RADIUS is updated with client’s
username, password, profile
HTTP request/response HTTP request/response
Client in redirect state until time exceeds
configured timeout or switch receives an
SNMP deauthentication request from the
Web server
1
4
5
2
3
6
7
To Next Page
Loading...
Need help?
General