Configuration Guide Configuring Web Authentication
When a user goes online, the user's entry needs to be written to a forwarding rule. The forwarding rule mapping method
can be modified by specifying different binding modes, which further affects the Internet access rules applied to users.
In IP-only mode, all the packets carrying the specified IP address are permitted to pass, and the STAs who send the
packets can access the Internet. In IP+MAC mode, only the packets carrying both the specified IP address and MAC
address are permitted to pass, and the STAs who send the packets can access the Internet.
Notes
In Layer-3 authentication, the MAC addresses visible to the NAS are the gateway addresses of STAs. Because these
MAC addresses are not accurate, the IP-only mode should be used.
Configuration Steps
(Optional) The default Webauth binding mode is IP+MAC.
Determine a binding mode based on the accuracy of user information obtained by the NAS. When the IP and MAC
addresses of STAs are accurate (in L2 authentication, for example), IP+MAC is recommended. When the IP and MAC
addresses are not accurate, select IP-only.
Verification
Change the binding mode to IP-only.
Simulate the scenario where a user performs authentication to access the Internet.
Modify the MAC address of the user, or use a client with the same IP address but a different MAC address to access the
Internet.
Check that the user accesses the Internet normally.
Related Commands
Specifying the Webauth Binding Mode
bindmode {ip-mac-mode | ip-only-mode}
ip-mac-mode: Indicates IP-MAC binding mode.
ip-only-mode: Indicates IP-only binding mode.
Webauth template configuration mode
Configuration Example
Specifying the Webauth Binding Mode
Set the binding mode to IP-only.
Ruijie(config.tmplt.eportalv2)#bindmode ip-only-mode
To Next Page
Loading...
Need help?
General
