Ruijie Community

Title: Do Ruijie switches support authentication migration? [Print this page]

Author: wxd521404    Time: 2017-7-4 17:33
Title: Do Ruijie switches support authentication migration?
Do Ruijie switches support authentication migration?

Author: admin    Time: 2017-7-4 17:41
Non-core devices only support dot1xauthentication migration, but do not support web authentication migration.
Core devices, such as the RG-N18000-X support dot1x authentication migration, support web authentication migration.
The configuration is as follows:

NecessaryUser authentication migration

1. Principle introduction:
Scenario 1: When online user authentication cross-supervlan migration, must open the user authentication migration function, otherwise it will cause the table entry of original authentication is still online, the terminal to the new vlan/port will not be re-authentication.

Scenario 2: Online user authentication in the same supervlan, migration in different subvlan, and the IP address before and after migration is unchanged. After the configuration of user authentication migration, free authentication before and after migration (not popup the portal page). Resolve the user experience reduced after re-authentication.

Scenario 3: When online user authentication cross-supervlan migration, even the user authentication migration is configured, still need to re- authentication can access the network (popup the portal page).

Scenario 4: Cheating scenario, User A is authenticated in VLAN A, and user B (fake the same mac address) login with the same username and password/mac address in VLAN B, simulation authentication migration. When RG-N18000-X run into this kind of cheating scenario, will send arp detection of user A in the VLAN A, when it receives the arp reply of user A to determine the cheating scenario, does not allow authentication migration.

Note:Vlan refers to subvlan.


2. Configuration command:
Station-move permit     //Necessary, the main switch of all authentication migration, must be open. Enable the 802.1x authentication migration function command, when a user triggers an authentication migration, will automatically delete the authentication table entry which before migration, and automatically add the authentication table entry which after migration.

Web-auth station-move auto     //Necessary, enable web-auth authentication migration, when a user triggers an authentication migration, web-auth module will automatically delete the authentication table entry which before migration, and automatically add the authentication table entry which after migration.

Web-auth station-move update-info     //Necessary, when the web-auth authentication migration is enable, the latest value of the user vid/port is announce to the RADIUS server by accounting update message.

3. Announcements:
Subvlan will change when user migration corresponding vlan changed.
If the user migrates across the supervlan, the IP address changes before and after the migration. Can not complete the migration.









Welcome to Ruijie Community (https://community.ruijienetworks.com/) Powered by Discuz! X3.2