Ruijie Community

Title: 2nd-generation Web Authentication Needs to Be Configured on the N18000 and a User Gateway Is Connected to the N18000. How to Configure Web Authentication in a Layer-3 Architecture? [Print this page]

Author: admin Time: 2017-5-3 16:14
Title: 2nd-generation Web Authentication Needs to Be Configured on the N18000 and a User Gateway Is Connected to the N18000. How to Configure Web Authentication in a Layer-3 Architecture?
2nd-generation Web Authentication Needs to Be Configured on the N18000 and a User Gateway Is Connected to the N18000. How to Configure Web Authentication in a Layer-3 Architecture?

Author: admin Time: 2017-5-3 16:18

When a user passes Web authentication and goes online successfully, the device needs to write the user entry into forwarding rules and specify a binding mode. The matching mode of forwarding rules can be adjusted to change the Internet access rules of users. For example, when only IP binding is adopted, packets that match the IP address are forwarded and the user can access the Internet. When IP+MAC binding is adopted, only users whose packets match both the IP address and MAC address can access the Internet.

In a Layer-3 authentication scenario, MAC addresses contained in packets received by the device are the address of the user gateway rather than the MAC addresses of users. Therefore, the IP binding mode should be adopted. Web authentication is based on IP+MAC binding by default. Users can determine the binding mode according to the accurate user information that can be obtained by the device. When both the IP addresses and MAC addresses of users are accurate, for example, in Layer-2 network deployment, IP+MAC binding is preferred. Otherwise, IP binding is preferred.

The configuration reference is as follows:

Ruijie(config)#web-auth template eportalv2 //Access the template.

Ruijie(config.tmplt.eportalv2)#bindmode ip-only-mode //Change the binding mode to IP binding.

Note: IP binding needs to be enabled in the Web template and is not applicable to large gateway scenarios. If the authentication mode is gateway mode, the error "%Error: ip-only-mode can not be used in gateway mode." is displayed after the preceding command is executed. Change the command to the following:

Ruijie(config.tmplt.eportalv2)#bindmode ip-mac-mode //Change the binding mode to IP+MAC binding.

Welcome to Ruijie Community (https://community.ruijienetworks.com/)