Hi,
We are planning to replace the edgeswitch with this one, but I am not sure how to web authentication set it up.
The switch before replacement is configured to obtain an IP address (192.168.1.0/24) from the DHCP server before web authentication and use the distributed IP address even after passing web authentication.
I tried to set up the same settings for this switch, but it did not work.
client --- 5140switch --- CoreSW --- RADIUS server 192.168.20.1
|
------- DHCP server 192.168.30.1、192.168.30.2
|
------- server 192.168.1.0/24
When I connect a client to GE1/0/2 of this switch, I can confirm that the IP address is distributed from the DHCP server, but I cannot access the web authentication screen (http://10.0.0.1/portal/).
All routing on the 5140 switch is directed to the CoreSW gateway address (192.168.1.254), and the default gateway distributed by DHCP is the same IP address (192.168.1.254).
Since this is a private NW that is only used by this switch There is no routing for the network address (10.0.0.0/24) of the WEB authentication URL in the routing table of CoreSW.
When I set the default gateway for the client to the VLAN2 address (192.168.1.251) of the switch, I was able to access the web authentication screen.
I had thought that the 5140 switch would route communications directed to the web authentication address on its own, but this does not seem to be the case.
I don't want to change the DHCP server or CoreSW routing settings, so is there any way to configure the client to access the web authentication screen without changing the default gateway of the client?
Test Configuration
vlan 2
ip route-static 0.0.0.0 0.0.0.0 192.168.1.254
interface Vlan-interface 2
ip address 192.168.1.251 255.255.255.0
interface loopBack 0
description web-auth_address
ip address 10.0.0.1 24
radius scheme radius
primary authentication 192.168.20.1
key authentication simple password
user-name-format without-domain
domain auth
authentication default radius-scheme radius
authorization default radius-scheme radius
portal local-web-server http
default-logon-page weblogin.zip
web-auth server webauth
url http://10.0.0.1/portal/
ip 10.0.0.1 port 80
interface GigabitEthernet 1/0/1
description to_CoreSW
port access vlan 2
interface GigabitEthernet 1/0/2
description to_client
port access vlan 2
web-auth domain auth
web-auth enable apply server webauth
Thanks,
take