Home » Netgear Manuals » Hubs & Switches » Netgear M5300-28G3 » Manual Viewer

Netgear M5300-28G3 Software Administration Manual - Page 531

Captive Portal

Add to My Manuals
Save this manual to your list of manuals

Page 531 highlights

32. Captive Portal 32 This chapter includes the following sections: • Captive Portal Configuration on page 532 • Enable Captive Portal on page 532 • Client Access, Authentication, and Control on page 534 • Block a Captive Portal Instance on page 535 • Local Authorization, Create Users and Groups on page 535 • Remote Authorization (RADIUS) User Configuration on page 537 • SSL Certificates on page 539 The captive portal feature is a software implementation that blocks clients from accessing the network until user verification has been established. You can set up verification to allow access for both guests and authenticated users. Authenticated users must be validated against a database of authorized captive portal users before access is granted. The authentication server supports both HTTP and HTTPS Web connections. In addition, you can configure captive portal to use an optional HTTP port (in support of HTTP proxy networks). If configured, this additional port is then used exclusively by captive portal. Note that this optional port is in addition to the standard HTTP port 80, which is currently being used for all other Web traffic. Captive portal for wired interfaces allows the clients directly connected to the switch to be authenticated using a captive portal mechanism before the client is given access to the network. When a wired physical port is enabled for captive portal, the port is set in captive-portal- enabled state such that all the traffic coming to the port from the unauthenticated clients is dropped except for the ARP, DHCP, DNS and NETBIOS packets. The switch forwards these packets so that unauthenticated clients can get an IP address and resolve the hostname or domain names. Data traffic from authenticated clients goes through, and the rules do not apply to these packets. All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch for all the ports that are enabled for captive portal. When an unauthenticated client opens a Web browser and tries to connect to network, the captive portal redirects all the HTTP/HTTPS traffic from unauthenticated clients to the authenticating server on the switch. A captive portal Web page is sent back to the unauthenticated client. The client can authenticate. If the client successfully authentiates, the client is given access to port. Chapter 32. Captive Portal | 531

Section	Page
ProSafe M5300 Managed Switch	1
Table of Contents	3
1. Documentation Resources	15
2. VLANs	16
Create Two VLANs	17
CLI: Create Two VLANS	17
Web Interface: Create Two VLANS	18
Assign Ports to VLAN2	19
CLI: Assign Ports to VLAN2	19
Web Interface: Assign Ports to VLAN2	19
Create Three VLANs	20
CLI: Create Three VLANS	20
Web Interface: Create Three VLANS	20
Assign Ports to VLAN3	22
CLI: Assign Ports to VLAN3	22
Web Interface: Assign Ports to VLAN3	23
Assign VLAN3 as the Default VLAN for Port 1/0/2	24
CLI: Assign VLAN3 as the Default VLAN for Port 1/0/2	24
Web Interface: Assign VLAN3 as the Default VLAN for Port 1/0/2	24
Create a MAC-Based VLAN	25
CLI: Create a MAC-Based VLAN	25
Web Interface: Assign a MAC-Based VLAN	26
Create a Protocol-Based VLAN	28
CLI: Create a Protocol-Based VLAN	28
Web Interface: Create a Protocol-Based VLAN	29
Virtual VLANs: Create an IP Subnet–Based VLAN	30
CLI: Create an IP Subnet–Based VLAN	31
Web Interface: Create an IP Subnet–Based VLAN	32
Voice VLANs	33
CLI: Configure Voice VLAN and Prioritize Voice Traffic	34
Web Interface: Configure Voice VLAN and Prioritize Voice Traffic	36
Private VLANs	43
Assign Private-VLAN Types (Primary, Isolated, Community)	45
CLI: Assign Private-VLAN Type (Primary, Isolated, Community)	45
Web Interface: Assign Private-VLAN Type (Primary, Isolated, Community)	45
Configure Private-VLAN Association	47
CLI: Configure Private-VLAN Association	47
Web Interface: Configure Private-VLAN Association	47
Configure Private-VLAN Port Mode (Promiscuous, Host)	48
CLI: Configure Private-VLAN Port Mode (Promiscuous, Host)	48
Web Interface: Configure Private-VLAN Port Mode (Promiscuous, Host)	48
Configure Private-VLAN Host Ports	49
CLI: Configure Private-VLAN Host Ports	49
Web Interface: Assign Private-VLAN Port Host Ports	49
Map Private-VLAN Promiscuous Port	51
CLI: Map Private-VLAN Promiscuous Port	51
Web Interface: Map Private-VLAN Promiscuous Port	51
3. LAG s	53
Create Two LAGs	54
CLI: Create Two LAGs	54
Web Interface: Create Two LAGs	54
Add Ports to LAGs	55
CLI: Add Ports to the LAGs	56
Web Interface: Add Ports to LAGs	57
Enable Both LAGs	58
CLI: Enable Both LAGs	58
Web Interface: Enable Both LAGs	58
4. Port Routing	59
Port Routing Configuration	60
Enable Routing for the Switch	61
CLI: Enable Routing for the Switch	61
Web Interface: Enable Routing for the Switch	61
Enable Routing for Ports on the Switch	61
CLI: Enable Routing for Ports on the Switch	62
Web Interface: Enable Routing for Ports on the Switch	62
Add a Default Route	64
CLI: Add a Default Route	64
Web Interface: Add a Default Route	64
Add a Static Route	65
CLI: Add a Static Route	65
Web Interface: Add a Static Route	66
5. VLAN Routing	67
Create Two VLANs	67
CLI: Create Two VLANs	68
Web Interface: Create Two VLANs	69
Set Up VLAN Routing for the VLANs and the Switch	72
CLI: Set Up VLAN Routing for the VLANs and the Switch	72
Web Interface: Set Up VLAN Routing for the VLANs and the Switch	73
6. RIP	74
Routing for the Switch	75
CLI: Enable Routing for the Switch	75
Web Interface: Enable Routing for the Switch	75
Routing for Ports	76
CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/3	76
Web Interface: Enable Routing for the Ports	76
RIP for the Switch	77
CLI: Enable RIP on the Switch	77
Web Interface: Enableg RIP on the Switch	78
RIP for Ports 1/0/2 and 1/0/3	78
CLI: Enable RIP for Ports 1/0/2 and 1/0/3	78
Web Interface: Enable RIP for Ports 1/0/2 and 1/0/3	79
VLAN Routing with RIP	80
CLI: Configure VLAN Routing with RIP Support	80
Web Interface: Configure VLAN Routing with RIP Support	82
7. OSPF	84
Inter-area Router	85
CLI: Configure an Inter-area Router	85
Web Interface: Configure an Inter-area Router	87
OSPF on a Border Router	90
CLI: Configure OSPF on a Border Router	90
Web Interface: Configure OSPF on a Border Router	91
Stub Areas	95
CLI: Configure Area 1 as a Stub Area on A1	96
Web Interface: Configure Area 1 as a Stub Area on A1	97
CLI: Configure Area 1 as a Stub Area on A2	100
Web Interface: Configure Area 1 as a Stub Area on A2	101
nssa Areas	104
CLI: Configure Area 1 as an nssa Area	104
Web Interface: Configure Area 1 as an nssa Area on A1	105
CLI: Configure Area 1 as an nssa Area on A2	108
Web Interface: Configure Area 1 as an nssa Area on A2	110
VLAN Routing OSPF	113
CLI: Configure VLAN Routing OSPF	114
Web Interface: Configure VLAN Routing OSPF	115
OSPFv3	118
CLI: Configure OSPFv3	118
Web Interface: Configure OSPFv3	120
8. ARP	123
Proxy ARP Examples	123
CLI: show ip interface	123
CLI: ip proxy-arp	124
Web Interface: Configure Proxy ARP on a Port	124
9. VRRP	125
VRRP on a Master Router	126
CLI: Configure VRRP on a Master Router	126
Web Interface: Configure VRRP on a Master Router	127
VRRP on a Backup Router	128
CLI: Configure VRRP on a Backup Router	128
Web Interface: Configure VRRP on a Backup Router	129
10. ACLs	131
MAC ACLs	132
IP ACLs	132
ACL Configuration	132
Set Up an IP ACL with Two Rules	133
CLI: Set Up an IP ACL with Two Rules	133
Web Interface: Set Up an IP ACL with Two Rules	134
One-Way Access Using a TCP Flag in an ACL	137
CLI:Configure One-Way Access Using a TCP Flag in an ACL	137
Web Interface: Configure One-Way Access Using a TCP Flag in an ACL	141
Use ACLs to Configure Isolated VLANs on a Layer 3 Switch	152
CLI: Configure One-Way Access Using a TCP Flag in ACL Commands	153
Web Interface: Configure One-Way Access Using a TCP Flag in an ACL	155
Set up a MAC ACL with Two Rules	164
CLI: Set up a MAC ACL with Two Rules	164
Web Interface: Set up a MAC ACL with Two Rules	165
ACL Mirroring	167
CLI: Configure ACL Mirroring	167
Web Interface: Configure ACL Mirroring	168
ACL Redirect	172
CLI: Redirect a Traffic Stream	172
Web Interface: Redirect a Traffic Stream	173
Configure IPv6 ACLs	177
CLI: Configure an IPv6 ACL	178
Web Interface: Configure an IPv6 ACL	180
11. CoS Queuing	184
CoS Queue Mapping	185
Trusted Ports	185
Untrusted Ports	185
CoS Queue Configuration	186
Show classofservice Trust	186
CLI: Show classofservice Trust	186
Web Interface: Show classofservice Trust	187
Set classofservice Trust Mode	187
CLI: Set classofservice Trust Mode	187
Web Interface: Set classofservice Trust Mode	187
Show classofservice IP-Precedence Mapping	188
CLI: Show classofservice IP-Precedence Mapping	188
Web Interface: Show classofservice ip-precedence Mapping	188
Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	189
CLI: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode	189
Web Interface: Configure CoS-queue Min-bandwidth and Strict Priority Scheduler Mode	189
Set CoS Trust Mode for an Interface	190
CLI: Set CoS Trust Mode for an Interface	191
Web Interface: Set CoS Trust Mode for an Interface	191
Configure Traffic Shaping	191
CLI: Configure traffic-shape	192
Web Interface: Configure Traffic Shaping	192
12. DiffServ	193
DiffServ	194
CLI: Configure DiffServ	195
Web Interface: Configure DiffServ	197
DiffServ for VoIP	210
CLI: Configure DiffServ for VoIP	210
Web Interface: Diffserv for VoIP	212
Auto VoIP	217
CLI: Configure Auto VoIP	218
Web Interface: Configure Auto-VoIP	220
DiffServ for IPv6	221
CLI: Configure DiffServ for IPv6	221
Web Interface: Configure DiffServ for IPv6	222
Color Conform Policy	228
CLI: Configure a Color Conform Policy	228
Web Interface: Configure a Color Conform Policy	229
13. IGMP Snooping and Querier	236
IGMP Snooping	236
CLI: Enable IGMP Snooping on VLAN 100	236
Web Interface: Enable IGMP Snooping on VLAN 100	237
Show igmpsnooping	238
CLI: Show igmpsnooping	238
Web Interface: Show igmpsnooping	238
Show mac-address-table igmpsnooping	239
CLI: Show mac-address-table igmpsnooping	239
Web Interface: Show mac-address-table igmpsnooping	239
External Multicast Router	239
CLI: Configure the Switch with an External Multicast Router	240
Web Interface: Configure the Switch with an External Multicast Router	240
Multicast Router Using VLAN	240
CLI: Configure the Switch with a Multicast Router Using VLAN	240
Web Interface: Configure the Switch with a Multicast Router Using VLAN	241
IGMP Querier	241
Enable IGMP Querier	242
CLI: Enable IGMP Querier	242
Web Interface: Enable IGMP Querier	243
Show IGMP Querier Status	245
CLI: Show IGMP Querier Status	245
Web Interface: Show IGMP Querier Status	245
14. MVR (Multicast VLAN Registration)	246
Configure MVR in Compatible Mode	247
CLI: Configure MVR in Compatible Mode	248
Web Interface: Configure MVR in Compatible Mode	250
Configure MVR in Dynamic Mode	254
CLI: Configure MVR in Dynamic Mode	254
Web Interface: Configure MVR in Dynamic Mode	256
15. Security Management	260
Port Security	260
Set the Dynamic and Static Limit on Port 1/0/1	261
CLI: Set the Dynamic and Static Limit on Port 1/0/1	261
Web Interface: Set the Dynamic and Static Limit on Port 1/0/1	262
Convert the Dynamic Address Learned from 1/0/1 to a Static Address	263
CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address	263
Web Interface: Convert the Dynamic Address Learned from 1/0/1 to the Static Address	263
Create a Static Address	264
CLI: Create a Static Address	264
Web Interface: Create a Static Address	264
Protected Ports	264
CLI: Configure a Protected Port to Isolate Ports on the Switch	265
Web Interface: Configure a Protected Port to Isolate Ports on the Switch	267
802.1x Port Security	271
CLI: Authenticating dot1x Users by a RADIUS Server	271
Web Interface: Authenticating dot1x Users by a RADIUS Server	272
Create a Guest VLAN	277
CLI: Create a Guest VLAN	278
Web Interface: Create a Guest VLAN	279
Assign VLANs Using RADIUS	282
CLI: Assign VLANS Using RADIUS	283
Web Interface: Assign VLANS Using RADIUS	285
Dynamic ARP Inspection	288
CLI: Configure Dynamic ARP Inspection	289
Web Interface: Configure Dynamic ARP Inspection	290
Static Mapping	294
CLI: Configure Static Mapping	294
Web Interface: Configure Static Mapping	295
DHCP Snooping	296
CLI: Configure DHCP Snooping	296
Web Interface: Configure DHCP Snooping	297
Enter Static Binding into the Binding Database	299
CLI: Enter Static Binding into the Binding Database	299
Web Interface: Enter Static Binding into the Binding Database	300
Maximum Rate of DHCP Messages	300
CLI: Configure the Maximum Rate of DHCP Messages	301
Web Interface: Configure the Maximum Rate of DHCP Messages	301
IP Source Guard	302
CLI: Configure Dynamic ARP Inspection	302
Web Interface: Configure Dynamic ARP Inspection	303
16. SNTP	307
Show SNTP (CLI Only)	307
show sntp	307
show sntp client	308
show sntp server	308
Configure SNTP	309
CLI: Configure SNTP	309
Web Interface: Configure SNTP	310
Set the Time Zone (CLI Only)	311
Set the Named SNTP Server	311
CLI: Set the Named SNTP Server	312
Web Interface: Set the Named SNTP Server	312
17. Tools	314
Traceroute	314
CLI: Traceroute	315
Web Interface: Traceroute	316
Configuration Scripting	316
script	317
script list and script delete	317
script apply running-config.scr	318
Create a Configuration Script	318
Upload a Configuration Script	318
Pre-Login Banner	319
Create a Pre-Login Banner (CLI Only)	319
Port Mirroring	320
CLI: Specify the Source (Mirrored) Ports and Destination (Probe)	320
Web Interface: Specify the Source (Mirrored) Ports and Destination (Probe)	321
Dual Image	321
CLI: Download a Backup Image and Make It Active	322
Web Interface: Download a Backup Image and Make It Active	323
Outbound Telnet	324
CLI: show network	325
CLI: show telnet	325
CLI: transport output telnet	326
Web Interface: Configure Telnet	326
CLI: Configure the session-limit and session-timeout	327
Web Interface: Configure the Session Timeout	327
18. Syslog	328
Show Logging	329
CLI: Show Logging	329
Web Interface: Show Logging	329
Show Logging Buffered	331
CLI: Show Logging Buffered	331
Web Interface: Show Logging Buffered	332
Show Logging Traplogs	332
CLI: Show Logging Traplogs	332
Web Interface: Show Logging Trap Logs	332
Show Logging Hosts	333
CLI: Show Logging Hosts	333
Web Interface: Show Logging Hosts	334
Configure Logging for a Port	334
CLI: Configure Logging for the Port	334
Web Interface: Configure Logging for the Port	335
Email Alerting	336
CLI: Send Log Messages to [email protected] Using Account [email protected]	337
19. Switch Stacks	338
Switch Stack Management and Connectivity	338
The Stack Master and Stack Members	339
Stack Master	339
Stack Members	340
Stack Member Numbers	340
Stack Member Priority Values	341
Install and Power-up a Stack	341
Compatible Switch Models	341
Install a Switch Stack	342
Switch Firmware	342
Code Mismatch	343
Upgrade the Firmware	343
Migrate Configuration with a Firmware Upgrade	343
Copy Master Firmware to a Stack Member (Web Interface)	344
Configure a Stacking Port as an Ethernet Port	344
CLI: Configure a Stacking Port as an Ethernet Port	345
Web Interface: Configure a Stacking Port as an Ethernet Port	346
Stack Switches Using 10G Fiber	347
CLI: Stack Switches Using 10G Fiber	348
Web Interface: Stack Switches Using 10G Fiber	349
Add, Remove, or Replace a Stack Member	350
Add Switches to an Operating Stack	350
Remove a Switch from the Stack	351
Replace a Stack Member	351
Switch Stack Configuration Files	352
Preconfigure a Switch	353
Renumber Stack Members	354
CLI: Renumber Stack Members	354
Web Interface: Renumber Stack Members	355
Move the Stack Master to a Different Unit	356
CLI: Move the Stack Master to a Different Unit	356
Web Interface: Move the Stack Master to a Different Unit	356
M5300 and GSM73xxSv2 Mixed Stacking	357
Create a Mixed Stack with an M5300-28G3 Switch and a GSM7328Sv2 Switch	358
CLI: Change the SDM template on the M5300 switch to match the one on the GSM7328Sv2 switch.:	359
Web Interface: Change the SDM template on the M5300 switch to match the one on the GSM7328Sv2 switch.	359
Change the SDM template back to the default	360
CLI: Change the SDM template back to the default	360
Web Interface: Change the SDM template back to the default	360
20. SNMP	361
Add a New Community	361
CLI: Add a New Community	361
Web Interface: Add a New Community	362
Enable SNMP Trap	362
CLI: Enable SNMP Trap	362
Web Interface: Enable SNMP Trap	363
SNMP V3	363
CLI: Configure SNMP V3	364
Web Interface: Configure SNMP V3	364
sFlow	365
CLI: Configure Statistical Packet-Based Sampling of Packet Flows with sFlow	366
Web Interface: Configure Statistical Packet-based Sampling with sFlow	367
Time-Based Sampling of Counters with sFlow	369
CLI: Configure Time-Based Sampling of Counters with sFlow	369
Web Interface: Configure Time-Based Sampling of Counters with sFlow	369
21. DNS	370
Specify Two DNS Servers	370
CLI: Specify Two DNS Servers	370
Web Interface: Specify Two DNS Servers	371
Manually Add a Host Name and an IP Address	371
CLI: Manually Add a Host Name and an IP Address	371
Web Interface: Manually Add a Host Name and an IP Address	372
22. DHCP Server	373
Configure a DHCP Server in Dynamic Mode	373
CLI: Configure a DHCP Server in Dynamic Mode	373
Web Interface: Configure a DHCP Server in Dynamic Mode	374
Configure a DHCP Reservation	376
CLI: Configure a DHCP Reservation	377
Web Interface: Configure a DHCP Reservation	377
23. DHCPv6 Server	379
CLI: Configure DHCPv6	381
Web Interface: Configure an Inter-area Router	382
Configure Stateless DHCPv6 Server	386
CLI: Configure Stateless DNS Server	386
Web Interface: Configure Stateless DHCPv6 Server	387
24. Double VLANs and Private VLAN Groups	390
Double VLANs	390
CLI: Enable a Double VLAN	391
Web Interface: Enable a Double VLAN	391
Private VLAN Groups	394
CLI: Create a Private VLAN Group	395
Web Interface: Create a Private VLAN Group	396
25. Spanning Tree Protocol	400
Configure Classic STP (802.1d)	400
CLI: Configure Classic STP (802.1d)	400
Web Interface: Configure Classic STP (802.1d)	401
Configure Rapid STP (802.1w)	402
CLI: Configure Rapid STP (802.1w)	402
Web Interface: Configure Rapid STP (802.1w)	402
Configure Multiple STP (802.1s)	403
CLI: Configure Multiple STP (802.1s)	403
Web Interface: Configure Multiple STP (802.1s)	404
26. Tunnel	406
CLI: Create a Tunnel	407
Configure Switch GSM7328S_1	407
Configure Switch GSM7328S_2	408
Web Interface: Create a Tunnel	409
Configure Switch GSM7328S_1	409
Configure Switch GSM7328S_2	411
27. IPv6 Interface Configuration	414
Create an IPv6 Routing Interface	414
CLI: Create an IPv6 Routing Interface	414
Web Interface: Create an IPv6 Routing Interface	416
Create an IPv6 Network Interface	417
CLI: Configure the IPv6 Network Interface	418
Web Interface: Configure the IPv6 Network Interface	418
Create an IPv6 Routing VLAN	419
CLI: Create an IPv6 Routing VLAN	419
Web Interface: Create an IPv6 VLAN Routing Interface	421
Configure DHCPv6 Mode on the Routing Interface	424
CLI: Configure DHCPv6 mode on routing interface	424
Web Interface: Configure DHCPv6 mode on routing interface	425
28. PIM	427
PIM-DM	427
CLI: Configure PIM-DM	429
Web Interface: Configure PIM-DM	433
PIM-SM	451
CLI: Configure PIM-SM	452
Web Interface: Configure PIM-SM	456
29. DHCP L2 Relay and L3 Relay	478
DHCP L2 Relay	478
CLI: Enable DHCP L2 Relay	479
Web Interface: Enable DHCP L2 Relay	480
DHCP L3 Relay	484
Configure the DHCP Server Switch	484
Configure a DHCP L3 Switch	489
30. MLD	494
Configure MLD	495
CLI: Configure MLD	495
Web Interface: Configure MLD	497
MLD Snooping	508
CLI: Configure MLD Snooping	509
Web Interface: Configure MLD Snooping	510
31. DVMRP	513
CLI: Configure DVMRP	514
Web Interface: Configure DVMRP	520
32. Captive Portal	531
Captive Portal Configuration	532
Enable Captive Portal	532
CLI: Enable Captive Portal	532
Web Interface: Enable Captive Portal	533
Client Access, Authentication, and Control	534
Block a Captive Portal Instance	535
CLI: Block a Captive Portal Instance	535
Web Interface: Block a Captive Portal Instance	535
Local Authorization, Create Users and Groups	535
CLI: Create Users and Groups	536
Web Interface: Create Users and Groups	536
Remote Authorization (RADIUS) User Configuration	537
CLI: Configure RADIUS as the Verification Mode	538
Web Interface: Configure RADIUS as the Verification Mode	539
SSL Certificates	539

Match case Limit results 1 per page

Chapter 32.

Captive Portal

531

32.

Captive Portal

This chapter includes the following sections:

•

Captive Portal Configuration

on page

532

•

Enable Captive Portal

on page

532

•

Client Access, Authentication, and Control

on page

534

•

Block a Captive Portal Instance

on page

535

•

Local Authorization, Create Users and Groups

on page

535

•

Remote Authorization (RADIUS) User Configuration

on page

537

•

SSL Certificates

on page

539

The captive portal feature is a software implementation that blocks clients from accessing the

network until user verification has been established. You can set up verification to allow access

for both guests and authenticated users. Authenticated users must be validated against a

database of authorized captive portal users before access is granted.

The authentication server supports both HTTP and HTTPS Web connections. In addition, you

can configure captive portal to use an optional HTTP port (in support of HTTP proxy networks). If

configured, this additional port is then used exclusively by captive portal. Note that this optional

port is in addition to the standard HTTP port 80, which is currently being used for all other Web

traffic.

Captive portal for wired interfaces allows the clients directly connected to the switch to be

authenticated using a captive portal mechanism before the client is given access to the network.

When a wired physical port is enabled for captive portal, the port is set in captive-portal- enabled

state such that all the traffic coming to the port from the unauthenticated clients is dropped

except for the ARP, DHCP, DNS and NETBIOS packets. The switch forwards these packets so

that unauthenticated clients can get an IP address and resolve the hostname or domain names.

Data traffic from authenticated clients goes through, and the rules do not apply to these packets.

All the HTTP/HTTPS packets from unauthenticated clients are directed to the CPU on the switch

for all the ports that are enabled for captive portal. When an unauthenticated client opens a Web

browser and tries to connect to network, the captive portal redirects all the HTTP/HTTPS traffic

from unauthenticated clients to the authenticating server on the switch. A captive portal Web

page is sent back to the unauthenticated client. The client can authenticate. If the client

successfully authentiates, the client is given access to port.