Netgear XCM8806 Chassis User Manual - Page 432
Authentication Failure and Services Unavailable Handling, Displaying the Port Restart Configuration
View all Netgear XCM8806 Chassis manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 432 highlights
NETGEAR 8800 User Manual Displaying the Port Restart Configuration To display the network login settings on the port, including the configuration for port restart, use the following command: show netlogin port Output from this command includes the enable/disable state for network login port restart. Authentication Failure and Services Unavailable Handling The NETGEAR 8800 provides the following features for handling network login authentication failures, and for handling instances of services unavailable: • Configuring Authentication Failure VLAN on page 432 • Configuring Authentication Services Unavailable VLAN on page 433 • Configuring Reauthentication Period on page 424 You can use these features to set and control the response to network login authentication failure and instances of services unavailable. Configuring Authentication Failure VLAN When a network login client fails authentication, it is moved to authentication failure VLAN and given restricted access. To configure the authentication failure VLAN, use the following commands: configure netlogin authentication failure vlan unconfigure netlogin authentication failure vlan enable netlogin authentication failure vlan ports disable netlogin authentication failure vlan ports Use the command netlogin authentication failure vlan to configure authentication failure VLAN on network-login-enabled ports. When a supplicant fails authentication, it is moved to the authentication failure VLAN and is given limited access until it passes the authentication. Through either a RADIUS or local server, the other database is used to authenticate the client depending on the authentication database order for that particular network login method (mac, web or dot1x). If the final result is authentication failure and if the authentication failure VLAN is configured and enabled on that port, then the client is moved there. For example, if the network login MAC authentication database order is local, radius and the authentication of a MAC client fails through local database, then the RADIUS server is used to authenticate. If the RADIUS server also fails authentication, the client is moved to the authentication failure VLAN. This applies for all authentication database orders (radius,local; local,radius; radius; local). In the above example if authentication through local fails but passes through the RADIUS server, the client is moved to appropriate destination VLAN. If the local server authentication fails and the RADIUS server is not available, the client is not moved to authentication failure VLAN. 432 | Chapter 16. Network Login