What is Network Login? 81How Network LoginWorksWhen Network Login is enabled the Switch acts as a relay agent betweenthe client device that is requesting access to the network and the RADIUSserver. The authentication information that is exchanged between theclient device and the RADIUS server is received and transmitted by theSwitch, as shown in Figure 19. The Switch does not interpret or store thisinformation.If the RADIUS server is unavailable, the switch may be configured toprovide default access on each port that has switch-configured VLAN andQoS parameters. If default access has not been configured the switchwill maintain port security settings.Figure 19 Network Login OperationWhen the client device and RADIUS server have exchangedauthentication information, the Switch receives either an authenticationsucceeded or failed message from the server, and then configures theport to forward or filter traffic as appropriate. If access is granted, theSpanning Tree Protocol places the port into the forwarding state and theclient device can obtain an IP address.If possible, when a port is configured for Network Login, it should also beconfigured to ‘Auto’ or ‘Enable’ Spanning Tree Protocol (STP) FastStart.STP Faststart minimizes the delay before STP places the port into theforwarding state.Network Access Server(Switch 4200)Network Access Client(Client Device)AuthenticationInformationAuthenticationInformationRADIUS Serverdua1730-0bAA03.book Page 81 Monday, July 11, 2005 11:14 AM
