Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This section illustrates the DHCP authen tication process. As illustrated in Figure 32.1, the DHCP authentication process begins when a DHCP client attempts to connect to the network. The member DHCP ser ver checks if the MAC address of the DHCP client matches a MAC address in the guest or authenticated MAC address filters. If the member does not find a match, it assigns an IP address from the quarantine range to the DHCP client. When the client tries to access a web site, it is redirected to the captive portal page.






























1272NIOS Administrator Guide (Rev. A)NIOS 8.1
About Authenticated DHCP

Figure 32.1 Stage 1: Quarantining an Unauthenticated DHCP Client













Grid Master






DHCP
authenticated 192.168.1.50 -
192.168.1.150Client








1 DHCP client sends a DHCP request to the member DHCP server.


2Authenticated MAC Address Filter
Grant LeasesGuest
MAC Address Filter Grant LeasesThe MAC address filters for the authorized and guest IP address ranges do not contain the MAC address of the DHCP client.


DHCP Server
Captive Portal Server





guest 192.168.1.151 -
192.168.1.170
Quarantined 192.168.1.250
The NIOS appliance assigns an IP
Guest and Authenticated quarantine MAC Address Filters 192.168.1.225 -
Deny Leases192.168.1.2543 address from the quarantine range.
Note that the quarantine range in Figure 32.1 contains MAC address filters to deny leases in the quarantine range to DHCP clients with MAC addresses that match those in the Guest and Authenticated MAC address filters.
When the client connects to the captive portal IP address through its web browser, the user can register and continue the authentication process to obtain an IP address from the authenticated DHCP range, or register as a guest and obtain an IP address from the guest DHCP range.


























NIOS 8.1NIOS Administrator Guide (Rev. A) 1273
Authenticated DHCP

If the user chooses to continue the authentication process, as shown in Figure 32.2, the member authenticates the user with the authentication service that you configured, which can be RADIUS, LDAP, or AD.
Figure 32.2 Stage 2a: Authenticating the User



















Grid Master


Quarantined DHCP Client



HTTP Connection
DHCP Server
Captive Portal Server
RADIUS/LDAP /AD






Authentication Servers
1 The quarantined DHCP client is redirected to the captive portal.The user enters login information, such
as user name and password.
The member authenticates
2 the user through the
method that you configured.

3 The captive portal server sends the authentication result to the member DHCP server.
MAC Address Filter Authenticated Grant Leases

Authenticated 192.168.1.75
authenticated 192.168.1.50 -
192.168.1.150
4 The member adds the MAC address of the client to the MAC address filter for the
authenticated range and assigns the client system an IP address in the authenticated range.

After the client successfully passes the authentication stage, the appliance stores the MAC address of the client in the MAC address filter for the authenticated range. When the client tries to renew its IP address, it receives a new IP address from the authenticated DHCP range.
Note that if the MAC address filter has an expiration period, the member automatically deletes expired MAC addresses from the filter. Therefore, if a DHCP client tries to renew its IP address after the expiration period, the client is redirected to the captive portal because its MAC address is no longer in the MAC address filter. For more information, see Defining MAC Address Filters .







1274NIOS Administrator Guide (Rev. A)NIOS 8.1
About Authenticated DHCP

If the user chooses to sign in as a guest, as shown in Figure 32.3, the user can fill in the guest registrati.3 Stage 2b: Registering as a Guest


















Grid Master
Quarantined DHCP Client
Infoblox DHCP Server
Infoblox Captive Portal Server







HTTP Connection
1 The quarantined DHCP client connects to the captive portal.

2 The user chooses to register as a guest, so the server displays the guest registration page. The user enters information on the guest registration page.MAC Add
G
Grantress Filter est LeasesuGuest
192.168.1.165guest
192.168.1.151 -
192.168.1.1703The server adds the MAC address of
the client to the MAC address filter for the guest range and assigns an IP address from the guest DHCP range.
After the user signs in as a guest, the appliance stores the MAC address of the client in the MAC address filter for the guest range. When the DHCP client tries to renew its IP address, it receives a new IP address from the guest DHCP range, unless the MAC address of the client expired and was removed from the filter. In this case, the DHCP client is redirected to the captive portal.

















NIOS 8.1NIOS Administrator Guide (Rev. A) 1275
Authenticated DHCP


  • No labels