Comparison of web-based and 802.1x authentication – Extreme Networks 200 Series User Manual

72

Summit 200 Series Switch Installation and User Guide

Managing the Switch

it has to go to some other DHCP server in the network to obtain a permanent address, as is normally
done. DHCP is not required for 802.1x, because 802.1x use only Layer 2 frames (EAPOL).

URL redirection (applicable to web-based mode only) is a mechanism to redirect any HTTP request to
the base URL of the authenticator when the port is in unauthenticated mode. In other words when user
is trying to login to the network using the browser, it is first redirected to the Network Login page.
Only after a successful login is the user connected to the network.

Co-existence of Web-Based and 802.1x Authentication

ExtremeWare supports both web-based and 802.1x authentication. Authenticating with 802.1x does not
require any additional commands besides those used for web-based mode.

When a port is configured for network login, the port is put in unauthenticated state. It is ready to
perform either type of authentication. Whether to perform web-based or 802.1x depends on the type of
packets being received from the client. Web-based mode uses HTTP, while 802.1x uses EAPOL with an
Ethertype of 0x888e.

This implementation provides a smooth migration path from non-802.1x clients to 802.1x clients. The
advantage of web-based mode is platform-independence. While 802.1x mode is currently supported
natively only on Windows XP clients, any device with an Internet browser can perform web-based
network login.

Comparison of Web-Based and 802.1x Authentication

Pros of 802.1x Authentication:

•

In cases where the 802.1x is natively supported, login and authentication happens transparently.

•

Authentication happens at Layer 2. Does not involve getting a temporary IP address and subsequent
release of the address to a get a more permanent IP address.

•

Allows for periodic, transparent, re-authorization of supplicants.

Cons of 802.1x Authentication:

•

802.1x native support available only on the newer operating systems like Windows XP.

•

802.1x needs an EAP capable RADIUS server.

•

TLS authentication method involves Public Key Infrastructure involves more administration.

•

TTLS is still a Funk/Certicom IETF draft proposal, not a fully accepted standard but easy to deploy
and administer.

Pros of Web-based Authentication:

•

Works with any operating system with a web browser. No need for any client side software.

•

Has a more simple administration based on username and password.

Cons of Web-based Authentication:

•

Login process involves juggling with IP addresses and has to be done outside the scope of a regular
computer login, therefore it is not tied to Windows login. One has to specifically bring up a login
page and initiate a login.