Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
211212213214215216217218219220
OmniAccess SafeGuard OS Administration Guide
220
Chapter 6: Configuring Authentication and Role Derivation
This command has no options or parameters. The output of the command is similar to
this example:
(SafeGuardOS) #show aaa timer-config
Protocol Configuration
----------------------
Number of Rows:6
Protocol Force Ageout (Secs 0 - never)
-------- ---------------
mac-radius 600
radius 600
kerberos 600
captive-portal 3600
(SafeGuardOS) #
Configuring Captive Portal
This section describes the commands used for configuring, enabling, and customizing
Captive Portal.
Captive Portal provides active, HTTP-based authentication for users. When a user first
attempts to open a web browser, the initial connection is hijacked. The user is redirected
to a switch-local web page that prompts him or her for a user name and password. This
login page also allows the user to select from one or more domains using a pull-down
menu. By default, the redirected location is cp.Alcatel-Lucent.com. This name is available
through DNS to any host connected to the Internet. If DNS is not available, or the client is
on a private network, this name can either be added to private DNS or the redirected
location can be reconfigured.
.
The local user name and password are found in the local authentication database, if not
found, the RADIUS server is presented with the credentials. If the user is authenticated, a
welcome screen popup is displayed and the original URL is opened in the browser.
The device opens a final window, called the heartbeat window. This window periodically
re-contacts the device to let it know that the user is still logged in. The refresh interval on
this window is configurable. If the user fails authentication, a failure message is
displayed and user traffic continues to be blocked. SafeGuard devices support both SSL
and clear-text versions of this setup. If the device is configured to do SSL, the redirected
URL reflects this configuration with an https prefix.
Field Description
Protocol Configured protocols.
Force Ageout Timeout (in seconds) for a user authenticating with this
protocol. Valid range is between 1to 5184000 seconds.