Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

361

362

363

364

365

366

367

368

369

370

Configuring Web Web Portal WebAAA

17-22 Configuring AAA for Network Users

Configuring Web Web Portal WebAAA

WebAAAsimplifiessecureaccesstounencryptedSSIDs.WhenauserrequestsaccesstoanSSID

orattemptstoaccessawebpagebeforeloggingontothenetwork,MSSservesaloginpagetothe

user’sbrowser.Aftertheuserentersausernameandpassword,MSSchecksthelocaldatabaseor

RADIUS

serversfortheuserinformation,andgrantsordeniesaccessbasedonwhethertheuser

informationisfound.

MSSredirectsanauthenticateduserbacktotherequestedwebpage,ortoapagespecifiedbythe 

administrator.

WebAAA,likeothertypesofauthentication,isbasedonanSSIDorona

wiredauthentication

port.

YoucanuseWebAAAonbothencryptedandunencryptedSSIDs.IfyouuseWebAAAonan

encryptedSSID,youcanusestaticWEPorWPAwithPSKastheencryptiontype.

MSSprovidesanEnterasysNetworksloginpage,whichisusedbydefault.Youcanaddcustom

pagestotheRoamAboutswitch’snonvolatilestorage,andconfigureMSStoservethose

pagesinstead.

How Web Web Portal WebAAA Works

1. AWebAAAuserattemptstoaccessthenetwork.Forawirelessuser,thisbeginswhenthe

user’snetworkinterfacecard(NIC)associateswithanSSIDonaEnterasysradio.Forawired

authenticationuser,thisbeginswhentheuser’sNICsendsdataonthewiredauthentication

port.

2. MSSstartsaportal

sessionfortheuserandplacestheuserinaVLAN.

•Iftheuseriswireless(associatedwithanSSID),MSSassignstheusertotheVLANsetby

thevlan‐nameattributefortheSSID’sserviceprofile.

•Iftheuserisonawiredauthenticationport,theVLANisthe

oneassignedtotheweb‐

portal‐wireduser.

3. Theuseropensawebbrowser.ThewebbrowsersendsaDNSrequestfortheIPaddressofthe

homepage,oraURLrequestedbytheuser.

4. MSSdoesthefoll owing:

•InterceptstheDNSrequest,usestheMSSDNSproxytoobtain

theURL’sIPaddressfrom

thenetworkDNSserver,andsendstheaddresstotheuser’sbrowser.

•ServesaloginpagetotheWebAAAuser.(Alsosee“DisplayoftheLoginPage”on

page 17‐23.)

5. TheuserenterstheirusernameandpasswordintheWebAAAloginpage

6. MSSauthenticatesthe

userbycheckingRADIUSortheswitch’slocaldatabaseforthe

usernameandpasswordenteredbytheuser.Iftheuserinformationispresent,MSS

authorizestheuserbasedontheauthorizationattributessetfortheuser.

Note: Web Web Portal WebAAA replaces the WebAAA implementation in MSS Version

3.x. The previous implementation is deprecated beginning in MSS Version 4.0. During

upgrade from MSS Version 3.x, your 3.x WebAAA configuration is automatically

converted to a Web Web Portal WebAAA configuration.