Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

361

362

363

364

365

366

367

368

369

370

Configuring Web Web Portal WebAAA

RoamAbout Mobility System Software Configuration Guide 17-23

7. Afterauthenticationandauthorizationarecomplete,MSSchangestheuser’ssessionfroma

portalsessionwiththenameweb‐portal‐ssidorweb‐portal‐wiredtoaWebAAAsessionwith

theuser’sname.Thesess ionremainsconnected,butisnowanidentity‐basedsessionforthe

userinsteadofaportal

session.

8. MSSredirectsthebrowsertotheURLinitiallyrequestedbytheuseror,iftheURLVSAis

configuredfortheuser,redirectstheusertotheURLspecifiedbytheVSA.

9. ThewebpagefortheURLtowhichtheuserisredirectedappearsintheuser’sbrowser

window.



Display of the Login Page

WhenaWebAAAclientfirsttriestoaccessawebpage,theclient’sbrowsersendsaDNSrequestto

obtaintheIPaddressmappedtothedomainnamerequestedbytheclient’sbrowser.The

RoamAboutSwitchproxiesthisDNSrequesttothenetwork’sDNSserver,thenproxiesthereply

backto

theclient.IftheDNSserverhasarecordfortherequestedURL,therequestissuccessful

andtheRoamAboutSwitchservesawebloginpagetotheclient.However,iftheDNSrequestis

unsuccessful,theRoamAboutSwitchdisplaysamessageinformingtheuserofthisanddoesnot

servetheloginpage.

IftheRoamAboutSwitchdoesnotreceiveareplytoaclient’sDNSrequest,theRoamAbout

SwitchspoofsareplytothebrowserbysendingtheRoamAboutSwitchswitch’sownIPaddress

astheresolutiontothebrowser’sDNSquery.TheRoamAboutSwitchalsoservestheweb

page.ThisbehaviorsimplifiesuseoftheWebAAAfeatureinnetworksthatdonothaveaDNS

server.However,iftherequestedURLisinvalid,thebehaviorgivestheappearancethatthe

requestedURLisvalid,sincethebrowserreceivesaloginpage.Moreover,thebrowsermight

cacheamapping

oftheinvalidURLtotheRoamAboutSwitchIPaddress.

IftheuserentersanIPaddress,mostbrowsersattempttocontacttheIPaddressdirectlywithout

usingDNS.SomebrowserseveninterpretnumericstringsasIPaddresses(indecimalnotation)if

avalidaddresscouldbeformedbyaddingdots

(dotteddecimalnotation).Forexample,

208194225132wouldbeinterpretedasavalidIPaddress,whenconvertedto208.194.225.132.

Note: MSS ignores the VLAN-Name or Tunnel-Private-Group-ID attribute associated with the user,

and leaves the user in the VLAN associated with the web-portal-ssid or web-portal-wired user.

These users are automatically created by MSS, and MSS associates the default VLAN with these

users by default. To associate a web-portal-ssid or web-portal-wired user with a VLAN other than

default, you must modify the user.