Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

361

362

363

364

365

366

367

368

369

370

Configuring Web Web Portal WebAAA

17-24 Configuring AAA for Network Users

WebAAA Requirements and Recommendations

RoamAbout Switch Requirements

• WebAAAcertificate—AWebAAAcertificatemustbeinstalledontheswitch.Youcanusea

self‐signed(signedbytheRoamAboutSwitch)WebAAAcertificateautomaticallygenerated

byMSS,manuallygenerateaself‐signedone,orinstallonesignedbyatrustedthird‐party

certificateauthority(CA).(Formoreinformation,seeChapter 16,

ManagingKeysand

Certificates.)

Ifyouchoosetoinstallaself‐signedWebAAAcertificate,useacommonname(arequired

fieldinthecertificate),thatresemblesawebaddressandcontainsatleastonedot.WhenMSS

servestheloginpagetothebrowser,thepage’sURLisbasedonthe

commonnameinthe

WebAAAcertificate.

Herearesomeexamplesofcommonnamesintherecommendedformat:

– webaaa.login

– webaaa.customername.com

– webaaa.local

Herearesomeexamplesofcommonnamesthatarenotintherecommendedformat:

– webaaa

– ets_webaaa

–web

•UserVLAN—AnIPinterfacemustbeconfiguredontheuser’sVLAN.Theinterfacemustbe

inthesubneton

whichtheDHCPserverwillplacetheuser,sothattheswitchcan

communicatewithboththeclientandtheclient’spreferredDNSserver.(Toconfigurea

VLAN,see“ConfiguringandManagingVLANs”onpage 4‐14.)

Ifuserswillroamfromtheswitchwheretheyconnecttothenetworkto

otherswitches,the

systemIPaddressesoftheswitchesshouldnotbeintheweb‐portalVLAN.

AlthoughtheSSID’sdefaultVLANandtheuserVLANmustbethesame,youcanusea

locationpolicyontheswitchwheretheserviceprofileisconfiguredtomovetheuserto

anotherVLAN.TheotherVLANisnotrequiredtobestaticallyconfiguredontheswitch.The 

VLANdoeshavethesamerequirements asotheruserVLANs,asdescribedabove.For

example,theuserVLANontheroamed‐toswitch musthaveanIPinterface,theinterface

mustbeinthesubnet

thathasDHCP,andthesubnetmustbethesameonetheDHCPserver

willplacetheuserin.

Note: MSS Version 5.0 does not require or support special user web-portal-ssid, where ssid is the

SSID the Web-Portal user associates with. Previous MSS Versions required this special user for

Web-Portal configurations. Any web-portal-ssid users are removed from the configuration during

upgrade to MSS Version 5.0. However, the web-portal-wired user is still required for Web Portal on

wired authentication ports.