Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

371

372

373

374

375

376

377

378

379

380

Configuring Web Web Portal WebAAA

17-28 Configuring AAA for Network Users

Configuring Web Portal WebAAA

ToconfigureWebPortalWebAAA:

1. ConfigureanSSIDorwiredauthenticationportandsetthefallthruauthenticationtypeto

web‐portal.ThedefaultforSSIDsandforwiredauthenticationportsisnone.

2. ConfigureindividualWebAAAusers.BecausetheVLANisassignedbasedontheweb‐

portal‐ssidorweb‐portal‐wired

user,whereitissettodefault,MSSignoresthe VLAN‐Name

andTunnel‐Private‐Group‐IDattributes.However,MSSdoesassignotherattributesifset.

3. ConfigurewebauthenticationrulesfortheWebAAAusers.

4. Savetheconfigurationchanges.

Web Portal WebAAA Configuration Example

ThisexampleconfiguresWebPortalWebAAAforwirelessusersofSSIDmycorp.Theweb‐portal‐

mycorpuserandtheindividualWebAAAusersareconfiguredinthelocaldatabase.

ThisexamplealsousesaVLANotherthandefaultforwebusers.BecauseadifferentVLANis

used,theweb‐portal‐mycorp

usermustbemodifiedtousetheVLAN.

1. Configuretheuser’s VLANonports2and3,andconfigureanIPinterfaceontheVLAN:

RBT-8100# set vlan corpvlan port 2-3

success: change accepted.

RBT-8100# set interface corpvlan ip 192.168.12.10 255.255.255.0

success: change accepted.

2. ConfigureunencryptedSSIDmycorpandset itsfallthruauthenticationtypetoweb‐portal:

RBT-8100# set service-profile mycorpsrvcprof ssid-name mycorp

success: change accepted.

RBT-8100# set service-profile mycorpsrvcprof ssid-type clear

success: change accepted.

RBT-8100# set service-profile mycorpsrvcprof auth-fallthru web-portal

success: change accepted.

3. ConfigureindividualWebAAAusers.

RBT-8100# set user alice password alicepword

success: change accepted.

RBT-8100# set user bob password bobpword

success: change accepted.

4. ConfigureawebauthenticationruleforWebAAAusers:

RBT-8100# set authentication web ssid mycorp ** local

success: change accepted.

Note: When you create the service profile for an SSID, make sure to set the SSID name before you

change the fallthru authentication type. Otherwise, MSS creates a web-portal-enterasys user,

because the default SSID name enterasys is still assigned to the new service profile.

Note: The VLAN does not need to be configured on the switch where you configure Web Portal but

the VLAN does need to be configured on a switch somewhere in the Mobility Domain. The user’s

traffic will be tunneled to the switch where the VLAN is configured.