Specifications

ManualsBrandsEnterasys ManualsComputer equipmentRoamAbout RBT-8100

431

432

433

434

435

436

437

438

439

440

Configuring SODA Functionality

RoamAbout Mobility System Software Configuration Guide 20-5

Creating the SODA Agent with SODA Manager

SygateOn‐DemandManager(SODAManager)isaWindowsapplicationusedforconfiguring

securitypoliciesbasedonlocations,andforcreatingagentsthatenforcethosesecuritypolicies.For

informationonhowtouseSODAManagertocreatesecuritypolicies,seethedocumentationthat

camewiththeproduct.

YoucanuseSODA

ManagertocreateaSODAagent,configuringthelevelofsecuritydesired

accordingtotherequirementsofyournetwork.WhenaSODAagentiscreated(bypressingthe

ApplybuttoninSODAManager),asubdirectorycalledOn‐DemandAgentiscreatedinthe 

C:\ProgramFiles\Sygate\SygateOn‐Demanddirectory.

Youplacethe

contentsoftheOn‐DemandAgentdirectoryintoa.zipfile(forexample,soda.ZIP)and

copythefiletotheRoamAboutSwitchusingTFTP,asdescribedin“CopyingtheSODAAgentto

theRoamAboutSwitch”onpage 20‐6.

NotethefollowingwhencreatingtheSODAagentinSODAManager:

•Thefailure.htmland

success.htmlpages,whenspecifiedassuccessorfailureURLsinSODA

Manager,mustbeoftheformat:

https://hostname/soda/ssid/xxx.html

wherexxxreferstothenameoftheHTMLfilebeingaccessed.

•ThesuccessandfailureURLsconfiguredinSODAManagerarerequiredtohavetwo

keywordsinthem:/soda/andsuccess.htmlorfailure.html.The

/soda/keywordmustimmediatelyfollowthehostname.Thehostnamemustmatchthe

CommonNamespecifiedin

theWebAAAcertificate.

•Thelogoutpageisrequiredtohave/logout.htmlintheURL.

•ThehostnameofthelogoutpageshouldbesettoanamethatresolvestotheRoamAbout

Switch’s IPaddressontheVLANwheretheclientresides,orshouldbe theIPaddressofthe

RoamAboutSwitch

ontheWebPortalWebAAAVLAN;forexample:

https://10.1.1.1/logout.html

Thelogoutpageshouldnotpointtoacertificatehostnamethatisunreacha blefromtheclient’s

VLAN,norshoulditpointtoanIPaddressthatisonadifferentVLAN,whichcausesthe

sourceMACaddresstobechangedtotherouter’s(gatewayʹs)MACaddress.TheRoamAbout

Switchuses

theclient’ssourceMACaddressandsourceIPaddresscombinationtomakesure

theclientispermittedtologitselfout.

IfthesourceIPaddressisonadifferentVLAN,thenthesou r ceMACaddressdoesnotmatch

withthesession’sMACaddress,andthelogoutprocedurefails.

• Followingthe

hostname,theURLofthelogoutpagemustexactlymatchlogout.html.You

cannotspecifyanyothersubdirectoriesintheURL.

•DonotusethePartnerIntegrationbuttoninSODAManagertocreateagentfiles.