Deployment Guide
Table Of Contents
- Table of Contents
- Preface
- About Extreme Campus Controller Deployment
- Configuring DHCP, NPS, and DNS Services
- Centralized Site with a Captive Portal
- Centralized Site with AAA Network
- Deploying a Mesh Network
- Configuring an External NAC Server for MBA and AAA Authentication
- Manage RADIUS Servers for User Authentication
- External Captive Portal on a Third-Party Server
- Access Control Rule Admin Portal Access
- Deploying Centralized Web Authentication
- Deploying ExtremeCloud IQ - SE as an External Captive Portal
- Deployment Strategy
- Configuring an External Captive Portal Network
- Editing the Configuration Profile for Network and Roles
- Extreme Campus Controller Default Pass-Through Rule
- Adding Extreme Campus Controller as a Switch to ExtremeCloud IQ - Site Engine
- Editing the Unregistered Policy on ExtremeCloud IQ - Site Engine
- Editing the ExtremeCloud IQ - Site Engine Profile for Policy and Location-Based Services
- Deploying an ExtremeGuest Captive Portal
- Deploying Client Bridge
- Deploying an Availability Pair
- Deploying Universal APs
- Extreme Campus Controller Pair with ExtremeLocation and AirDefense
- ECP Local Authentication
- PHP External Captive Portal, Controller’s Firewall Friendly API
- Index
WLAN.</span>");
exit;
}
// For this example the maximum duration of any user's
// session will be 36000 seconds. The session is terminated
// no later than this time. After the session is terminated,
// the user can access the network but will be unauthenticated
// again.
$max_duration = 36000;
// 2. Authenticate the user and select an appropriate role.
// Selecting the role is optional. If a role is not specified
// for the controller, the controller will apply the default
// authenticated role of the WLAN Service that the user is
// accessing.
$assigned_role = authenticate($username, $passwd);
if (false === $assigned_role) {
// Failed to authenticate the user.
// Authenticate prints the error message for
// the browser and exits.
exit;
}
// 3. Tell the controller that the user is authenticated,
// and tell it which role to apply to the user.
// 3.a Build the URL that needs to be signed.
$pUrl = makeUnsignedUrl($hwc_ip, $hwc_port, isHttps(), $token,
$username, $wlan, $assigned_role, $dest,
$max_duration);
// 3.b Sign the URL. Otherwise, the role and session
// duration options will be ignored by the controller.
$redirection = SimpleAws::createPresignedUrl(
$pUrl, 'BigAuthInc', $awsKeyPairs['BigAuthInc'],
$awsConfig['region'], $awsConfig['service'],
$awsConfig['expires']);
if (null == $redirection) {
// Quietly exit. createPresignedUrl has already
// reported an error to the browser.
exit;
}
header( 'Location: '.$redirection);
exit;
// End of mainline.
// A method that validates the user's credentials and
// returns the role to apply to the user. In some cases,
// this routine might also return the maximum session
// duration in seconds.
//
// For purposes of this example, this procedure is
// not much more than a stub. The stub can be replaced
// by any authentication method, such as sending access
// requests to a backend RADIUS server, or performing
// a lookup in an application credential database.
function authenticate($userid, $passwd) {
if (("" == $userid) || ("" == $passwd)) {
printError("Invalid Userid or Password. ".
"Please press the 'Back' button and try again.");
// If you generate another login page for the user,
// be sure to copy the hwc_ip address, hwc_port,
// token and dest attributes from the submitted
// login form to the login page.
return false;
} else {
// Return the name of a role to be applied
// to the station. The role must be defined on
// the controller or it will substitute the
login.php
PHP External Captive Portal, Controller’s Firewall
Friendly API
202 Extreme Campus Controller Deployment Guide for version 5.46.03