User's Manual
61JadeOSUserManual
• User input user name and password; browser will transfer it to the web portal
(authentication module in JadeOS), and then web portal send authentication re-
quest to the radius server
• JadeOS will decide whether authenticate successfully through user database in
radius server; if successfully authenticate, radius server will inform JadeOS, at
the same time, JadeOS inform portal server
• Portal server pops up welcome page; the user authentication is over
9.7.2 DNAT Redirect
The redirect operation of JadeOS is based on DNAT by default.
Before authentication, session ACL will redirect HTTP request to portal server.
The configuration command is as follows:
(JadeOS) (config) #ip access-list session pre-auth-acl
(JadeOS) (config-sess-pre-auth-acl)#any any tcp 0 65535 dst-nat ip 10.0.0.2 443
(JadeOS) (config-sess-pre-auth-acl)#any any ucp 0 65535 dst-nat ip 10.0.0.2 443
9.7.3 HTTP 302 Redirect
To configure HTTP 302 redirect, use the following steps:
Step 1 Configure URL list in config mode:
(JadeOS) (config)# aaa http-redirection-url 1 ip 10.0.0.1 url http://10.0.0.1/wlan/index.php
Step 2 Specify URL ID
(JadeOS) (AAA profile "aaa")#http-redir-url-id 1
Step 3 Enable http 302 redirect
(JadeOS) (AAA profile "aaa")#http-redirection enable
9.7.4 Configuring Portal Server
JadeOS web authentication will customize the login page through external portal
server. Portal server will configure a client according to RFC3576 definition; the cli-
ent is used for sending users’ disconnection and authorization change information to
JadeOS.
To configure RFC client, use the following command:
(JadeOS) (config)#aaa rfc-3576-client 119.6.200.203
(JadeOS) (RFC 3576 Client "119.6.200.203")#key 1234
TO configure the source port according to RFC3576 server, use the following com-
mand:
ip rfc-3576-server ip <IP> port <1-65535>
9.7.5 Configuring CoA Disconnect Message