Alcatel-Lucent AOS-W 6.5.3.x

To Next Page

To Previous Page

1078| External User Management AOS-W 6.5.3.x| User Guide

The following example illustrates using the default-xml-api AAA profile.

(host) (config) #aaa profile default-xml-api

(host) (AAA Profile "default-xml-api") #xml-api-server 10.11.12.13

(host) (AAA Profile "default-xml-api") #exit

(host) (config) #show aaa profile default-xml-api

AAA Profile "default-xml-api" (Predefined (changed))

----------------------------------------------------

Parameter Value

--------- -----

Initial role logon

MAC Authentication Profile N/A

MAC Authentication Default Role guest

MAC Authentication Server Group default

802.1X Authentication Profile N/A

802.1X Authentication Default Role guest

802.1X Authentication Server Group N/A

RADIUS Accounting Server Group N/A

XML API server 10.11.12.13

RFC 3576 server N/A

User derivation rules N/A

Wired to Wireless Roaming Enabled

SIP authentication role N/A

Your switch is now ready to receive API calls from your XML API server.

Setting up the Captive Portal Profile

Set up a Captive Portal profile with a login page that will redirect users to the external Captive Portal server.

(host) (config-role) #aaa authentication captive-portal captive-portal-auth

(host) (Captive Portal Authentication Profile "captive-portal-auth") #default-role

authenticated

(host) (Captive Portal Authentication Profile "captive-portal-auth") #login-page

https://10.11.12.13/cgi-bin/login.pl

(host) (Captive Portal Authentication Profile "captive-portal-auth") #switch-in-redirection-

url

The login-page https://10.11.12.13/cgin-bin/login.pl is for illustration purposes where the login.pl is a Perl script on the

external server that handles the external captive portal.

Associating the Captive Portal Profile to an Initial Role

(host) (Captive Portal Authentication Profile "captive-portal-auth") #user-role logon

(host) (config-role) #captive-portal captive-portal-auth

(host) (config-role) #session-acl captiveportal

(host) (config-role) #!

You can either create a new ACL or append specific rules to an existing ACLs. To create session ACL for the

logon role do the following:

(host) (config) #ip access-list session captiveportal

(host) (config-sess-captiveportal)#user alias xCP svc-https permit

(host) (config-sess-captiveportal)#user alias xCP svc-http permit

(host) (config-sess-captiveportal) #!

(host) (config) #netdestination xCP

(host) (config-dest) #host 10.11.12.13

(host) (config-dest) #!

Alcatel-Lucent AOS-W 6.5.3.x - Page 1078

Table of Contents