Working with RADIUS attributes
Colubris AV-Pair - Site attribute values
15-50
Security issues
It is recommended that the Web server hosting the remote login page be secured with
SSL (requires an SSL certificate from a well-known certificate authority), to ensure that
user logins are secure. Without SSL security, logins are exposed and may be
compromised, enabling fraudulent use of the network.
Communications between the user’s browser and the controller is always SSL-based. The
default certificate on the controller generates a warning on the user’s browser unless
replaced with a certificate signed by a well-known certificate authority.
Example
1. Create the following folder on your Web sever: newlogin.
2. See Sample public access pages on page 14-15. Copy the following sample pages into the
newlogin folder:
login.html
transport.html
session.html
fail.html
logo.gif
3. Add the following entries to the Configured attributes table on the Public access >
Attributes page. (You can also define these attributes in the RADIUS profile for the
controller if you are using a RADIUS server.)
login-url=web_server_URL/newlogin/login.html?loginurl=%l
transport-page=web_server_URL/newlogin/transport.html
session-page=web_server_URL/newlogin/session.html
fail-page=web_server_URL/newlogin/fail.html
logo=web server URL/newlogin/logo.gif
access-list=loginserver,ACCEPT,tcp,web_server_IP_address
use-access-list=loginserver
4. Customize login.html to accept username and password information from users and
then send it to the controller. You can use code similar to the following example to
redirect the user’s Web browser to the login URL on the controller for authentication:
<form action="https://wireless.colubris.com:8090/goform/HtmlLoginRequest"
method="POST">
For more flexibility, the remote login page should be written using a server-side scripting
language such as ASP, PHP, or PERL. This enables the remote login page to take
advantage of any placeholders that may have been defined in the login-url.
%m
Returns the MAC address of the client station that is being
authenticated.
%v
Returns the VLAN assigned to the client station at the controller
ingress (LAN port).
Placeholder Description
To Next Page
Loading...
Need help?
General
