Configuration Guide Configuring Web Authentication
In Ruijie First-Generation Web Authentication, Accounting Stop packets are sent by the portal server. In Ruijie
Second-Generation Web Authentication, Accounting Stop packets are sent by the NAS, the same as Ruijie iPortal Web
Authentication.
The selection of the Web authentication versions depends on the type of the portal server in use.
Command parameters in this document may be shared by the three Web authentication versions or not. Read through
this document carefully to avoid parameter misconfiguration that will affect Web authentication.
Overview
Ruijie First-Generation
Web Authentication
The portal server is deployed and supports only Ruijie First-Generation Web Authentication.
Ruijie Second-Generation
Web Authentication
The portal server is deployed and complies with the CMCC WLAN Service Portal Specification.
Ruijie iPortal Web
Authentication
The portal server is not deployed, and the NAS supports Webpage interaction.
1.3.1 Ruijie First-Generation Web Authentication
HTTP Interception
HTTP interception means the NAS intercepts to-be-forwarded HTTP packets. Such HTTP packets are initiated by the
browsers of the clients connected to the NAS, but they are not destined for the NAS. For example, when a client attempts to
visit the website www.google.com using the Internet Explorer, the NAS is expected to forward the HTTP request packets to
the gateway. If HTTP interception is enabled, these packets will not be forwarded.
After HTTP interception is successful, the NAS redirects the HTTP requests from the client to itself to establish a session
between them. Then, the NAS pushes a Webpage to the client through HTTP redirection, which can be used for
authentication, software downloading or other purposes.
You can specify the clients and destination interfaces to enable or disable HTTP interception for Web authentication. In
general, HTTP requests from unauthenticated clients will be intercepted, and those from authenticated clients will not. HTTP
interception is the foundation of Web authentication. Web authentication is automatically triggered once HTTP interception
succeeds.
HTTP Redirection
According to HTTP protocols, after the NAS receives a HTTP GET or HEAD request packet from a client, a packet with 200
(Ok) status code is replied if it is able to provide the required resources, or a packet with 302 (Moved Temporarily) status
code is returned if unable. Another URL is provided in the 302 packet. After receiving the packet, the client may resend a
HTTP GET or HEAD request packet to the new URL for requesting resources. This process is called redirection.
HTTP redirection is an important procedure following HTTP interception in Web authentication. It takes the advantage of 302
status code defined in HTTP protocols. HTTP interception creates a session between the NAS and a client. The client sends
HTTP GET or HEAD request packets (which should have been sent to another site) to the NAS. The NAS responds with a
302 packet with a specific redirection page. Thereby, the client resends the requests to the redirection page.
To Next Page
Loading...
Need help?
General
