MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point

471

472

473

474

475

476

477

478

479

480

proxy requests. HTTP requests such as GET / HTTP/1.0 are transformed into GET

http://www.website.com/HTTP/1.0 before being forwarded to the third-party server.

NOTE: The HTTP proxy upstream feature targets the HTTP protocol and not HTTPS. Because of

this, HTTPS only works if users have configured their browsers for HTTP proxy usage. In the case

of transparent proxy, the connection will not be detected as HTTP-compatible and will not be

redirected to the upstream proxy server.

By default this feature listens to TCP port 8088 on the LAN port. However, it can be configured to

capture other ports. This is done by defining an access list and DNAT server. For example:

HTTP-Proxy-Upstream=myproxy.com:8888

Access-List=mylist,DNAT-SERVER,tcp,*mydomain.com,80

Use-access-list=mylist

DNAT-Server=mylist,192.168.1.1,8088

This example forces any incoming traffic, with a matching target protocol, address, or port number

(tcp,*mydomain.com,80) to be redirected to the internal HTTP proxy. Then, because of the

HTTP-Proxy-Upstream keyword, the traffic is forwarded to myproxy.com.

NOTE: The HTTP-Proxy-Upstream definition must exclude any traffic addressed to the controller

public access interface, otherwise HTML-based users will not be able to login.

Syntax

HTTP-Proxy-Upstream=hostname:port

Where:

DescriptionParameter

Specify the IP address or domain name of the proxy server. Maximum

length is 253 characters.

hostname

Specify the port on the proxy server. Range: 1 to 65535.port

IPass login URL

This keyword lets you define the location of the IPass login page. The controller will automatically

redirect users with IPass client software to this page.

Syntax

ipass-login-url=URL_of_page

Where:

DescriptionParameter

Address of the IPass login page.URL_of_page

Global MAC-based authentication

The global MAC-based authentication feature enables you to define MAC-based authentication

settings that apply across all VSCs.

NOTE: You can also define MAC-based authentication settings on a per-VSC basis. See

“MAC-based authentication” (page 339) for a description of all MAC-based authentication options.

476 Working with RADIUS attributes