Manualshelf

MSM7xx Controllers Configuration Guide v6.4.0

ManualsBrandsHP ManualsNetwork HardwareHP 425 Wireless Dual Radio 802.11n (WW) Access Point
471472473474475476477478479480
DescriptionPlaceholder
When the location-aware feature is enabled, returns the group name of the wireless access
point the user is associated with.
%G
When the location-aware feature is enabled, returns the Called-station-id content for the
wireless access point the user is associated with.
%C
Returns the string sent by the RADIUS server when an authentication request fails. The RADIUS
server must be configured to support this feature. The information contained in the returned
string depends on the configuration of the RADIUS server.
%r
Returns the MAC address of the wireless/wired client station that is being authenticated.%m
Returns the VLAN assigned to the client station at the controller ingress.%v
NOTE: The maximum length of the remote login page URL is 512 characters. If this is exceeded
(when using placeholders for example), the URL is truncated. It is therefore recommended that you
specify the most-important placeholders first.
Example
One way to use this feature is to offer a premium service for a given (or all) sites. For example, in
the controller profile, define two lists, one for normal usage and one for premium usage:
access-list=normal,REDIRECT,tcp,www.mypremiumservice.com,80
access-list=normal,ACCEPT,all,all,all
access-list=premium,ACCEPT,all,all,all
redirect-url=http://www.mysite.com/getpremium/
In the RADIUS profile for normal users, map them to the "normal" access list:
use-access-list=normal
In the RADIUS profile for premium users, map them to the "premium" access list:
use-access-list=premium
The access list only takes effect on an authentication, so a change of service as shown in this
example takes effect only at the users next authentication (login).
NOC authentication
The NOC authentication feature provides a secure way of authenticating public access users, with
strong mutual authentication between the login application on the Web server hosting the remote
login page and the controller used for authenticating user logins. This occurs via the two Colubris
AV-Pair value strings (ssl-noc-certificate and ssl-noc-ca-certificate), which define the locations of
two certificates. These certificates enable the controller to validate that the user login information
does indeed come from a trusted application.
For example, from a login application on the Web server.
ssl-noc-certificateURL_of_the_certificate
Certificate issued to the application on the Web server that will send user info to the controller for
authentication.
ssl-noc-ca-certificateURL_of_the_certificate
Certificate of the certificate authority (CA) that issued the NOC certificate.
For a more detailed example of using NOC authentication, see “NOC authentication” (page 549).
480 Working with RADIUS attributes