Wireless/Redundant Edge Services xl Module Management and Configuration Guide WS.01.03 or greater

7-7

Web Authentication for Mobile Users

Overview

■ Failed page—If users do not enter a valid username and password on

the login page, the failed page is displayed. (See Figure 7-5.)

Figure 7-5. Default Failed Page

You can use the default Web pages as they are, or customize them for your

environment.

The default Web pages are stored on the Wireless Edge Services xl Module. If

you prefer, you can create your own Web pages and store them on your

company’s Web server. When you build these Web pages, you must include the

Common Gateway Interface (CGI) code that returns the necessary login

credentials and disconnect command to the Wireless Edge Services xl Module.

(This process is described in “Configuring Web-Auth Pages That Are Stored

on an External Web Server” on page 7-26.)

Allow List

When a user associates with a WLAN that is configured for Web-Auth, the

user’s station cannot, by default, access any device until the user authenticates

to the RADIUS server. At a minimum, however, the station must be able to

access the Wireless Edge Services xl Module. To enable this access, you must

add the module’s IP address to the Web-Auth Allow list.

If you are storing the Web-Auth login, welcome, and failed pages on an external

Web server, you must also include the IP address for this Web server in the

Allow List.

When you add a device’s IP address to the Allow list, that device is available

to any user. If the device itself does not have security protections in place, any

user can access it at any time.

You can add a maximum of 10 IP addresses to the Allow list.