User's Manual Part 2
61JadeOSUserManual
9.7WEBPortalAuthentication
Webauthentication isanauthentication scheme basedon browser.User that failed
authentication wi ll redirect to a login page, and require to input user name and
password; user can access the network only after successfully authentication. WEB
redirectsupportsDNATredirectandHTTP302redirect.
9.7.1WebAuthenticationProcess
WebauthenticationisbasedonHTTPprotocol;authenticationwillnotpopupforci‐
blyunlessusersendHTTPrequest.
TheauthenticationprocessofWEBauthenticationisasfollows:
• AuserthatunauthenticatedbegintobrowsernetworkpageandsendHTTPre‐
quest
• HTTPrequestisredirecttoanexternalportalserver
• Portserversendanauthenticationpageforsecurelogin
• Userinputusernameandpassword;browserwilltransferittothewebportal
(authenticationmoduleinJadeOS),andthenwebportalsendauthentication
requesttotheradiusserver
• JadeOSwilldecidewhetherauthenticatesuccessfullythroughuserdatabasein
radiusserver;ifsuccessfullyauthenticate,radiusserverwillinformJadeOS,at
thesametime,JadeOSinformportalserver
• Portalserverpopsupwelc omepage;theuserauthenticationisover
9.7.2DNATRedirect
TheredirectoperationofJadeOSisbasedonDNATbydefault.
Beforeauthentication,sessionACLwillredirectHTTPrequesttoportalserver.
Theconfigurationcommandisasfollows:
(JadeOS) (config) #ip access-list session pre-auth-acl
(JadeOS) (config-sess-pre-auth-acl)#any any tcp 0 65535 dst-nat ip
10.0.0.2 443
(JadeOS) (config-sess-pre-auth-acl)#any any ucp 0 65535 dst-nat ip
10.0.0.2 443
9.7.3HTTP302Redirect
ToconfigureHTTP302redirect,usethefollowingsteps:
Step1ConfigureURLlistinconfigmode:
(JadeOS) (config)# aaa http-redirection-url 1 ip 10.0.0.1 url
http://10.0.0.1/wlan/index.php
Step2SpecifyURLID