Understanding Web Portals
WebAAA provides a simple and universal way to authenticate any user or device by using a Web browser. A common application of WebAAA is to control access for guests on your network. When a user requests access to an SSID or attempts to access a Web page before logging onto the network, MSS displays a login page in the user’s browser.
Aggregated Web portal information is typically presented on a grid layout customized for a particular audience.
This topic describes:
Why Use a Web Portal on Your Wireless Network?
Employees have login names and passwords for daily access, but sometimes temporary access is needed for visitors, meeting rooms, or event access. A Captive Portal enables temporary users to enter your network after they complete some steps on your Web page.
How Does MSS Support Web Portals?
WebAAA provides a simple and universal way to authenticate any user or device by using a Web browser. A common application of WebAAA is to control access for guests on your network. When a user requests access to an SSID or attempts to access a Web page before logging onto the network, MSS displays a login page to the user’s browser. After the user enters a username and password, MSS validates the user information about the local database or RADIUS servers and grants or denies access based on whether the user information is found. MSS redirects an authenticated user back to the requested Web page, or to a page specified by the administrator. WebAAA, like other types of authentication, is based on an SSID or on a wired authentication port. You can use WebAAA on both encrypted and unencrypted SSIDs. If you use WebAAA on an encrypted SSID, you can use static WEP or WPA with PSK as the encryption type. MSS provides a default login page but you can alternately add custom login pages and configure MSS to display these pages instead.
How Does Web Portal WebAAA Work?
For a wireless users, the connection process begins when the network interface card (NIC) associates with an SSID. MSS starts a portal session for the user and assigns the user to the VLAN set associated with the SSID’s Service Profile. A Web browser is opened and sends a DNS request for the IP address of the home page or a URL requested by the user.
After the user enters a username and password, MSS validates the user information about the local database or RADIUS servers and grants or denies access based on whether the user information is found. MSS redirects an authenticated user back to the requested Web page, or to a page specified by the administrator.
MSS does the following:
First, MSS intercepts the DNS request, and uses MSS DNS proxy to obtain the URL IP address from the network DNS server.
Then MSS sends the IP address to the user’s browser.
MSS then serves a login page to the WebAAA user.
The user enters a username and password in the WebAAA login page.
MSS authenticates the user by checking RADIUS or the MX local database for the username and password. If the user information is present, MSS authorizes the user based on the authorization attributes set for the user.
MSS ignores the VLAN-Name or Tunnel-Private-Group-ID attribute associated with the user, and leaves the user in the VLAN associated with the SSID Service profile (if wireless) or with the web-portal-wired user (if the user is on a wired authentication port).
After authentication and authorization are complete, MSS changes the user session from a portal session with the name web-portal-ssid or web-portal-wired to a WebAAA session with the user name. The session remains connected, but now the session is identity-based instead of a portal session.
MSS redirects the browser to the URL initially requested by the user or, if the URL VSA is configured for the user, redirects the user to the URL specified by the VSA. The Web page for the URL that the user is redirected appears in the browser window.
How Are Web Portals Created in Network Manager?
See Creating and Managing Device Common Settings .