3com WXR100 3CRWXR10095A User Manual
476
C
HAPTER
21: C
ONFIGURING
AAA
FOR
N
ETWORK
U
SERS
When user piltdown is successfully authenticated and authorized, MSS
redirects the user to the following URL:
redirects the user to the following URL:
http://myserver.com/piltdown.html
The following example configures a redirect URL that contains a script
argument using the literal character ?:
argument using the literal character ?:
WX1200# set usergroup ancestors attr url https://saqqara.org/login.php$quser=$u
success: change accepted.
success: change accepted.
When user djoser is successfully authenticated and authorized, MSS
redirects the user to the following URL:
redirects the user to the following URL:
https://saqqara.org/login.php?user=djoser
To verify configuration of a redirect URL and other user attributes, type
the display aaa command.
the display aaa command.
Using an ACL Other
Than portalacl
By default, when you set the fallthru authentication type on a service
profile or wired authentication port to web-portal, MSS creates an ACL
called portalacl. MSS uses the portalacl ACL to filter Web-Portal user
traffic while users are being authenticated.
profile or wired authentication port to web-portal, MSS creates an ACL
called portalacl. MSS uses the portalacl ACL to filter Web-Portal user
traffic while users are being authenticated.
To use another ACL:
1 Create a new ACL and add the first rule contained in portalacl:
set security acl ip portalacl permit udp 0.0.0.0
255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
set security acl ip portalacl deny 0.0.0.0 255.255.255.255
capture
255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
set security acl ip portalacl deny 0.0.0.0 255.255.255.255
capture
2 Add the additional rules required for your application. For example, if you
want to redirect users to a credit card server, add the ACEs to do so.
3 Add the last rule contained in portalacl:
set security acl ip portalacl deny 0.0.0.0 255.255.255.255
capture
capture
4 Verify the new ACL configuration, before committing it to the
configuration, using the following command:
display security acl info [acl-name | all] [editbuffer]