Open as PDF
460 CHAPTER 21: CONFIGURING AAA FOR NETWORK USERS
WebAAA simplifies secure access to unencrypted SSIDs. When a user
requests access to an SSID or attempts to access a web page before
logging onto the network, MSS serves a login page to the user’s browser.
After the user enters a username and password, MSS checks the local
database or RADIUS servers for the user information, and grants or denies
access based on whether the user information is found.
MSS redirects an authenticated user back to the requested web page, or
to a page specified by the administrator.
WebAAA, like other types of authentication, is based on an SSID or on a
wired authentication port.
You can use WebAAA on both encrypted and unencrypted SSIDs. If you
use WebAAA on an encrypted SSID, you can use static WEP or WPA with
PSK as the encryption type.
MSS provides a 3Com login page, which is used by default. You can add
custom login pages to the WX switch’s nonvolatile storage, and
configure MSS to serve those pages instead.
Web Portal WebAAA replaces the WebAAA implementation in MSS
Version 3.x. The previous implementation is deprecated beginning in MSS
Version 4.0. During upgrade from MSS Version 3.x, your 3.x WebAAA
configuration is automatically converted to a Web Portal WebAAA
How WebAAA Portal
1 A WebAAA user attempts to access the network. For a wireless user, this
begins when the user’s network interface card (NIC) associates with an
SSID on a 3Com radio. For a wired authentication user, this begins when
the user’s NIC sends data on the wired authentication port.
MSS starts a portal session for the user, and places the user in a VLAN.
If the user is wireless (associated with an SSID), MSS assigns the
the VLAN set by the vlan-name attribute for the SSID’s service
If the user is on a wired authentication port, the VLAN is the one
to the web-portal-wired user.