Open as PDF
Configuring Web Portal WebAAA 461
3 The user opens a Web browser. The Web browser sends a DNS request
for the IP address of the home page or a URL requested by the user.
4 MSS does the following:
Intercepts the DNS request, uses the MSS DNS proxy to obtain the URL
IP address from the network DNS server, and sends the address to the
Serves a login page to the WebAAA user. (Also see “Display of the
Login Page” on page 461.)
5 The user enters their username and password in the WebAAA login page.
6 MSS authenticates the user by checking RADIUS or the switch’s local
database for the username and password entered by the user. If the user
information is present, MSS authorizes the user based on the
authorization attributes set for the user.
MSS ignores the VLAN-Name or Tunnel-Private-Group-ID attribute
associated with the user, and leaves the user in the VLAN associated with
the SSID’s service profile (if wireless) or with the web-portal-wired user (if
the user is on a wired authentication port).
7 After authentication and authorization are complete, MSS changes the
user’s session from a portal session with the name web-portal-ssid or
web-portal-wired to a WebAAA session with the user’s name. The
session remains connected, but is now an identity-based session for the
user instead of a portal session.
8 MSS redirects the browser to the URL initially requested by the user or, if
the URL VSA is configured for the user, redirects the user to the URL
specified by the VSA.
9 The web page for the URL to which the user is redirected appears in the
user’s browser window.
Display of the Login Page
When a WebAAA client first tries to access a web page, the client’s
browser sends a DNS request to obtain the IP address mapped to the
domain name requested by the client’s browser. The WX proxies this DNS
request to the network’s DNS server, then proxies the reply back to the
client. If the DNS server has a record for the requested URL, the request is
successful and the WX serves a web login page to the client. However, if
the DNS request is unsuccessful, the WX displays a message informing
the user of this and does not serve the login page.