3Com WX2200 3CRWX220095A Switch User Manual


 
476 CHAPTER 21: CONFIGURING AAA FOR NETWORK USERS
When user piltdown is successfully authenticated and authorized, MSS
redirects the user to the following URL:
http://myserver.com/piltdown.html
The following example configures a redirect URL that contains a script
argument using the literal character ?:
WX1200# set usergroup ancestors attr url https://saqqara.org/login.php$quser=$u
success: change accepted.
When user djoser is successfully authenticated and authorized, MSS
redirects the user to the following URL:
https://saqqara.org/login.php?user=djoser
To verify configuration of a redirect URL and other user attributes, type
the display aaa command.
Using an ACL Other
Than portalacl
By default, when you set the fallthru authentication type on a service
profile or wired authentication port to web-portal, MSS creates an ACL
called portalacl. MSS uses the portalacl ACL to filter Web-Portal user
traffic while users are being authenticated.
To use another ACL:
1 Create a new ACL and add the first rule contained in portalacl:
set security acl ip portalacl permit udp 0.0.0.0
255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
set security acl ip portalacl deny 0.0.0.0 255.255.255.255
capture
2 Add the additional rules required for your application. For example, if you
want to redirect users to a credit card server, add the ACEs to do so.
3 Add the last rule contained in portalacl:
set security acl ip portalacl deny 0.0.0.0 255.255.255.255
capture
4 Verify the new ACL configuration, before committing it to the
configuration, using the following command:
display security acl info [acl-name | all] [editbuffer]