3Com WX2200 3CRWX220095A Switch User Manual

Configuring Last-Resort Access 479
The URL should be of the form https://host/logout.html. By default, the
logout URL uses the IP address of the WX switch as the host part of
the URL. Th
e host can be either an IP address or a hostname.
Specifying the logout URL is useful if you want to standardize it across
your network. For example, you can configure the logout URL on all of
the WX switches in the Mobility Domain as
wifizone.3com.com/logout.html, where wifizone.3com.com resolves to
one of the WX switches in the Mobility Domain, ideally the seed.
To log out of the network, the user can click the “End Session” button in
the pop-under window, or request the logout URL directly.
Standardizing the logout URL serves as a backup means for the user to
log out in case the pop-under window is closed inadvertently. Note that if
a user requests the logout URL, he or she must enter a username and
password in order to identify the session on the WX. (This is not necessary
when the user clicks the “End Session” button in the pop-under
window.) Both the username and password are required to identify the
session. If there is more than one session with the same username, then
requesting the logout URL does not end any session.
Also note that an adminstrative certificate must be configured on the WX
switches in order for the Web Portal WebAAA logout process to work.
Last-Resort Access
Users who are not authenticated and authorized by 802.1X methods or a
MAC address can gain limited access to the network as guest users. You
can configure an SSID to allow anonymous guest access, by setting its
fallthru authentication type to last-resort. The authorization attributes
assigned to last-resort users come from the default authorization
attributes set on the SSID.
To configure an SSID to allow last-resort access:
Set the SSID name, if not already set.
Set the fallthru access type of the SSID’s service profile to last-resort.
Set the vlan-name and other authorization attributes on the SSID’s
service profile.
If the SSID type will be crypto (the default), configure encryption