Filter
Top Products
Configuring AAA for network users 513
Nortel WLAN—Security Switch 2300 Series Configuration Guide
Configuring the Web Portal Web-based AAA Logout Function
Configure the Web Portal web-based AAA to allow a user to manually terminate the session. When this
feature is enabled, the Web Portal web-based AAA user is successfully authenticated and redirected to the
requested page, a window appears behind the user browser. The window has a button labeled “Logout”. When
you click Logout, a URL appears and terminates the user session on the Mobility Domain.
The user logout request is sent to one of the WSS in the Mobility Domain. It does not have to be the WSS that
the user was authenticated on, or the WSS where the user session currently resides. The WSS receiving the
logout request determines which WSS has the user session. If it is a local session, then the session is termi-
nated. If another WSS in the Mobility Domain has the session, then the request is redirected to that WSS.
Web Portal users are not required to wait for the session to timeout before logging out of the web-based AAA
session, but manually log out of the network.
To enable the Web Portal logout functionality, use the following command:
set service-profile profile-name web-portal-logout mode {enable | disable}
To specify a Web Portal logout URL, use the following command:
set service-profile profile-name web-portal-logout logout-url url
The URL should have the format https://host/logout.html. By default, the logout URL uses the IP address of
the WSS as the host part of the URL. The host can be either an IP address or a hostname.
Specifying the logout URL can be useful if you want to standardize across your network. For example, you
can configure the logout URL on all of the WSS in the Mobility Domain as wifizone.trpz.com/logout.html,
where wifizone.trpz.com resolves to one of the WSS, ideally the seed, in the Mobility Domain, .
To log out of the network, the user can click “Logout” in the window, or request the logout URL directly.
Standardizing the logout URL provides a backup method for the user to log out, if the window is closed
inadvertently.
Also, an adminstrative certificate must be configured on the WSS in order for the Web Portal web-based AAA
logout process to work.
Configuring last-resort access
Users who are not authenticated and authorized by 802.1X methods or a MAC address can gain limited access
to the network as guest users. You can configure an SSID to allow anonymous guest access, by setting its
fallthru authentication type to last-resort. The authorization attributes assigned to last-resort users come from
the default authorization attributes set on the SSID.
Note. If you requests the logout URL, you must enter a username and password in order to
identify the session on the WSS. (This is not necessary when you click “Logout” in the pop-under
window.) Both the username and password are required to identify the session. If there is more than
one session with the same username, then requesting the logout URL does not end any session.