Filter
Top Products
594 Configuring SODA endpoint security for a WSS
NN47250-500 (320657-F Version 02.01)
How SODA functionality works on WSSs
This section describes how the SODA functionality is configured to work with a WSS, and the procedure that takes
place when a user attempts to connect to an SSID where the SODA functionality is enabled.
Note that in the current release, the SODA functionality works only in conjunction with the Web Portal Web-based AAA
feature.
SODA functionality on a WSS is configured as follows:
1 Using SODA Manager, a network administrator creates a SODA agent based on the security needs of the
network.
2 The network administrator exports the SODA agent files from SODA Manager, and saves them as a .zip
file.
3 The SODA agent .zip file is uploaded to the WSS using TFTP.
4 The SODA agent files are installed on the WSS using a CLI command that extracts the files from the .zip
file and places them into a specified directory.
5 SODA functionality is enabled for an SSID that also has Web Portal Web-based AAA configured.
Once configured, SODA functionality works as follows:
1 A user connects to an AP managed by a service profile where SODA functionality is enabled.
2 Since the Web Portal Web-based AAA feature is enabled for the SSID, a portal session is started for the
user, and the user is placed in the VLAN associated with the web-portal-ssid or web-portal-wired user.
3 The user opens a browser window and is redirected to a login page, where he or she enters a username
and password.
4 The user is redirected to a page called index.html, which exists in the SODA agent directory on the WSS.
5 The redirection to the index.html page causes the SODA agent files to be downloaded to the user’s
computer.
6 Once the SODA agent files have been downloaded, one of the following can take place:
a If the WSS is configured to enforce the SODA agent security checks (the default), then the SODA
agent checks are run on the user’s computer. If the user’s computer passes the checks, then a
customizable success page is loaded in the browser window. The user is then moved from the portal
VLAN to his or her configured VLAN and granted access to the network.
b If the WSS is configured not to enforce the SODA agent security checks, then the user is moved
from the portal VLAN to his or her configured VLAN and granted access to the network, without
waiting for the SODA agent checks to be completed.
c If the user’s computer fails one of the SODA agent checks, then a customizable failure page is
loaded in the browser window. The user is then disconnected from the network, or can optionally be
granted limited network access, based on a specified security ACL.
7 At the completion of his or her session, the user can close the SODA Virtual Desktop or point to an
advertised logout URL. Either of these actions cause a customizable logout page to be loaded in the
browser window. Accessing the logout page causes the user to be disconnected from the network.
Configuring SODA functionality
Configuring SODA functionality on a WSS consists of the following tasks: