Dell POWERCONNECT 6200 SERIES Configuration Manual

Also see for POWERCONNECT 6200 SERIES: Getting started guide Getting started guide

Contents

Device Security 127All new captive portal instances are also assigned to the "Default" group. The administrator can createnew groups and modify the user/group association to only allow a subset of users access to a specificcaptive portal instance. Network access is granted upon successful verification of user credentials.A remote RADIUS server can be used for client authentication. RADIUS authentication and accountingservers are configured separately from the captive portal configuration. In order to performauthentication/accounting via RADIUS, the administrator configures one or more RADIUS servers andthen references the server(s) using their name in the captive portal configuration (each captive portalinstance can be assigned one RADIUS authentication server and one RADIUS accounting server). IfRADIUS is enabled for a captive portal configuration and no RADIUS servers are assigned, the captiveportal activation status indicates the instance is disabled with an appropriate reason code.The Table 5-1 shows the RADIUS attributes that are used to configure captive portal users. The tableindicates both RADIUS attributes and vendor specific attributes (VSA) that are used to configureCaptive Portal. VSAs are denoted in the id column and are comma delimited (vendor id, attribute id).Table 5-1. Captive Portal RADIUS AttributesA Captive Portal instance can be configured to use the HTTPS protocol during its user verificationprocess. The connection method for HTTPS uses the Secure Sockets Layer (SSL) protocol whichrequires a certificate to provide encryption. The certificate is presented to the user at connection time.The Captive Portal component uses the same certificate that is used by the switch for Secure HTTPconnections. This certificate can be generated by the administrator using a CLI command. If a captiveportal instance is configured for the HTTPS protocol and there is not a valid certificate present on thesystem, the captive portal instance status shows Disabled with an appropriate reason code.Client Authentication Logout RequestThe administrator can configure and enable 'user logout'. This feature allows the authenticated client todeauthenticate from the network.Radius Attribute # Description Range Usage DefaultUser-Name 1 User name to be authorized 1-32 characters Required NoneUser-Password 2 User password 8-64 characters Required NoneSession-Timeout 27 Logout once session timeout isreached (seconds). If the attribute is 0or not present then use the valueconfigured for the captive portal.Integer(seconds)Optional 0Captive-Portal-Groups6231,127A comma-delimited list of groupnames that correspond to theconfigured CP instanceconfigurations.String Optional None; thedefault groupis used if notdefined here.