...
Whitelists are designed to allow a user to access certain resources before authorisation if necessary. The list of these resources can be specified via URL, RegExp or IP subnet. Whitelists is not are not mandatory. The portal address is added to the whitelist automatically, so there is no need to specify it.
Create a whitelist of URLs, it can contain URLs and/or RegExp. Access to the specified addresses will be allowed before authorisation.
Блок кода object-group url white_url url eltex-co.ru regexp '(.+\.)eltex-co\.com' exit
Create a whitelist of IP addresses, access to the specified addresses will be allowed before authorisation. You can It is possible to add to the whitelist the addresses of subnets that are required for authorisation.
Блок кода object-group network white_ip ip prefix 192.168.0.0/24 exit
Create portal-profile.
Parameters description:
redirect-url – portal address;
age-timeout – the time interval during which the access point "remembers" the client and does not perform MAB authorisation;
verification-mode – portal operation mode;
white-list domain – URL whitelist;
white-list address – IP addresses whitelist.Блок кода wlc portal-profile portal-pr redirect-url https://eltex-co.ru age-timeout 10 verification-mode external-portal white-list domain white_url white-list address white_ip exit exit
Информация With verification-mode external-portal, parameters are automatically added to the specified URL in redirect-url so that the resulting URL has the form:
Блок кода https://eltex-co.ru/?switch_url=<SWITCH_URL>&ap_mac=<AP_MAC>&client_mac=<CLIENT_MAC>&wlan=<SSID>&redirect=<ORIGINAL_URL>
If the names of the parameters switch_url, ap_mac, client_mac, wlan, redirect need to be changed, it is possible to specify the line yourself through the parameter redirect-url-custom, for example:
Блок кода redirect-url-custom https://eltex-co.ru/?action_url=<SWITCH_URL>&ap_addr=<AP_MAC>&client_addr=<CLIENT_MAC>&ssid_name=<SSID>&red_url=<ORIGINAL_URL>&nas=<NAS_ID>
In the example <NAS_ID> was added to the line and the following parameter names were changed:
- switch_url → action_url
- ap_mac → ap_addr
- client_mac → client_addr
- wlan → ssid_name
- redirect → red_url
The redirect line may contain placeholders:
- <NAS_ID>
- <SWITCH_URL>
- <AP_MAC>
- <CLIENT_MAC>
- <SSID>
- <ORIGINAL_URL>
Create radius-profile.
Блок кода wlc radius-profile portal_radius auth-address 192.168.4.5 auth-password ascii-text encrypted 92BB3C7EB50C5AFE80 auth-acct-id-send acct-enable acct-address 192.168.4.5 acct-password ascii-text encrypted 92BB3C7EB50C5AFE80 acct-periodic acct-interval 300 exit exit
Scroll Pagebreak Create ssid-profile.
Блок кода wlc ssid-profile portal_test ssid portal_test radius-profile portal_radius portal-enable portal-profile portal-pr vlan-id 3 band 5g enable exit exit
Add ssid-profile to ap-location.
Блок кода wlc ap-location default-location description default-location mode tunnel ap-profile default-ap ssid-profile portal_test exit exit
...
Drawio | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Scroll Pagebreak |
---|