Using an acl other than portalacl, Using an acl other than – 3Com WX4400 3CRWX440095A User Manual

476

C

HAPTER

21: C

ONFIGURING

AAA

FOR

N

ETWORK

U

SERS

When user piltdown is successfully authenticated and authorized, MSS
redirects the user to the following URL:

http://myserver.com/piltdown.html

The following example configures a redirect URL that contains a script
argument using the literal character ?:

WX1200# set usergroup ancestors attr url https://saqqara.org/login.php$quser=$u
success: change accepted.

When user djoser is successfully authenticated and authorized, MSS
redirects the user to the following URL:

https://saqqara.org/login.php?user=djoser

To verify configuration of a redirect URL and other user attributes, type
the display aaa command.

Using an ACL Other

Than portalacl

By default, when you set the fallthru authentication type on a service
profile or wired authentication port to web-portal, MSS creates an ACL
called portalacl. MSS uses the portalacl ACL to filter Web-Portal user
traffic while users are being authenticated.

To use another ACL:

1 Create a new ACL and add the first rule contained in portalacl:

set security acl ip portalacl permit udp 0.0.0.0
255.255.255.255 eq 68 0.0.0.0 255.255.255.255 eq 67
set security acl ip portalacl deny 0.0.0.0 255.255.255.255
capture

2 Add the additional rules required for your application. For example, if you

want to redirect users to a credit card server, add the ACEs to do so.

3 Add the last rule contained in portalacl:

set security acl ip portalacl deny 0.0.0.0 255.255.255.255
capture

4 Verify the new ACL configuration, before committing it to the

configuration, using the following command:

display security acl info [acl-name | all] [editbuffer]