Table of Contents
Advertisement
routes all tagged traffic to the protected-side VLAN and is useful if you want to limit the
access of VLAN members to certain network assets defined for the role.
To use the VLAN tagging functionality, you must first set up a protected-side VLAN. See
"Creating a VLAN on the Protected Side (Optional)" on page 4-5 for more information.
Alternatively, as with network services, destinations, schedules, locations, and groups,
you can select the Create... option in the drop-down list to define a new VLAN.
BlueProtect
Optional. If you have purchased the BlueProtect Scanning functionality for the BSC, then
Endpoint
you should configure at what frequency user devices are scanned for users who are
Scanning
authenticated into the role.
Enable BlueProtect scanning for the role by specifying the frequency at which a user
authenticated into the role will have his or her device scanned by selecting an option from
the BlueProtect Scanning drop-down menu. Possible scan frequency settings are:
•
•
•
•
•
•
Note: In the unregistered role, the only valid options are Every time and Disabled.
This means that the user will be scanned every time they authenticate to an AP, before
they enter their login or credit card information.
Note: If BlueProtect is disabled, the only option available in the drop-down is
Disabled.
Choose a BlueProtect Policy to scan a user against. This allows an administrator to have a
different policy for students than for teachers.
Proxy Redirect
(Optional) If you want to redirect web traffic to your existing web proxy server without
forcing users to enter proxy information in their web browser setup, you can do this by
entering data in the Proxy Server and Http ports fields. You must configure your proxy
server to support Transparent Proxy. Not all proxy servers support this capability, so
please consult your proxy server documentation on transparent proxy setup.
Proxy Server: Enter the IP address and port of the HTTP proxy server to which to redirect
traffic. For example, 191.168.10.2:8080, would be a valid entry.
Http ports: Enter a comma separated list of http ports from which the BSC is to redirect
traffic via the specified proxy server. Typically, port 80 is used; note that HTTPS (port
443) is an encrypted protocol and
Perform transparent proxy request translation: Check this checkbox to enable the internal
transparent proxy to intercept normal web traffic (port 80) and convert it to a proxy
packet destined for the customer's existing proxy server (Microsoft ISA for example). This
feature allows administrators to force wireless traffic through their proxy servers without
making configuration changes to each user's web browser or changing their existing
proxy server.
Post login
URL Redirect (Optional): To redirect any wireless user assigned to this role to a specific
URL after login, enter the URL.
Note that there are two other places in the UI in which redirection can be specified. The
user is redirected to one of the following URLs in the order of precedence listed:
BlueSecure™ Controller Setup and Administration Guide
Disabled
Once a day
Once a week
Once a month
Every 45 days
Every 90 days
cannot
be transparently proxied.
Defining a Role
8-9
Advertisement
Table of Contents
