Table of Contents
Advertisement
Chapter 5: Authentication Using Internal Database
Local BSC User Authentication
You can create local users and assign each to a previously defined role. User credentials
are authenticated against the BSC's internal user database. You can assign many users to
the same role, but you can assign only one role to a specific user.
You can configure the BSC to support enterprise guest access by defining local user
accounts and assigning them to the BSC's default guest role. Configuring guest access in
this way enables you to set the following limitations on guests who access your enterprise
network:
•
when the guest user account is activated and expired
•
the network bandwidth the guest can use
•
the network services the guest can access (only DNS and HTTP/S by default)
Note: If you have many local users to configure, you can speed up the process by
configuring a few users using the procedure described below, exporting the local user
configuration to a .CSV or XML file, appending new data to the file, and then re-
importing the file. See "Exporting and Importing BSC Bulk Data Files" on page 16-10 for
details.
In general, the local user authentication will proceed as follows:
The wireless device associates with an access point on the managed network and
1.
obtains an IP address from the BlueSecure Controller.
The BlueSecure Controller adds the device MAC address and IP address to its active
2.
connections table and assigns the device to the unregistered role. The unregistered
role allows DNS traffic from the managed network to transit the BSC firewall and
reach the protected network.
The user launches a web browser on the wireless device. The wireless device web
3.
browser uses DNS to resolve the hostname portion of the home page to an IP
address. The wireless device web browser uses HTTP to access a web page.
4.
The BlueSecure Controller intercepts the HTTP traffic and redirects the wireless device
web browser to the BlueSecure Controller user login page. The user of the wireless
device is prompted to login as a registered user with a username and password.
The BlueSecure Controller authenticates the user of the wireless device against its
5.
local user database using the user-supplied credentials.
The BSC places the wireless device into a role once the user is successfully
6.
authenticated. The wireless device web browser is then able to access and display
the contents of the requested web page.
The BlueSecure Controller can use internal log files or RADIUS to provide accounting
7.
of the wireless device's activities.
Creating/Editing/Deleting a Local User Account
To create local BSC users and assign them roles:
1.
Click the User authentication tab in the BSC administrator console, then click the
Local Users tab.
To delete a user account from the wireless network you can either:
2.
•
•
To create a new account, select Local User from the Create drop-down list on the User
3.
Authentication page. The New local user page appears as shown in Figure 5-1.
5-2
Click the
icon for the account in the Local Users page.
Click the Delete button when the account is displayed in the Edit the local user
page.
Advertisement
Table of Contents
