Table of Contents
Advertisement
Data encryption: AES
Enable IEEE 802.1X authentication for this network: (select)
EAP type: Protected EAP (PEAP)
Authenticate as computer when computer information is available: (clear)
Authenticate as guest when user or computer information is unavailable: (clear)
Validate server certificate: (clear)
Select Authentication Method: Secured password (EAP-MSCHAP v2)
Automatically use my WIndows logon name and password (and domain if any): (clear)
2. View the available SSIDs in the area and select corp-wifi.
3. Click "Connect."
4. When the prompt appears for you to select a certificate or enter other credentials to validate your identity, click the prompt,
enter the user name and password stored on the RADIUS server, and then click "OK."
If the supplicant is on a Macintosh computer and is not on a domain, view the available SSIDs in the area, and select corp-wifi.
Then click Join Network, and accept the certificate that the RADIUS server provides, assuming it is from a trustworthy source.
After the RADIUS server validates your identity, the client connects to the WLAN.
9.3 Example 3: Providing Guest Access through a Captive Web Portal
A captive Web portal is a way to control network access by requiring users to authenticate their identity or complete a registration
form before assigning them network and user profile settings that allow them network access beyond the SmartPath AP with
which they associated. A captive web portal provides registered users with network access while containing unregistered users.
Because the Black Box captive web portal feature is very flexible, you will have a number of choices to make when configuring it.
Several of these are examined first—"Registration Types," "Providing Network Settings", and "Modifying Captive Web Portal
Pages"—and then a complete configuration example is presented.
9.3.1 Registration Types
There are five types of registration (four are shown in Figure 9-7) that a captive Web portal can require of users:
Self-Registration: With this option, users must complete a registration form and accept a network use policy before being allowed
to pass through the captive Web portal. This is a good choice when you cannot know in advance who will be attempting to make
a network connection through the captive Web portal and simply want to keep a record of the users, or if user authentication is
unimportant.
User Authentication: With this option, users must enter and submit a valid user name and password to log in. The SmartPath AP
acts as a RADIUS authenticator or RADIUS client and forwards the submitted login credentials to a RADIUS server for
authentication. The RADIUS authentication server can either be an internal server on a SmartPath AP or an external RADIUS
server on the network. This is a good choice when you can set up a RADIUS authentication server with user accounts before the
users attempt to access the network.
Both (Auth/Self-reg): This is a combination of the previous two registration types. Users can authenticate themselves by
submitting a user name and password or complete and submit a registration form.
Private PSK Server: This option automatically assigns users with a private PSK after they either self-register or authenticate
themselves.
Use Policy Acceptance: With this option, the user is presented with a network use policy, and only has to click Accept to gain
network access.
External Authentication: SmartPath APs redirect unregistered users' HTTP and HTTPS traffic to a captive Web portal on an
external server, such as the amigopod Visitor Management Appliance.
Chapter 9: Common Configuration Examples
724-746-5500 | blackbox.com
Page 119
Advertisement
Chapters
Table of Contents
