Aruba Networks, Inc.
Amigopod Configuration
|
34
Amigopod and ArubaOS Integration
Application Note
Alternatively, the switchip variable that is sent as part of the redirect URL can be parsed automatically
and used as the IP address for the web login credential submission. This option should be selected in
multicontroller environments so that the web login page dynamically is aware of which controller the
guest user is currently connected to and therefore which controller must be part of the authentication
transaction.
Here is a sample redirect URL that includes the switchip variable:
https://10.169.130.50/Aruba_login.php?cmd=login&
switchip=10.169.130.6
&mac=00:21:00:95:61:2
9&ip=10.0.20.58&essid=guestnet&url=http%3A%2F%2Fwww%2Egoogle%2Ecom%2F
To make use of the switchip variable, enable
Dynamic Address
as shown in
Figure 25
. Additional
security mechanisms have been implemented in the form of white and black lists that allow the
administrator to define valid IP addresses of the controller deployment in their environment. This
additional security measure prevents modification of the redirect URL by individuals that might attempt
to extract user credentials by spoofing the form submission to a device in their control. If the Amigopod
receives a switchip value that does not match the white list, the Amigopod responds to the default
address.
The example in
Figure 25
shows that the master and local controllers defined in the campus VRD are
permitted in the white list of valid controller IP addresses.
The web login page now is configured and is ready to be tested against the previous Aruba controller
configurations.
Optional Customization of the Web Login Page
Several Login Form options allow you to override the default login form and labels used to reference
user and password fields. These fields are shown in
Figure 26
, but typically they do not need to be
changed.
Figure 26 Login Form options
The Pre-Auth Check is required only for advanced configurations where you might need to ensure that
the username and password pair is valid before the RADIUS transaction is initiated from the Aruba
controller. The web login and RADIUS database are hosted on the same appliance, so a query can be
performed locally before a RADIUS transaction is initiated.